Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Temp file keeps growing, eats up disk space

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Temp file keeps growing, eats up disk space

Unread postby JC213 » November 27th, 2012, 1:51 am

I have been having problems keeping free space on my C: partition for a while now. I try to keep nothing but Windows system files on it, but it keeps filling up from unknown sources. First I thought it was just cookies, temp files, etc. building up over time, until CCleaner would clear less and less space and I was down to 0 free space. A day ago, I used TreeSize to find what was eating up space and found worthless files (7gb worth) being constantly created under C:/Windows/ServiceProfiles/NetworkService/AppData/Local/Microsoft/Media Player/Art Cache. Did some simple googling, deleted the files and stopped Windows Media Player from creating new files, and it's no longer a problem.

But now I think it may be malware afterall. There is a file under c:/Windows/Temp which continually keeps getting larger, despite no input by me. I am sitting here and watching it grow by about 7-8 kb per second. So far it is 1.6gb in size. The file in questions is a Chrome HTML Document named HFIBEA9.tmp.html. It I try to delete it it comes up with a File in Use error window which says, "The action can't be completed because the file is open in Setup.exe" but there is no setup.exe I can find to close under the task manager processes.

EDIT 1: I found setup.exe by checking "Show processes from all uses in Windows task manager. End Process and was able to delete the growing file.

EDIT 2: Now I notice this file is in windows/temp is growing: KB2737019_20121124_095046435-Microsoft .NET Framework 4 Client Profile-MSP0.txt 8gb and rising, will be out of free space soon. Attempting to delete it prompts: "The action can't be completed because the file is open in Windows Installer"




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Joel at 21:17:29 on 2012-11-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.4180 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Joel\Local Settings\Apps\F.lux\flux.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\msiexec.exe
g:\b24d5871c37bb31ea045d5\Setup.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe
E:\Games\Steam\Steam.exe
E:\Games\Steam\steamapps\common\Sid Meier's Civilization V\CivilizationV.exe
E:\Games\Steam\GameOverlayUI.exe
E:\Games\ts3client_win32.exe
E:\Games\plugins\ts3overlay\InstallHook.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
uRun: [PeerBlock] "G:\PeerBlock\peerblock.exe"
uRun: [Plex Media Server] "E:\Plex\Plex Media Server.exe"
uRun: [F.lux] "C:\Users\Joel\Local Settings\Apps\F.lux\flux.exe" /noshow
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{01631C34-8F93-4E64-8DCB-C7419C55CC38} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
R2 Realtek11nCU;Realtek11nCU;C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2012-6-20 36864]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 pbfilter;pbfilter;G:\PeerBlock\pbfilter.sys [2010-5-29 19544]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtwlanu.sys [2012-6-20 1045608]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-23 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-2 1255736]
S4 PuranDefrag;PuranDefrag;C:\Windows\System32\PuranDefragS.exe [2011-1-9 295424]
.
=============== Created Last 30 ================
.
2012-11-27 05:17:07 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9851963D-2002-4B7F-B0A6-EAB4202CAFE7}\offreg.dll
2012-11-27 05:13:39 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9851963D-2002-4B7F-B0A6-EAB4202CAFE7}\mpengine.dll
2012-11-27 04:55:01 -------- d-----w- C:\Users\Joel\AppData\Roaming\ts3overlay
2012-11-25 20:34:11 -------- d-----w- C:\Users\Joel\AppData\Roaming\JAM Software
2012-11-21 22:42:51 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-20 20:34:49 -------- d-----w- C:\Users\Joel\AppData\Local\Solid State Networks
2012-11-19 22:32:15 -------- d-----w- C:\Users\Joel\AppData\Local\Apple Computer
2012-11-19 19:57:34 -------- d-----w- C:\Windows\System32\RT 7 Lite
2012-11-17 11:03:23 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-17 11:03:23 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-17 11:03:23 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-17 11:03:23 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-17 11:01:10 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-17 11:01:10 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-17 11:01:10 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-17 11:01:09 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-17 11:01:09 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-17 11:01:09 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-17 11:01:09 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-17 07:03:55 -------- d-----w- C:\Users\Joel\AppData\Local\My Games
2012-11-16 11:19:28 -------- d-----w- C:\Users\Joel\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-31 05:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 05:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 21:17:44.95 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/30/2009 3:35:08 PM
System Uptime: 11/23/2012 11:47:24 AM (82 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | 790FX-GD70 (MS-7577)
Processor: AMD Phenom(tm) II X3 720 Processor | CPU1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 39 GiB total, 4.037 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 892 GiB total, 18.207 GiB free.
G: is FIXED (NTFS) - 932 GiB total, 119.095 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: VMware Bridge Protocol
Device ID: ROOT\LEGACY_VMNETBRIDGE\0000
Manufacturer:
Name: VMware Bridge Protocol
PNP Device ID: ROOT\LEGACY_VMNETBRIDGE\0000
Service: VMnetBridge
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: VMware Network Application Interface
Device ID: ROOT\LEGACY_VMNETUSERIF\0000
Manufacturer:
Name: VMware Network Application Interface
PNP Device ID: ROOT\LEGACY_VMNETUSERIF\0000
Service: VMnetuserif
.
Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: AGEAMCR7 IDE Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&0
Manufacturer: (Standard mass storage controllers)
Name: AGEAMCR7 IDE Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
Service: aq32vrw6
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Age of Empires® III: Complete Collection
Amnesia: The Dark Descent
Apple Software Update
ARMA 2
ARMA 2: Operation Arrowhead
CCleaner
CDBurnerXP
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Combined Community Codec Pack 2009-09-09
Counter-Strike: Global Offensive Beta
D3DX10
Defraggler
DivX Setup
F.lux
Facebook Plug-In
Foxit PDF Editor
Foxit Reader
Google Chrome
Google Update Helper
Half-Life 2
Hawken
HydraIRC
League of Legends
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
msxml4
Nettalk 6.7
OpenLibraries
PeerBlock 1.1 (r518)
Plex Media Server
Portal
Portal 2
PowerISO
REALTEK Wireless LAN Driver and Utility
RT 7 Lite (64-Bit)
RT 7 Lite x64
Sanctum
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Sid Meier's Civilization V
Sid Meier's Civilization V SDK
Steam
TeamSpeak 3 Client
The Elder Scrolls V: Skyrim
TreeSize Free V2.7
Ultima Online Second Age 5.0.8.3
UO Auto-Map 9.0.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client for Windows x64
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Center Add-in for Flash
WinRAR archiver
x64crt
x86crt
.
==== Event Viewer Messages From Past Week ========
.
11/26/2012 3:58:22 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/25/2012 2:14:28 AM, Error: Microsoft Antimalware [1005] - Microsoft Antimalware scan has encountered an error and terminated. Scan ID: {78D2E268-4534-4DA9-82D9-DD65A88AEFEB} Scan Type: Antimalware Scan Parameters: Quick Scan User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x8050800d Error description: Some history items could not be displayed. Please wait a few minutes and try again. If that doesn't work, clear the history and then try again.
11/25/2012 2:12:36 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.170.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0xc8000710 Error description: The account used is a computer account. Use your global user account or local user account to access this server.
11/25/2012 11:57:44 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.170.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0xc8000710 Error description: The account used is a computer account. Use your global user account or local user account to access this server.
11/25/2012 11:57:43 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.170.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0xc8000710 Error description: The account used is a computer account. Use your global user account or local user account to access this server.
11/25/2012 1:51:54 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242007: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2737019).
11/24/2012 9:50:48 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2729449).
11/24/2012 11:57:43 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.170.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80070070 Error description: There is not enough space on the disk.
11/24/2012 11:57:42 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.170.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80070070 Error description: There is not enough space on the disk.
11/23/2012 2:45:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242007: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2729449).
11/23/2012 2:45:09 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
11/23/2012 12:01:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2737019).
11/23/2012 11:47:48 AM, Error: Service Control Manager [7000] - The VMware Network Application Interface service failed to start due to the following error: The system cannot find the file specified.
11/23/2012 11:47:43 AM, Error: Service Control Manager [7000] - The VMware Bridge Protocol service failed to start due to the following error: The system cannot find the file specified.
11/23/2012 11:47:30 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
11/23/2012 11:47:30 AM, Error: atikmdag [43029] - Display is not active
11/22/2012 2:41:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.170.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80070070 Error description: There is not enough space on the disk.
11/21/2012 3:00:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2737019).
11/21/2012 3:00:21 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2729449).
11/20/2012 2:43:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.141.95.0).
11/20/2012 2:43:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2168.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070643 Error description: Fatal error during installation.
11/19/2012 2:43:11 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.141.11.0).
11/19/2012 2:43:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2168.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070643 Error description: Fatal error during installation.
11/19/2012 11:51:02 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.141.4.0).
11/19/2012 11:50:57 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2168.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070643 Error description: Fatal error during installation.
11/19/2012 11:44:25 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2729449).
11/19/2012 11:40:43 AM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the VMware USB Arbitration Service service which failed to start because of the following error: The system cannot find the file specified.
11/19/2012 11:40:43 AM, Error: Service Control Manager [7000] - The VMware USB Arbitration Service service failed to start due to the following error: The system cannot find the file specified.
11/19/2012 11:01:24 AM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/19/2012 11:00:18 AM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/19/2012 11:00:15 AM, Error: Service Control Manager [7034] - The VMware NAT Service service terminated unexpectedly. It has done this 3 time(s).
11/19/2012 11:00:09 AM, Error: Service Control Manager [7031] - The VMware NAT Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/19/2012 11:00:04 AM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/19/2012 10:59:59 AM, Error: Service Control Manager [7034] - The VMware DHCP Service service terminated unexpectedly. It has done this 1 time(s).
11/19/2012 10:59:55 AM, Error: Service Control Manager [7031] - The VMware NAT Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/19/2012 10:59:47 AM, Error: Service Control Manager [7034] - The VMware Authorization Service service terminated unexpectedly. It has done this 1 time(s).
11/19/2012 10:55:57 AM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=112) while initializing logging resources for channel Microsoft-Windows-MCT/Operational.
11/19/2012 10:38:17 AM, Error: Service Control Manager [7023] - The Credential Manager service terminated with the following error: There is not enough space on the disk.
11/19/2012 10:17:01 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2168.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
11/19/2012 10:17:01 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2168.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
11/19/2012 1:03:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2737019).
11/19/2012 1:03:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2729449).
.
==== End Of File ===========================
JC213
Active Member
 
Posts: 6
Joined: November 27th, 2012, 1:21 am
Advertisement
Register to Remove

Re: Temp file keeps growing, eats up disk space

Unread postby nunped » November 27th, 2012, 4:08 pm

Hello JC213, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems. I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Temp file keeps growing, eats up disk space

Unread postby nunped » November 27th, 2012, 7:00 pm

Hi JC213,

Warning!
You have P2P (Peer to Peer) File Sharing Programs installed on your computer.
uTorrent

As long as you have the P2P program installed, we won't offer you no further assistance. See Forum Policy

If you choose NOT to remove the program, indicate that in your next reply and this topic will be closed.

Else, uninstall the program and proceed to the next steps:

Step 1 - CKScanner
Please download CKScanner. Save it to your desktop.
This program should only be run once!
Make sure that CKScanner.exe is on the your desktop before running the application!

  1. Right-click on the CKScanner.exe icon and select "Run as Administrator".
  2. Click the Search For Files button.
  3. When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  4. Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  5. Please copy/paste the contents of ckfiles.txt in your next reply.

Step 2 - MGADiag
  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select: Run as Administrator.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Temp file keeps growing, eats up disk space

Unread postby JC213 » November 27th, 2012, 9:55 pm

Thank you for your replies!

Early this morning I was at 0 free space. I was able to stop windows installer and delete the 8.6gb .txt file, so I have room to work with. I hope this doesn't affect finding the malware.

I have uninstalled utorrent.




CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.XEAPPK
----- EOF -----




Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-2VMH4-VBQW2-MXD74
Windows Product Key Hash: nx+0iKQ8ItfQd8SVjq0nDeAwinI=
Windows Product ID: 00359-029-5709437-85765
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {C513737D-7AE0-46D8-B561-6B133238A5BD}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-6010_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C513737D-7AE0-46D8-B561-6B133238A5BD}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-MXD74</PKey><PID>00359-029-5709437-85765</PID><PIDType>5</PIDType><SID>S-1-5-21-3957214131-3400773334-1986242629</SID><SYSTEM><Manufacturer>MICRO-STAR INTERNATIONAL CO.,LTD</Manufacturer><Model>MS-7577</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V1.0</Version><SMBIOSVersion major="2" minor="5"/><Date>20090225000000.000000+000</Date></BIOS><HWID>47FB3907018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65135</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00170-029-570943-01-1033-7600.0000-3032009
Installation ID: 009050874545577155580471761893438260661753147991182593
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: MXD74
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 11/27/2012 5:46:40 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: OgAAAAEABgABAAEAAQACAAAAAgABAAEAln36ERiMVNDI/4w1EDNU8giFNviud43vmojIiuSLElUorA==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 7577MS A7577100
FACP 7577MS A7577100
HPET 7577MS OEMHPET
MCFG 7577MS OEMMCFG
OEMB 7577MS A7577100
SSDT A M I POWERNOW
JC213
Active Member
 
Posts: 6
Joined: November 27th, 2012, 1:21 am

Re: Temp file keeps growing, eats up disk space

Unread postby nunped » November 28th, 2012, 2:10 pm

Hi JC213,

Step 1
Online Multi Antivirus file scan
Please go to Virus Total and upload -only one file per scan- the following file(s) for scanning:
g:\b24d5871c37bb31ea045d5\Setup.exe

  1. Press the Browse button and navigate to -one- of the files in the list.
  2. Double click the located file name. The file name should now appear in the online scanner's text entry box.
  3. Click on Send File button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners. This may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When all scans have completed the results page is displayed
  6. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  7. Please repeat this procedure for each file listed above.
  8. Paste the Web address link(s) for the scan results in your next reply.

Step 2
OTL
Please download OTL by Old Timer. Save it to your Desktop.
If you can't download the exe file, try these links:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
  • Double click OTL.exe (or OTL.com or OTL.scr) to launch the programme.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Step 3
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Step 4
Please let me know how you obtained the license for Microsoft Office Enterprise 2007
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Temp file keeps growing, eats up disk space

Unread postby JC213 » November 28th, 2012, 6:37 pm

Step 1:

https://www.virustotal.com/file/74d1e21 ... 354140281/


Step 2:

OTL logfile created on: 11/28/2012 2:07:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.51 Gb Available Physical Memory | 68.87% Memory free
15.99 Gb Paging File | 13.46 Gb Available in Paging File | 84.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39.06 Gb Total Space | 8.42 Gb Free Space | 21.57% Space Free | Partition Type: NTFS
Drive E: | 892.44 Gb Total Space | 18.06 Gb Free Space | 2.02% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 119.09 Gb Free Space | 12.78% Space Free | Partition Type: NTFS

Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/28 14:07:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
PRC - [2012/08/03 16:36:31 | 001,353,080 | ---- | M] (Valve Corporation) -- E:\Games\Steam\Steam.exe
PRC - [2011/12/09 09:23:30 | 001,596,032 | ---- | M] (Nullsoft, Inc.) -- E:\Winamp\winamp.exe
PRC - [2010/04/16 15:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2009/08/28 22:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Joel\Local Settings\Apps\F.lux\flux.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/26 20:43:19 | 000,091,648 | -H-- | M] () -- C:\Users\Joel\AppData\Local\Temp\~BD74.tmp
MOD - [2012/11/26 20:43:19 | 000,091,648 | -H-- | M] () -- C:\Users\Joel\AppData\Local\Temp\~BD15.tmp
MOD - [2012/11/26 20:43:19 | 000,091,648 | -H-- | M] () -- C:\Users\Joel\AppData\Local\Temp\~BC88.tmp
MOD - [2012/11/12 20:03:52 | 020,317,008 | ---- | M] () -- E:\Games\Steam\bin\libcef.dll
MOD - [2012/11/12 20:03:51 | 001,099,616 | ---- | M] () -- E:\Games\Steam\bin\avcodec-53.dll
MOD - [2012/11/12 20:03:51 | 000,902,480 | ---- | M] () -- E:\Games\Steam\bin\chromehtml.dll
MOD - [2012/11/12 20:03:51 | 000,190,816 | ---- | M] () -- E:\Games\Steam\bin\avformat-53.dll
MOD - [2012/11/12 20:03:51 | 000,123,232 | ---- | M] () -- E:\Games\Steam\bin\avutil-51.dll
MOD - [2012/06/07 00:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Joel\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 00:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Joel\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 00:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Joel\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 00:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Joel\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 00:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Joel\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 00:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Joel\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 00:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Joel\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/02/08 17:07:22 | 000,623,616 | ---- | M] () -- E:\Winamp\System\jnetlib.w5s
MOD - [2012/02/08 17:07:22 | 000,154,624 | ---- | M] () -- E:\Winamp\System\jpeg.w5s
MOD - [2012/02/08 17:07:22 | 000,103,936 | ---- | M] () -- E:\Winamp\System\png.w5s
MOD - [2012/02/08 17:07:22 | 000,090,112 | ---- | M] () -- E:\Winamp\System\xml.w5s
MOD - [2012/02/08 17:07:22 | 000,084,480 | ---- | M] () -- E:\Winamp\System\playlist.w5s
MOD - [2012/02/08 17:07:22 | 000,083,968 | ---- | M] () -- E:\Winamp\tataki.dll
MOD - [2012/02/08 17:07:22 | 000,052,224 | ---- | M] () -- E:\Winamp\Plugins\out_ds.dll
MOD - [2012/02/08 17:07:22 | 000,047,616 | ---- | M] () -- E:\Winamp\zlib.dll
MOD - [2012/02/08 17:07:22 | 000,035,328 | ---- | M] () -- E:\Winamp\System\timer.w5s
MOD - [2012/02/08 17:07:22 | 000,023,040 | ---- | M] () -- E:\Winamp\System\albumart.w5s
MOD - [2012/02/08 17:07:22 | 000,022,528 | ---- | M] () -- E:\Winamp\Plugins\out_disk.dll
MOD - [2012/02/08 17:07:22 | 000,021,504 | ---- | M] () -- E:\Winamp\System\tagz.w5s
MOD - [2012/02/08 17:07:22 | 000,019,456 | ---- | M] () -- E:\Winamp\System\gif.w5s
MOD - [2012/02/08 17:07:22 | 000,019,456 | ---- | M] () -- E:\Winamp\System\bmp.w5s
MOD - [2012/02/08 17:07:22 | 000,018,432 | ---- | M] () -- E:\Winamp\Plugins\out_wave.dll
MOD - [2012/02/08 17:07:22 | 000,016,896 | ---- | M] () -- E:\Winamp\System\dlmgr.w5s
MOD - [2012/02/08 17:07:22 | 000,016,384 | ---- | M] () -- E:\Winamp\System\gracenote.w5s
MOD - [2012/02/08 17:07:22 | 000,014,336 | ---- | M] () -- E:\Winamp\System\filereader.w5s
MOD - [2012/02/08 17:07:22 | 000,013,824 | ---- | M] () -- E:\Winamp\System\primo.w5s
MOD - [2012/02/08 17:07:21 | 001,737,728 | ---- | M] () -- E:\Winamp\Plugins\gen_ff.dll
MOD - [2012/02/08 17:07:21 | 000,417,280 | ---- | M] () -- E:\Winamp\nsutil.dll
MOD - [2012/02/08 17:07:21 | 000,340,992 | ---- | M] () -- E:\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
MOD - [2012/02/08 17:07:21 | 000,313,344 | ---- | M] () -- E:\Winamp\Plugins\in_wm.dll
MOD - [2012/02/08 17:07:21 | 000,290,304 | ---- | M] () -- E:\Winamp\Plugins\in_mp3.dll
MOD - [2012/02/08 17:07:21 | 000,253,440 | ---- | M] () -- E:\Winamp\libsndfile.dll
MOD - [2012/02/08 17:07:21 | 000,253,440 | ---- | M] () -- E:\Winamp\Plugins\in_vorbis.dll
MOD - [2012/02/08 17:07:21 | 000,185,344 | ---- | M] () -- E:\Winamp\Plugins\gen_jumpex.dll
MOD - [2012/02/08 17:07:21 | 000,165,376 | ---- | M] () -- E:\Winamp\Plugins\in_mod.dll
MOD - [2012/02/08 17:07:21 | 000,109,568 | ---- | M] () -- E:\Winamp\Plugins\in_midi.dll
MOD - [2012/02/08 17:07:21 | 000,102,400 | ---- | M] () -- E:\Winamp\Plugins\in_cdda.dll
MOD - [2012/02/08 17:07:21 | 000,078,848 | ---- | M] () -- E:\Winamp\nde.dll
MOD - [2012/02/08 17:07:21 | 000,075,264 | ---- | M] () -- E:\Winamp\Plugins\in_nsv.dll
MOD - [2012/02/08 17:07:21 | 000,072,192 | ---- | M] () -- E:\Winamp\Plugins\in_dshow.dll
MOD - [2012/02/08 17:07:21 | 000,068,608 | ---- | M] () -- E:\Winamp\Plugins\in_avi.dll
MOD - [2012/02/08 17:07:21 | 000,061,440 | ---- | M] () -- E:\Winamp\Plugins\in_flac.dll
MOD - [2012/02/08 17:07:21 | 000,052,736 | ---- | M] () -- E:\Winamp\Plugins\in_mp4.dll
MOD - [2012/02/08 17:07:21 | 000,049,152 | ---- | M] () -- E:\Winamp\Plugins\in_mkv.dll
MOD - [2012/02/08 17:07:21 | 000,043,008 | ---- | M] () -- E:\Winamp\Plugins\in_flv.dll
MOD - [2012/02/08 17:07:21 | 000,027,648 | ---- | M] () -- E:\Winamp\Plugins\gen_hotkeys.dll
MOD - [2012/02/08 17:07:21 | 000,025,600 | ---- | M] () -- E:\Winamp\Plugins\gen_tray.dll
MOD - [2012/02/08 17:07:21 | 000,023,552 | ---- | M] () -- E:\Winamp\Plugins\in_swf.dll
MOD - [2012/02/08 17:07:21 | 000,016,896 | ---- | M] () -- E:\Winamp\Plugins\in_wave.dll
MOD - [2012/02/08 17:07:21 | 000,007,168 | ---- | M] () -- E:\Winamp\Plugins\in_linein.dll
MOD - [2009/08/28 22:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Joel\Local Settings\Apps\F.lux\flux.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/05/17 12:06:24 | 000,295,424 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2009/08/18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/12 20:03:53 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/28 11:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/04/16 15:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nCU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/29 22:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/07/12 16:29:24 | 001,045,608 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RTL8192cu)
DRV:64bit: - [2011/04/26 01:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/11/02 16:42:27 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/08/18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/08/06 16:21:32 | 000,057,776 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/09/28 01:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- G:\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\.DEFAULT\..\SearchScopes\{645701DB-0A59-AE3F-8D62-BAA040AFB663}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z007&form=ZGAIDF
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-18\..\SearchScopes\{645701DB-0A59-AE3F-8D62-BAA040AFB663}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z007&form=ZGAIDF
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3957214131-3400773334-1986242629-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3957214131-3400773334-1986242629-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3957214131-3400773334-1986242629-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB D4 9C 9A F3 9F CB 01 [binary data]
IE - HKU\S-1-5-21-3957214131-3400773334-1986242629-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3957214131-3400773334-1986242629-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3957214131-3400773334-1986242629-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Joel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Joel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Joel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins


========== Chrome ==========

CHR - homepage: chrome://newtab/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Joel\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Joel\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Joel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - Extension: Do Not Track Plus = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkeiedlemmabfclbdkalidkolgdphij\2.2.0.510_0\
CHR - Extension: YouTube = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\
CHR - Extension: Google Search = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
CHR - Extension: Gmail = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/08/12 09:59:46 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3 - HKU\S-1-5-21-3957214131-3400773334-1986242629-1000\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-3957214131-3400773334-1986242629-1000\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3957214131-3400773334-1986242629-1000..\Run: [F.lux] C:\Users\Joel\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-3957214131-3400773334-1986242629-1000..\Run: [PeerBlock] G:\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-3957214131-3400773334-1986242629-1000..\Run: [Plex Media Server] E:\Plex\Plex Media Server.exe (Plex, Inc.)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-3PDVV.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3957214131-3400773334-1986242629-1000\..Trusted Domains: virginmobileusa.com ([www1] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01631C34-8F93-4E64-8DCB-C7419C55CC38}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/05/09 14:25:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{845325de-a6f5-11df-a544-00242123a14e}\Shell - "" = AutoRun
O33 - MountPoints2\{845325de-a6f5-11df-a544-00242123a14e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell - "" = AutoRun
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/28 14:07:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
[2012/11/27 17:51:27 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2012/11/27 17:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2012/11/26 23:22:59 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Malwarebytes
[2012/11/26 23:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/26 23:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/26 23:13:05 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/26 21:16:53 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Joel\Desktop\dds.scr
[2012/11/26 20:55:01 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\ts3overlay
[2012/11/25 12:34:11 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\JAM Software
[2012/11/20 12:34:49 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\Solid State Networks
[2012/11/20 12:34:40 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Meteor Entertainment
[2012/11/19 14:32:15 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Apple Computer
[2012/11/19 14:32:15 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\Apple Computer
[2012/11/19 12:20:13 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\VMware
[2012/11/19 12:03:22 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Macromedia
[2012/11/19 12:03:22 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Adobe
[2012/11/19 11:57:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RT 7 Lite
[2012/11/19 11:57:34 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockers Team
[2012/11/18 07:49:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/17 03:03:23 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/17 03:03:23 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/17 03:01:09 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/17 03:01:09 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/17 03:01:09 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/17 03:01:09 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/16 23:03:55 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\My Games
[2012/11/16 03:19:28 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\VirtualStore
[2012/11/15 21:53:25 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/15 21:53:25 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/15 21:53:25 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/15 21:53:20 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/15 21:53:20 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/15 21:53:19 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/15 21:53:18 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/15 21:53:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/15 21:53:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/15 21:53:08 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/15 21:53:08 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/13 19:45:41 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
[2012/11/12 15:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2012/11/05 13:55:19 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/28 14:07:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe
[2012/11/27 17:51:54 | 000,022,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/27 17:51:54 | 000,022,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/27 17:45:08 | 000,681,984 | ---- | M] () -- C:\Users\Joel\Desktop\CKScanner.exe
[2012/11/26 23:13:11 | 000,711,240 | ---- | M] () -- C:\Windows\is-3PDVV.exe
[2012/11/26 23:13:11 | 000,010,550 | ---- | M] () -- C:\Windows\is-3PDVV.msg
[2012/11/26 23:13:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/26 23:13:11 | 000,000,373 | ---- | M] () -- C:\Windows\is-3PDVV.lst
[2012/11/26 21:16:58 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Joel\Desktop\dds.scr
[2012/11/26 20:51:32 | 000,000,603 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012/11/26 18:41:16 | 000,772,542 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/26 18:41:16 | 000,656,084 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/26 18:41:16 | 000,119,210 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/26 16:46:15 | 000,046,875 | ---- | M] () -- C:\Users\Joel\Desktop\Mtb bare.jpg
[2012/11/26 16:41:59 | 001,238,320 | ---- | M] () -- C:\Users\Joel\Desktop\Mtn front.jpg
[2012/11/26 16:37:40 | 001,070,094 | ---- | M] () -- C:\Users\Joel\Desktop\Mtn Label Back.jpg
[2012/11/26 16:11:57 | 000,040,410 | ---- | M] () -- C:\Users\Joel\Desktop\bare.jpg
[2012/11/26 16:06:13 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/11/26 16:06:07 | 000,001,768 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/11/26 15:55:38 | 001,200,652 | ---- | M] () -- C:\Users\Joel\Desktop\Road back.jpg
[2012/11/26 15:54:50 | 001,031,688 | ---- | M] () -- C:\Users\Joel\Desktop\Road Label Back.jpg
[2012/11/26 15:54:30 | 000,891,156 | ---- | M] () -- C:\Users\Joel\Desktop\Label Front.jpg
[2012/11/26 15:54:04 | 001,120,269 | ---- | M] () -- C:\Users\Joel\Desktop\Road Front.jpg
[2012/11/25 12:34:06 | 000,000,588 | ---- | M] () -- C:\Users\Joel\Desktop\TreeSize Free.lnk
[2012/11/23 11:47:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/19 11:57:34 | 000,001,623 | ---- | M] () -- C:\Users\Joel\Desktop\RT 7 Lite (64-Bit).lnk
[2012/11/05 13:55:19 | 000,000,527 | ---- | M] () -- C:\Users\Joel\Desktop\Ventrilo.lnk
[2012/11/05 13:55:19 | 000,000,248 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/10/31 16:40:34 | 000,200,114 | ---- | M] () -- C:\Users\Joel\Desktop\297081_10152026259565384_309398175_n.jpg
[2012/10/31 16:35:55 | 000,187,813 | ---- | M] () -- C:\Users\Joel\Desktop\398228_412327628815282_1241394781_n.jpg
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/27 17:44:44 | 000,681,984 | ---- | C] () -- C:\Users\Joel\Desktop\CKScanner.exe
[2012/11/26 23:13:11 | 000,711,240 | ---- | C] () -- C:\Windows\is-3PDVV.exe
[2012/11/26 23:13:11 | 000,010,550 | ---- | C] () -- C:\Windows\is-3PDVV.msg
[2012/11/26 23:13:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/26 23:13:11 | 000,000,373 | ---- | C] () -- C:\Windows\is-3PDVV.lst
[2012/11/26 20:51:32 | 000,000,603 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012/11/26 16:45:21 | 000,046,875 | ---- | C] () -- C:\Users\Joel\Desktop\Mtb bare.jpg
[2012/11/26 16:41:31 | 001,238,320 | ---- | C] () -- C:\Users\Joel\Desktop\Mtn front.jpg
[2012/11/26 16:41:31 | 001,070,094 | ---- | C] () -- C:\Users\Joel\Desktop\Mtn Label Back.jpg
[2012/11/26 16:12:05 | 000,040,410 | ---- | C] () -- C:\Users\Joel\Desktop\bare.jpg
[2012/11/26 15:55:38 | 001,200,652 | ---- | C] () -- C:\Users\Joel\Desktop\Road back.jpg
[2012/11/26 15:54:50 | 001,031,688 | ---- | C] () -- C:\Users\Joel\Desktop\Road Label Back.jpg
[2012/11/26 15:54:30 | 000,891,156 | ---- | C] () -- C:\Users\Joel\Desktop\Label Front.jpg
[2012/11/26 15:54:04 | 001,120,269 | ---- | C] () -- C:\Users\Joel\Desktop\Road Front.jpg
[2012/11/25 12:34:06 | 000,000,588 | ---- | C] () -- C:\Users\Joel\Desktop\TreeSize Free.lnk
[2012/11/19 11:57:34 | 000,001,623 | ---- | C] () -- C:\Users\Joel\Desktop\RT 7 Lite (64-Bit).lnk
[2012/11/17 03:03:25 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 03:01:08 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/05 13:55:19 | 000,000,527 | ---- | C] () -- C:\Users\Joel\Desktop\Ventrilo.lnk
[2012/11/05 13:55:17 | 000,000,248 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/10/31 16:40:34 | 000,200,114 | ---- | C] () -- C:\Users\Joel\Desktop\297081_10152026259565384_309398175_n.jpg
[2012/10/31 16:35:55 | 000,187,813 | ---- | C] () -- C:\Users\Joel\Desktop\398228_412327628815282_1241394781_n.jpg
[2012/06/20 17:23:48 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/02/23 23:45:57 | 000,001,997 | ---- | C] () -- C:\Users\Joel\.powerupdate.user.properties
[2011/01/25 19:58:16 | 000,799,796 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/23 23:47:20 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011/01/23 23:47:20 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2010/12/18 14:51:55 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/04/02 13:34:24 | 000,020,313 | ---- | C] () -- C:\Users\Joel\zsnesw.cfg
[2010/04/02 13:34:24 | 000,003,806 | ---- | C] () -- C:\Users\Joel\zinput.cfg
[2010/04/02 13:34:24 | 000,002,480 | ---- | C] () -- C:\Users\Joel\zmovie.cfg
[2010/04/02 13:33:21 | 000,594,432 | ---- | C] () -- C:\Users\Joel\zsnesw.exe
[2009/10/31 13:02:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >




OTL Extras logfile created on: 11/28/2012 2:07:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.51 Gb Available Physical Memory | 68.87% Memory free
15.99 Gb Paging File | 13.46 Gb Available in Paging File | 84.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39.06 Gb Total Space | 8.42 Gb Free Space | 21.57% Space Free | Partition Type: NTFS
Drive E: | 892.44 Gb Total Space | 18.06 Gb Free Space | 2.02% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 119.09 Gb Free Space | 12.78% Space Free | Partition Type: NTFS

Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AFDDEF-1552-4A0A-937A-B7F7CBB946AF}" = lport=139 | protocol=6 | dir=in | app=system |
"{09A6CD06-80BD-495E-8294-97CFBC1B79CD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A2639EC-605C-4CE7-A53F-28F2E465613C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{0F787463-F2EF-4B7A-9856-7626F575B9E5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13A95DC0-323D-4AEB-9730-4248293F4C7E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{221BBD22-C2D9-4435-8152-257ADF6B349F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28B99154-C6B0-491A-9DC4-7A68232518DD}" = lport=68 | protocol=17 | dir=in | name=rtldhcp-port-2 |
"{2B63295B-D70E-4F0D-A280-F234908D8B3F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2EAB67F6-4A9D-4689-A938-9F713B459DD8}" = rport=139 | protocol=6 | dir=out | app=system |
"{33B56988-37F2-49E7-AEC9-4CCF644E2A60}" = lport=445 | protocol=6 | dir=in | app=system |
"{383CDCFD-D152-4F1B-8DE2-7945A26339C7}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4246E6EA-7988-44DF-83FA-4E589E0DEFF7}" = lport=10244 | protocol=6 | dir=in | app=system |
"{47337F2E-411F-4E27-A254-CC360176B656}" = lport=10243 | protocol=6 | dir=in | app=system |
"{50E0FF4F-BA5E-418D-AF82-7F140A27A35D}" = rport=137 | protocol=17 | dir=out | app=system |
"{52071F14-5D2A-4E1A-8989-DA07075F8CE6}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{576169E0-2281-4E18-8B1A-E6C124353B1E}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader |
"{60E1255F-C292-4717-BB40-F439932A7C1D}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65476169-86DB-49E2-B987-A6AE15A48277}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B43386E-D6BC-4EDB-B63C-C95FE3135A91}" = lport=10244 | protocol=6 | dir=in | app=system |
"{701D307F-C0D9-4611-9324-1F8A6DCD558C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{724CD24F-7E39-416D-A5AD-6977CE30D69E}" = rport=445 | protocol=6 | dir=out | app=system |
"{7477BB51-27BA-45C6-8145-1F54BFEC5F09}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{76E62820-5161-4724-AF40-68AFE997E8CD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7986ECE2-4DBA-4548-A2DE-840D180AE5C3}" = lport=6112 | protocol=6 | dir=in | name=blizzard downloader |
"{7A335021-2C1D-49DD-9282-B96BE105616F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C651B57-6868-4B4A-BF73-AD95F9202570}" = lport=137 | protocol=17 | dir=in | app=system |
"{7D015A9D-5534-4113-A6AC-9C8B2D73AC79}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80E50BA3-1652-4BCB-A7E8-8C1AB9BC94F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85408509-4501-45E7-A2F5-27DD26623918}" = lport=4000 | protocol=6 | dir=in | name=blizzard downloader |
"{8563256C-2055-4301-826C-E988DA6DA638}" = rport=138 | protocol=17 | dir=out | app=system |
"{85A3BF26-F9F8-44DD-B572-E01FB5D5D9DD}" = lport=53 | protocol=17 | dir=in | name=rtldns-port-2 |
"{8A03CCC9-4086-47DC-9EA5-1A25318D2F08}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C0C18F1-95D2-44F5-BEB1-A303D0B35395}" = lport=3390 | protocol=6 | dir=in | app=system |
"{92AA676D-6D84-498C-8820-B92336B37754}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{961FB6B3-BA8D-40E8-B75E-9DD7E58A0596}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9853F6DD-41C3-4D12-994F-E3724FD74A9B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA3A34E4-587A-4FB1-8DC2-F22715183F3F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1372ADE-1391-41B1-B298-B8FEE2ED8FC3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B9D2A1CA-6013-4964-BA92-58E053B01804}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{BA32569E-35E5-400F-87CF-597A7B809FB5}" = lport=53 | protocol=6 | dir=in | name=rtldns-port |
"{BA96FA82-2A97-4E5C-A329-F67F74FD6EBD}" = lport=6114 | protocol=6 | dir=in | name=blizzard downloader |
"{BD2062C8-7912-4B6A-ACF8-0B8629CB532E}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{CE4817ED-2116-4FDF-AA5F-4BF093EB8CEE}" = lport=3390 | protocol=6 | dir=in | app=system |
"{D15E4215-DC86-47CF-8FE3-4351950A027C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D4EEA6ED-6FE8-4174-9525-6E12A3437B9F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D8F1E5F4-E5B4-40B8-A58D-2D103B6D5B10}" = lport=138 | protocol=17 | dir=in | app=system |
"{D9FF79E7-4A69-4CC9-9AFB-631BC82EEBDE}" = lport=67 | protocol=17 | dir=in | name=rtldhcp-port |
"{DC7384DE-0A0B-4C0D-B3E7-C4180A23BD02}" = lport=6113 | protocol=6 | dir=in | name=blizzard downloader |
"{DD31FD72-BA59-4EB0-85BC-E992AC06C1CC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E09CC34C-6BBE-450F-A35E-61E812F272A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E1F64FD4-C778-476B-8161-4CA79A8929D1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4BB1C42-E4A6-4567-9662-2F36C03F71A3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5C46808-56CB-4B4D-B8D2-6C1F96D3299D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EADF50E7-DE1C-4A8C-BB15-B7AFA4002153}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader |
"{EEF4C134-DE70-4352-8E65-2DF1B2848231}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F335FD30-08DB-494D-8FC6-6E0A53F87D40}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4961906-10D2-4535-ABEE-DA599D5E982F}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{F4EE7657-655F-4A11-A509-8263258DCD1B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FBBDD81B-2C81-49EE-9460-CA169BBA4CA2}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{FC0F011D-C666-4788-B442-B2115742CC3A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC2EFFB3-B3DB-41D2-9300-C9FB5104DFB8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD24E260-6BB2-4056-A58B-71D41670A570}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE35F52F-6B98-4C26-AE5F-6FC4C2612751}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{FE63D80A-7E80-42F9-837F-1D6C965B818D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00635554-346B-43AF-B688-A1F5635BD695}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{02E11FC0-2F82-4059-9BBF-317230106CAD}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{05966141-A3B0-4598-92A8-BA24987E3947}" = protocol=6 | dir=in | app=e:\games\electronic arts\ultima online classic\client.exe |
"{07932CCA-3A48-46F7-BFB9-8EA349E1A716}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{0CD7663C-F301-436B-BBA1-90F22766EABC}" = protocol=17 | dir=in | app=e:\ventrilo\ventrilo.exe |
"{1062F38E-307C-46E7-9666-59477C1E9B11}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{12346F38-8FD0-45E7-B29D-CB99DB73F7AA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1492D794-E7FE-4E15-B340-E2B6CAB53A8F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{14B12B1B-39BF-460A-9BF3-74F716622785}" = dir=in | app=e:\plex\plexdlnaserver.exe |
"{16080A74-9736-4E59-953B-2CEEF7634439}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{16327181-32F2-4318-94F3-D2BCE201703B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{16ACD240-C321-40BC-B07D-BC746048C4BA}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1DC0F204-89E2-4EC8-A768-5D55C7E330D3}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\age of empires 3\bin\age3.exe |
"{1E773006-F4E1-48DB-B3DA-CD3CC40F7905}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F1723FE-D5CF-48E5-ACD7-2F748853AE7E}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{2141A58B-3E5D-45E2-B764-8C7E1CD3F030}" = protocol=17 | dir=in | app=e:\games\electronic arts\ultima online classic\client.exe |
"{219EAEB7-8CCA-41BC-BA3D-F92BE6ADB28C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{237C510B-0B71-4299-91AF-AC85FEF389EE}" = protocol=17 | dir=in | app=e:\plex\plex media server\plexscripthost.exe |
"{25C91F11-FF96-493D-868E-89ED3AD62599}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{283088B4-DF7C-4F81-AC07-4697D80AD86F}" = protocol=6 | dir=in | app=g:\games\ultima online\client.exe |
"{29EE58EA-B23A-4C49-95AD-9D017B52AD1E}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{2BE2A16E-80EC-48C7-8F2C-999BA72BE581}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{2C155EA7-DE7E-4068-A9B2-B9610D80119F}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\portal 2\portal2.exe |
"{34CA6F29-5765-439F-8A8C-0D03F2ED12F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35564A74-741A-49DD-8E85-6942E7BEFFC2}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{36340C1C-F0FB-46B0-8E28-67FAB2E2FBED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{367DB2DF-A263-4B8D-A355-12C35D71204C}" = protocol=6 | dir=out | app=system |
"{3DDFB9F8-B03D-40BE-B5C4-C3C4C34C5509}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{413403BB-E8E8-4DA8-A1EA-723646364A70}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\age of empires 3\bin\age3x.exe |
"{47C1237D-0B29-4867-9E1E-43D2816FC534}" = protocol=6 | dir=in | app=e:\hydrairc\hydrairc.exe |
"{47DC265F-29EF-408C-8D3B-E39E60DE6E24}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\age of empires 3\bin\age3y.exe |
"{4B974439-2AD9-4E0F-B86E-FBD6B0881D7E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4E437C17-8398-4819-AEDD-A331E9EF3B62}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{5378A71A-F9D9-45A2-AC20-DB7051AFFC13}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{60D99A7B-310E-4BFA-9611-89C0414816B4}" = protocol=17 | dir=in | app=e:\plex\plex media server\plex media server.exe |
"{680A5634-4CE8-408B-A578-A645A5029E98}" = protocol=6 | dir=in | app=e:\plex\plex media server\plexscripthost.exe |
"{6921F61F-74EC-421D-8978-48C722A0079B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{6AC2B255-064A-4B26-9EC8-FC22DA87F0DC}" = protocol=6 | dir=in | app=e:\ventrilo\ventrilo.exe |
"{6DD2DF39-AFA1-4AA5-BA2A-FFE8B3BFC4D4}" = protocol=17 | dir=in | app=g:\games\ultima online\client.exe |
"{6FB34874-AE28-4F8F-9133-56F1C8513CA6}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtldhcp.exe |
"{720E8718-9D4C-41B4-AF37-B1EAB7EA558B}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{7221434D-F21C-4D8A-BAB1-EFBCA448D5E8}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{76742A8D-ECF4-4D33-A98B-AFEE14B87FE4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{79067F0E-6AD7-4801-BB3B-4F6D26CD102E}" = dir=in | app=e:\plex\plexscripthost.exe |
"{7971E24D-F619-4F95-BB8B-A74A87FE5575}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A6BF398-E902-4C65-9FCA-1AD827ECC1E1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7CE9F1BC-BA68-463A-8021-E5875F89BB4E}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{7F022DD7-41FB-4D35-A213-7EBDAD01D869}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{83F8D143-257F-4702-BA93-8B07835AB94D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88741AB1-7331-43BA-8D95-42FD841F8E58}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{88D7B44C-4CFE-4425-BE79-305A0E16E6C1}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{8D98754C-A27F-4871-B5C8-82C8A8B820A5}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtldhcp.exe |
"{8F5FC193-82B0-4D33-AA3B-409940886496}" = protocol=6 | dir=in | app=e:\plex\plex media server.exe |
"{91314567-7DF7-483F-94C2-D78AE9961714}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{929AA1A2-DDAA-468D-B05D-345CFB0701ED}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{96014426-73E0-4A1F-9AFC-88FB22E4A38E}" = protocol=6 | dir=in | app=e:\games\steam\steam.exe |
"{96C97E5A-54E2-4AE1-B2D4-963EF7628EC8}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{994F8A8F-8315-40EA-B8C4-71FB753B8466}" = protocol=17 | dir=in | app=e:\hydrairc\hydrairc.exe |
"{A59D909E-AC8A-4F71-80B3-FDB1ADE80D19}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A5B5239B-DDD6-4E45-A55A-A41F0E7C22EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A6133B73-DD80-4705-ABFC-2763AC5F04E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A67785D0-7679-460A-931B-2E07D0409842}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{A7E21CE4-408D-46CD-ACCF-A3F8666310AF}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{A98CEEA6-E089-4327-A8B0-D4C2D26B6399}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{AC8CE8AA-ADC2-4B9C-9838-1B64D93D695C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B5AA735C-6234-4D07-8F91-823778852170}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B79943B8-EF59-4E2D-AFF3-325B1F5DC6C5}" = protocol=17 | dir=in | app=e:\games\steam\steam.exe |
"{BC1650F3-2FB8-450E-BE2B-C3237FEB1504}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{BCD7E0B5-BC80-4371-8118-7A9FD274CC93}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{BD0F5ABE-F1A6-40A9-8298-42B0A3CD555D}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{C61BACB3-B744-47A6-B8B3-50D05AF9A00D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C6ADDBE6-63D3-43BC-A460-0C636C89B5FC}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\portal 2\portal2.exe |
"{C8DC2405-9C58-46F3-8158-2DE987C945C7}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{C934181D-05CD-48F2-96AE-76CA72FE8E12}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{CA4A2F06-6881-4414-AB6D-C3D816883C04}" = protocol=17 | dir=in | app=e:\plex\plex media server.exe |
"{CDE32B9E-520B-4ABD-9FF5-D3E6234F6FF8}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D21E17B1-D040-4460-BDA4-E24312692D3B}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\arma 2\arma2.exe |
"{D431C1BA-3C2C-422D-A057-6E018DDCAA2A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{D500A096-CD07-46ED-BF94-3B9722FC5102}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\age of empires 3\bin\age3.exe |
"{D6434A32-D247-422B-BE37-CD0635C51791}" = protocol=6 | dir=in | name=blizzard downloader |
"{D70E31BD-A489-4F48-B11D-0B32FF3ACD8E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D9BA5A2F-29AA-41B0-B226-102BB9D17D0B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA21D877-116C-4FA3-8D64-93221D9C19A5}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\age of empires 3\bin\age3y.exe |
"{DB2C639F-7754-4DDF-B74C-C7223E048257}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{DC275496-839D-4122-A94C-E5B6B9996F8A}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\age of empires 3\bin\age3x.exe |
"{DEE31E63-6509-490B-A924-26C97B2867FA}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{DF8AEDC5-8448-4333-B143-3DADC714EAAB}" = protocol=17 | dir=in | app=e:\plex\plex media server\plexdlnaserver.exe |
"{DFB30588-3050-4ED6-A4A2-930D9702C3AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E74BCD7A-BFD7-4DB2-8A56-85B3C5943193}" = protocol=6 | dir=in | app=e:\plex\plex media server\plexdlnaserver.exe |
"{E8F07EE7-D339-4283-8D18-41C79D1CDC51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F185A4D2-9528-461A-8886-EABB75043857}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{F5042EB1-E47F-4B6B-AA96-27078EC623FE}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F9EAA277-F7AE-47E6-91E2-53AFB0B3F655}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{FBCC2C4F-85EB-45D0-92D8-A41761C2E27C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FE7A288C-72A7-449A-B7DA-8BD24BB9D12C}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\arma 2\arma2.exe |
"TCP Query User{0A1CAB23-661C-4340-BB9D-1FFEE9CEABB5}E:\plex\plex media server\plexdlnaserver.exe" = protocol=6 | dir=in | app=e:\plex\plex media server\plexdlnaserver.exe |
"TCP Query User{0A8F1204-08EF-4BBE-B899-EB28AEC9EEEB}E:\hydrairc\hydrairc.exe" = protocol=6 | dir=in | app=e:\hydrairc\hydrairc.exe |
"TCP Query User{167AB756-D923-40B2-B828-3302B42D3330}E:\games\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=6 | dir=in | app=e:\games\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"TCP Query User{31DA97D5-6BDC-4B56-92B0-7A0E84536B61}E:\games\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{38B5990E-8200-4311-B347-7295BEE41C87}E:\plex\plex media server.exe" = protocol=6 | dir=in | app=e:\plex\plex media server.exe |
"TCP Query User{3B044DF2-1441-47D8-84ED-89F1CF572CF9}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{577FF31E-BBD8-4B46-8899-96ABE366A6C6}G:\games\ultima online\client.exe" = protocol=6 | dir=in | app=g:\games\ultima online\client.exe |
"TCP Query User{96A41E86-5621-4599-A42B-605429638EBB}E:\games\electronic arts\ultima online classic\client.exe" = protocol=6 | dir=in | app=e:\games\electronic arts\ultima online classic\client.exe |
"TCP Query User{B0851014-DBC3-4F4E-837D-338F5A5C749E}E:\plex\plex media server\plex media server.exe" = protocol=6 | dir=in | app=e:\plex\plex media server\plex media server.exe |
"TCP Query User{EE9E7FD0-90FA-4F5E-8955-0601AAEFCC85}E:\plex\plex media server\plexscripthost.exe" = protocol=6 | dir=in | app=e:\plex\plex media server\plexscripthost.exe |
"UDP Query User{3F488FAE-970E-4CC3-B17F-E464F60D4B1D}E:\plex\plex media server\plexdlnaserver.exe" = protocol=17 | dir=in | app=e:\plex\plex media server\plexdlnaserver.exe |
"UDP Query User{428C0958-8A33-4218-B348-F1B3671ACB9E}E:\plex\plex media server\plexscripthost.exe" = protocol=17 | dir=in | app=e:\plex\plex media server\plexscripthost.exe |
"UDP Query User{581192F8-F7C7-4AB9-AB49-2284054E408F}E:\plex\plex media server.exe" = protocol=17 | dir=in | app=e:\plex\plex media server.exe |
"UDP Query User{58D31E90-52F6-4A17-AD01-399819DF65B1}G:\games\ultima online\client.exe" = protocol=17 | dir=in | app=g:\games\ultima online\client.exe |
"UDP Query User{85B87DD4-6AB3-4333-A2BF-347CAAD4CB1D}E:\games\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=17 | dir=in | app=e:\games\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"UDP Query User{87952342-965D-45C4-A0F0-105C3F15B0C5}E:\games\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{C29ECFFB-F5FF-4D3F-803F-9BC3E1A5CCD7}E:\plex\plex media server\plex media server.exe" = protocol=17 | dir=in | app=e:\plex\plex media server\plex media server.exe |
"UDP Query User{CD4D07D3-206B-46C7-88B3-CDE2E323DEDB}E:\games\electronic arts\ultima online classic\client.exe" = protocol=17 | dir=in | app=e:\games\electronic arts\ultima online classic\client.exe |
"UDP Query User{D0A5804B-3981-4B04-99A7-6F422A677494}E:\hydrairc\hydrairc.exe" = protocol=17 | dir=in | app=e:\hydrairc\hydrairc.exe |
"UDP Query User{D42AF958-FB7A-454A-AD30-B771BB220168}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{143CC532-8A89-4D56-8F91-F1AFF6244FE3}" = x64crt
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{DDEBB7D6-671C-468D-98EB-EF9F1A1BC524}" = RT 7 Lite x64
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24762012-C6C8-4AAD-A02D-71A009FA1683}" = Adobe Flash Player 10 ActiveX
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50CBA9D7-4A12-44CA-8E75-9FD7374FBD12}" = x86crt
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D12314F45EB}" = REALTEK Wireless LAN Driver and Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F90D0E4A-DB14-474D-9112-61E4E2234493}" = Plex Media Server
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Civilization V" = Sid Meier's Civilization V
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DivX Setup" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"HydraIRC" = HydraIRC
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Nettalk_is1" = Nettalk 6.7
"OpenLibraries" = OpenLibraries
"PowerISO" = PowerISO
"Steam App 105450" = Age of Empires® III: Complete Collection
"Steam App 16830" = Sid Meier's Civilization V SDK
"Steam App 220" = Half-Life 2
"Steam App 33900" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 400" = Portal
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 730" = Counter-Strike: Global Offensive Beta
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91600" = Sanctum
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TreeSize Free_is1" = TreeSize Free V2.7
"Ultima Online Second Age" = Ultima Online Second Age 5.0.8.3
"UO Auto-Map" = UO Auto-Map 9.0.0
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3957214131-3400773334-1986242629-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Flux" = F.lux
"Google Chrome" = Google Chrome
"Hawken" = Hawken
"RT 7 Lite x64" = RT 7 Lite (64-Bit)
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/27/2012 11:31:48 AM | Computer Name = Joel-PC | Source = MsiInstaller | ID = 11711
Description =

Error - 11/27/2012 11:31:48 AM | Computer Name = Joel-PC | Source = MsiInstaller | ID = 11711
Description =

Error - 11/27/2012 11:31:48 AM | Computer Name = Joel-PC | Source = MsiInstaller | ID = 11711
Description =

Error - 11/27/2012 11:31:48 AM | Computer Name = Joel-PC | Source = MsiInstaller | ID = 11711
Description =

Error - 11/27/2012 11:31:48 AM | Computer Name = Joel-PC | Source = MsiInstaller | ID = 11711
Description =

Error - 11/27/2012 11:31:48 AM | Computer Name = Joel-PC | Source = MsiInstaller | ID = 11711
Description =

Error - 11/27/2012 11:31:48 AM | Computer Name = Joel-PC | Source = MsiInstaller | ID = 11711
Description =

Error - 11/27/2012 11:31:48 AM | Computer Name = Joel-PC | Source = MsiInstaller | ID = 11711
Description =

Error - 11/27/2012 11:31:48 AM | Computer Name = Joel-PC | Source = MsiInstaller | ID = 11711
Description =

Error - 11/27/2012 11:31:48 AM | Computer Name = Joel-PC | Source = MsiInstaller | ID = 11711
Description =

[ Media Center Events ]
Error - 5/19/2012 4:37:26 PM | Computer Name = Joel-PC | Source = MCUpdate | ID = 0
Description = 1:37:26 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/20/2012 4:28:22 AM | Computer Name = Joel-PC | Source = MCUpdate | ID = 0
Description = 1:28:21 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/20/2012 4:21:01 PM | Computer Name = Joel-PC | Source = MCUpdate | ID = 0
Description = 1:21:01 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/21/2012 4:25:10 AM | Computer Name = Joel-PC | Source = MCUpdate | ID = 0
Description = 1:25:09 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/21/2012 6:09:53 AM | Computer Name = Joel-PC | Source = MCUpdate | ID = 0
Description = 3:09:53 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/21/2012 4:49:20 PM | Computer Name = Joel-PC | Source = MCUpdate | ID = 0
Description = 1:49:20 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 4:49:03 AM | Computer Name = Joel-PC | Source = MCUpdate | ID = 0
Description = 1:49:02 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 4:41:50 PM | Computer Name = Joel-PC | Source = MCUpdate | ID = 0
Description = 1:41:50 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/23/2012 4:15:31 AM | Computer Name = Joel-PC | Source = MCUpdate | ID = 0
Description = 1:15:04 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/23/2012 4:24:44 PM | Computer Name = Joel-PC | Source = MCUpdate | ID = 0
Description = 1:24:44 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

[ System Events ]
Error - 11/25/2012 5:51:54 AM | Computer Name = Joel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242007: Security Update for Microsoft .NET Framework 4 on XP, Server
2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2737019).

Error - 11/25/2012 6:12:36 AM | Computer Name = Joel-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.170.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0xc8000710 Error
description: The account used is a computer account. Use your global user account
or local user account to access this server.

Error - 11/25/2012 6:14:28 AM | Computer Name = Joel-PC | Source = Microsoft Antimalware | ID = 1005
Description = %%860 scan has encountered an error and terminated. Scan ID: {78D2E268-4534-4DA9-82D9-DD65A88AEFEB}

Scan
Type: %%802 Scan Parameters: %%806 User: NT AUTHORITY\NETWORK SERVICE Error Code:
0x8050800d Error description: Some history items could not be displayed. Please wait
a few minutes and try again. If that doesn't work, clear the history and then try
again.

Error - 11/25/2012 3:57:43 PM | Computer Name = Joel-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.170.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0xc8000710 Error
description: The account used is a computer account. Use your global user account
or local user account to access this server.

Error - 11/25/2012 3:57:44 PM | Computer Name = Joel-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.170.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0xc8000710 Error
description: The account used is a computer account. Use your global user account
or local user account to access this server.

Error - 11/25/2012 8:00:07 PM | Computer Name = Joel-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 11/26/2012 7:58:22 PM | Computer Name = Joel-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 11/27/2012 3:05:02 AM | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
10000 milliseconds: Restart the service.

Error - 11/27/2012 11:31:48 AM | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Installer service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 11/28/2012 6:54:14 AM | Computer Name = Joel-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >
JC213
Active Member
 
Posts: 6
Joined: November 27th, 2012, 1:21 am

Re: Temp file keeps growing, eats up disk space

Unread postby JC213 » November 28th, 2012, 6:40 pm

Step 3:


14:15:05.0532 2552 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:15:05.0931 2552 ============================================================
14:15:05.0931 2552 Current date / time: 2012/11/28 14:15:05.0931
14:15:05.0931 2552 SystemInfo:
14:15:05.0931 2552
14:15:05.0931 2552 OS Version: 6.1.7601 ServicePack: 1.0
14:15:05.0931 2552 Product type: Workstation
14:15:05.0931 2552 ComputerName: JOEL-PC
14:15:05.0931 2552 UserName: Joel
14:15:05.0931 2552 Windows directory: C:\Windows
14:15:05.0931 2552 System windows directory: C:\Windows
14:15:05.0931 2552 Running under WOW64
14:15:05.0931 2552 Processor architecture: Intel x64
14:15:05.0931 2552 Number of processors: 3
14:15:05.0931 2552 Page size: 0x1000
14:15:05.0931 2552 Boot type: Normal boot
14:15:05.0931 2552 ============================================================
14:15:07.0008 2552 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:15:07.0024 2552 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:15:07.0133 2552 ============================================================
14:15:07.0133 2552 \Device\Harddisk0\DR0:
14:15:07.0133 2552 MBR partitions:
14:15:07.0133 2552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
14:15:07.0133 2552 \Device\Harddisk1\DR1:
14:15:07.0133 2552 MBR partitions:
14:15:07.0133 2552 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
14:15:07.0149 2552 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0x6F8E2C96
14:15:07.0149 2552 ============================================================
14:15:07.0149 2552 C: <-> \Device\Harddisk1\DR1\Partition1
14:15:07.0195 2552 E: <-> \Device\Harddisk1\DR1\Partition2
14:15:07.0227 2552 G: <-> \Device\Harddisk0\DR0\Partition1
14:15:07.0227 2552 ============================================================
14:15:07.0227 2552 Initialize success
14:15:07.0227 2552 ============================================================
14:15:14.0144 4420 ============================================================
14:15:14.0144 4420 Scan started
14:15:14.0144 4420 Mode: Manual;
14:15:14.0144 4420 ============================================================
14:15:14.0516 4420 ================ Scan system memory ========================
14:15:14.0516 4420 System memory - ok
14:15:14.0516 4420 ================ Scan services =============================
14:15:14.0625 4420 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:15:14.0625 4420 1394ohci - ok
14:15:14.0640 4420 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:15:14.0656 4420 ACPI - ok
14:15:14.0672 4420 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:15:14.0672 4420 AcpiPmi - ok
14:15:14.0703 4420 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:15:14.0718 4420 adp94xx - ok
14:15:14.0734 4420 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:15:14.0734 4420 adpahci - ok
14:15:14.0750 4420 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:15:14.0750 4420 adpu320 - ok
14:15:14.0765 4420 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:15:14.0765 4420 AeLookupSvc - ok
14:15:14.0796 4420 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:15:14.0796 4420 AFD - ok
14:15:14.0812 4420 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:15:14.0812 4420 agp440 - ok
14:15:14.0828 4420 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:15:14.0828 4420 ALG - ok
14:15:14.0843 4420 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:15:14.0843 4420 aliide - ok
14:15:14.0859 4420 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:15:14.0859 4420 AMD External Events Utility - ok
14:15:14.0874 4420 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:15:14.0874 4420 amdide - ok
14:15:14.0874 4420 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:15:14.0890 4420 AmdK8 - ok
14:15:14.0906 4420 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:15:14.0906 4420 AmdPPM - ok
14:15:14.0921 4420 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:15:14.0921 4420 amdsata - ok
14:15:14.0937 4420 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:15:14.0937 4420 amdsbs - ok
14:15:14.0937 4420 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:15:14.0937 4420 amdxata - ok
14:15:14.0968 4420 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:15:14.0968 4420 AppID - ok
14:15:14.0984 4420 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:15:14.0984 4420 AppIDSvc - ok
14:15:15.0031 4420 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:15:15.0032 4420 Appinfo - ok
14:15:15.0042 4420 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:15:15.0044 4420 arc - ok
14:15:15.0056 4420 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:15:15.0057 4420 arcsas - ok
14:15:15.0142 4420 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:15:15.0143 4420 aspnet_state - ok
14:15:15.0162 4420 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:15:15.0163 4420 AsyncMac - ok
14:15:15.0175 4420 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:15:15.0175 4420 atapi - ok
14:15:15.0268 4420 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:15:15.0327 4420 atikmdag - ok
14:15:15.0363 4420 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:15:15.0370 4420 AudioEndpointBuilder - ok
14:15:15.0379 4420 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:15:15.0382 4420 AudioSrv - ok
14:15:15.0412 4420 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:15:15.0414 4420 AxInstSV - ok
14:15:15.0432 4420 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:15:15.0438 4420 b06bdrv - ok
14:15:15.0462 4420 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:15:15.0465 4420 b57nd60a - ok
14:15:15.0487 4420 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:15:15.0488 4420 BDESVC - ok
14:15:15.0502 4420 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:15:15.0502 4420 Beep - ok
14:15:15.0534 4420 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:15:15.0542 4420 BFE - ok
14:15:15.0564 4420 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
14:15:15.0574 4420 BITS - ok
14:15:15.0582 4420 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:15:15.0583 4420 blbdrive - ok
14:15:15.0602 4420 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:15:15.0603 4420 bowser - ok
14:15:15.0617 4420 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:15:15.0618 4420 BrFiltLo - ok
14:15:15.0632 4420 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:15:15.0633 4420 BrFiltUp - ok
14:15:15.0659 4420 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:15:15.0662 4420 Browser - ok
14:15:15.0674 4420 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:15:15.0677 4420 Brserid - ok
14:15:15.0685 4420 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:15:15.0686 4420 BrSerWdm - ok
14:15:15.0691 4420 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:15:15.0692 4420 BrUsbMdm - ok
14:15:15.0706 4420 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:15:15.0706 4420 BrUsbSer - ok
14:15:15.0714 4420 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:15:15.0715 4420 BTHMODEM - ok
14:15:15.0731 4420 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:15:15.0733 4420 bthserv - ok
14:15:15.0746 4420 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:15:15.0747 4420 cdfs - ok
14:15:15.0777 4420 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
14:15:15.0779 4420 cdrom - ok
14:15:15.0801 4420 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:15:15.0802 4420 CertPropSvc - ok
14:15:15.0815 4420 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:15:15.0816 4420 circlass - ok
14:15:15.0847 4420 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:15:15.0851 4420 CLFS - ok
14:15:15.0899 4420 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:15:15.0901 4420 clr_optimization_v2.0.50727_32 - ok
14:15:15.0924 4420 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:15:15.0926 4420 clr_optimization_v2.0.50727_64 - ok
14:15:15.0983 4420 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:15:15.0985 4420 clr_optimization_v4.0.30319_32 - ok
14:15:16.0000 4420 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:15:16.0002 4420 clr_optimization_v4.0.30319_64 - ok
14:15:16.0019 4420 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:15:16.0020 4420 CmBatt - ok
14:15:16.0024 4420 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:15:16.0024 4420 cmdide - ok
14:15:16.0039 4420 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:15:16.0039 4420 CNG - ok
14:15:16.0055 4420 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:15:16.0055 4420 Compbatt - ok
14:15:16.0070 4420 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:15:16.0070 4420 CompositeBus - ok
14:15:16.0070 4420 COMSysApp - ok
14:15:16.0086 4420 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:15:16.0086 4420 crcdisk - ok
14:15:16.0117 4420 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:15:16.0117 4420 CryptSvc - ok
14:15:16.0148 4420 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:15:16.0164 4420 DcomLaunch - ok
14:15:16.0180 4420 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:15:16.0195 4420 defragsvc - ok
14:15:16.0211 4420 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:15:16.0211 4420 DfsC - ok
14:15:16.0226 4420 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:15:16.0242 4420 Dhcp - ok
14:15:16.0242 4420 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:15:16.0242 4420 discache - ok
14:15:16.0258 4420 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:15:16.0258 4420 Disk - ok
14:15:16.0289 4420 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:15:16.0289 4420 Dnscache - ok
14:15:16.0304 4420 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:15:16.0320 4420 dot3svc - ok
14:15:16.0336 4420 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:15:16.0351 4420 DPS - ok
14:15:16.0367 4420 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:15:16.0382 4420 drmkaud - ok
14:15:16.0414 4420 dump_wmimmc - ok
14:15:16.0429 4420 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:15:16.0445 4420 DXGKrnl - ok
14:15:16.0476 4420 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:15:16.0476 4420 EapHost - ok
14:15:16.0523 4420 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:15:16.0554 4420 ebdrv - ok
14:15:16.0586 4420 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:15:16.0588 4420 EFS - ok
14:15:16.0634 4420 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:15:16.0641 4420 ehRecvr - ok
14:15:16.0659 4420 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:15:16.0661 4420 ehSched - ok
14:15:16.0681 4420 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:15:16.0688 4420 elxstor - ok
14:15:16.0720 4420 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:15:16.0721 4420 ErrDev - ok
14:15:16.0757 4420 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:15:16.0762 4420 EventSystem - ok
14:15:16.0788 4420 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:15:16.0790 4420 exfat - ok
14:15:16.0801 4420 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:15:16.0803 4420 fastfat - ok
14:15:16.0834 4420 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:15:16.0842 4420 Fax - ok
14:15:16.0859 4420 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:15:16.0860 4420 fdc - ok
14:15:16.0863 4420 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:15:16.0864 4420 fdPHost - ok
14:15:16.0873 4420 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:15:16.0875 4420 FDResPub - ok
14:15:16.0889 4420 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:15:16.0890 4420 FileInfo - ok
14:15:16.0903 4420 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:15:16.0904 4420 Filetrace - ok
14:15:16.0914 4420 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:15:16.0914 4420 flpydisk - ok
14:15:16.0933 4420 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:15:16.0936 4420 FltMgr - ok
14:15:16.0963 4420 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:15:16.0975 4420 FontCache - ok
14:15:17.0005 4420 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:15:17.0006 4420 FontCache3.0.0.0 - ok
14:15:17.0021 4420 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:15:17.0022 4420 FsDepends - ok
14:15:17.0036 4420 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:15:17.0037 4420 Fs_Rec - ok
14:15:17.0059 4420 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:15:17.0062 4420 fvevol - ok
14:15:17.0072 4420 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:15:17.0074 4420 gagp30kx - ok
14:15:17.0106 4420 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:15:17.0115 4420 gpsvc - ok
14:15:17.0203 4420 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:15:17.0204 4420 gupdate - ok
14:15:17.0226 4420 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:15:17.0227 4420 gupdatem - ok
14:15:17.0256 4420 [ ADB4348DA1345877B04E22203AFC8993 ] hcmon C:\Windows\system32\drivers\hcmon.sys
14:15:17.0257 4420 hcmon - ok
14:15:17.0283 4420 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:15:17.0284 4420 hcw85cir - ok
14:15:17.0369 4420 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:15:17.0373 4420 HdAudAddService - ok
14:15:17.0455 4420 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:15:17.0456 4420 HDAudBus - ok
14:15:17.0464 4420 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:15:17.0465 4420 HidBatt - ok
14:15:17.0478 4420 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:15:17.0480 4420 HidBth - ok
14:15:17.0492 4420 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:15:17.0493 4420 HidIr - ok
14:15:17.0510 4420 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:15:17.0511 4420 hidserv - ok
14:15:17.0550 4420 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:15:17.0551 4420 HidUsb - ok
14:15:17.0582 4420 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:15:17.0582 4420 hkmsvc - ok
14:15:17.0613 4420 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:15:17.0613 4420 HomeGroupListener - ok
14:15:17.0629 4420 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:15:17.0629 4420 HomeGroupProvider - ok
14:15:17.0645 4420 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:15:17.0660 4420 HpSAMD - ok
14:15:17.0691 4420 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:15:17.0691 4420 HTTP - ok
14:15:17.0723 4420 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:15:17.0723 4420 hwpolicy - ok
14:15:17.0738 4420 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:15:17.0738 4420 i8042prt - ok
14:15:17.0754 4420 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:15:17.0754 4420 iaStorV - ok
14:15:17.0801 4420 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:15:17.0801 4420 idsvc - ok
14:15:17.0832 4420 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:15:17.0832 4420 iirsp - ok
14:15:17.0847 4420 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:15:17.0863 4420 IKEEXT - ok
14:15:17.0863 4420 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:15:17.0879 4420 intelide - ok
14:15:17.0894 4420 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:15:17.0894 4420 intelppm - ok
14:15:17.0941 4420 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:15:17.0941 4420 IPBusEnum - ok
14:15:17.0957 4420 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:15:17.0957 4420 IpFilterDriver - ok
14:15:17.0988 4420 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:15:17.0988 4420 iphlpsvc - ok
14:15:18.0019 4420 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:15:18.0019 4420 IPMIDRV - ok
14:15:18.0035 4420 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:15:18.0035 4420 IPNAT - ok
14:15:18.0035 4420 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:15:18.0035 4420 IRENUM - ok
14:15:18.0050 4420 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:15:18.0050 4420 isapnp - ok
14:15:18.0066 4420 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:15:18.0066 4420 iScsiPrt - ok
14:15:18.0081 4420 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:15:18.0081 4420 kbdclass - ok
14:15:18.0097 4420 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:15:18.0097 4420 kbdhid - ok
14:15:18.0113 4420 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:15:18.0113 4420 KeyIso - ok
14:15:18.0128 4420 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:15:18.0128 4420 KSecDD - ok
14:15:18.0173 4420 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:15:18.0175 4420 KSecPkg - ok
14:15:18.0198 4420 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:15:18.0198 4420 ksthunk - ok
14:15:18.0223 4420 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:15:18.0228 4420 KtmRm - ok
14:15:18.0247 4420 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:15:18.0251 4420 LanmanServer - ok
14:15:18.0262 4420 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:15:18.0265 4420 LanmanWorkstation - ok
14:15:18.0288 4420 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:15:18.0289 4420 lltdio - ok
14:15:18.0313 4420 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:15:18.0317 4420 lltdsvc - ok
14:15:18.0327 4420 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:15:18.0329 4420 lmhosts - ok
14:15:18.0348 4420 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:15:18.0350 4420 LSI_FC - ok
14:15:18.0362 4420 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:15:18.0364 4420 LSI_SAS - ok
14:15:18.0373 4420 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:15:18.0375 4420 LSI_SAS2 - ok
14:15:18.0388 4420 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:15:18.0390 4420 LSI_SCSI - ok
14:15:18.0414 4420 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:15:18.0415 4420 luafv - ok
14:15:18.0442 4420 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:15:18.0444 4420 Mcx2Svc - ok
14:15:18.0454 4420 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:15:18.0455 4420 megasas - ok
14:15:18.0472 4420 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:15:18.0475 4420 MegaSR - ok
14:15:18.0533 4420 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:15:18.0535 4420 Microsoft Office Groove Audit Service - ok
14:15:18.0554 4420 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:15:18.0557 4420 MMCSS - ok
14:15:18.0565 4420 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:15:18.0566 4420 Modem - ok
14:15:18.0587 4420 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:15:18.0587 4420 monitor - ok
14:15:18.0608 4420 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:15:18.0609 4420 mouclass - ok
14:15:18.0633 4420 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:15:18.0634 4420 mouhid - ok
14:15:18.0660 4420 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:15:18.0661 4420 mountmgr - ok
14:15:18.0708 4420 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:15:18.0710 4420 MpFilter - ok
14:15:18.0735 4420 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:15:18.0737 4420 mpio - ok
14:15:18.0755 4420 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:15:18.0757 4420 mpsdrv - ok
14:15:18.0789 4420 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:15:18.0799 4420 MpsSvc - ok
14:15:18.0820 4420 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:15:18.0822 4420 MRxDAV - ok
14:15:18.0847 4420 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:15:18.0849 4420 mrxsmb - ok
14:15:18.0871 4420 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:15:18.0874 4420 mrxsmb10 - ok
14:15:18.0886 4420 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:15:18.0888 4420 mrxsmb20 - ok
14:15:18.0912 4420 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:15:18.0912 4420 msahci - ok
14:15:18.0935 4420 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:15:18.0936 4420 msdsm - ok
14:15:18.0953 4420 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:15:18.0955 4420 MSDTC - ok
14:15:18.0984 4420 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:15:18.0984 4420 Msfs - ok
14:15:18.0991 4420 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:15:18.0992 4420 mshidkmdf - ok
14:15:19.0001 4420 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:15:19.0002 4420 msisadrv - ok
14:15:19.0022 4420 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:15:19.0025 4420 MSiSCSI - ok
14:15:19.0027 4420 msiserver - ok
14:15:19.0052 4420 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:15:19.0052 4420 MSKSSRV - ok
14:15:19.0112 4420 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:15:19.0112 4420 MsMpSvc - ok
14:15:19.0126 4420 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:15:19.0127 4420 MSPCLOCK - ok
14:15:19.0134 4420 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:15:19.0135 4420 MSPQM - ok
14:15:19.0152 4420 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:15:19.0152 4420 MsRPC - ok
14:15:19.0168 4420 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:15:19.0168 4420 mssmbios - ok
14:15:19.0168 4420 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:15:19.0168 4420 MSTEE - ok
14:15:19.0184 4420 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:15:19.0184 4420 MTConfig - ok
14:15:19.0199 4420 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:15:19.0199 4420 Mup - ok
14:15:19.0215 4420 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:15:19.0215 4420 napagent - ok
14:15:19.0262 4420 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:15:19.0262 4420 NativeWifiP - ok
14:15:19.0293 4420 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:15:19.0308 4420 NDIS - ok
14:15:19.0324 4420 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:15:19.0324 4420 NdisCap - ok
14:15:19.0324 4420 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:15:19.0340 4420 NdisTapi - ok
14:15:19.0355 4420 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:15:19.0355 4420 Ndisuio - ok
14:15:19.0371 4420 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:15:19.0386 4420 NdisWan - ok
14:15:19.0402 4420 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:15:19.0402 4420 NDProxy - ok
14:15:19.0418 4420 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:15:19.0418 4420 NetBIOS - ok
14:15:19.0433 4420 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:15:19.0433 4420 NetBT - ok
14:15:19.0433 4420 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:15:19.0449 4420 Netlogon - ok
14:15:19.0464 4420 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:15:19.0464 4420 Netman - ok
14:15:19.0480 4420 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:15:19.0496 4420 NetMsmqActivator - ok
14:15:19.0511 4420 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:15:19.0511 4420 NetPipeActivator - ok
14:15:19.0527 4420 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:15:19.0527 4420 netprofm - ok
14:15:19.0542 4420 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:15:19.0542 4420 NetTcpActivator - ok
14:15:19.0542 4420 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:15:19.0542 4420 NetTcpPortSharing - ok
14:15:19.0558 4420 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:15:19.0558 4420 nfrd960 - ok
14:15:19.0589 4420 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:15:19.0589 4420 NisDrv - ok
14:15:19.0605 4420 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
14:15:19.0620 4420 NisSrv - ok
14:15:19.0652 4420 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:15:19.0652 4420 NlaSvc - ok
14:15:19.0667 4420 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:15:19.0667 4420 Npfs - ok
14:15:19.0683 4420 npggsvc - ok
14:15:19.0683 4420 NPPTNT2 - ok
14:15:19.0701 4420 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:15:19.0703 4420 nsi - ok
14:15:19.0718 4420 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:15:19.0718 4420 nsiproxy - ok
14:15:19.0752 4420 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:15:19.0769 4420 Ntfs - ok
14:15:19.0778 4420 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:15:19.0779 4420 Null - ok
14:15:19.0801 4420 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:15:19.0803 4420 nvraid - ok
14:15:19.0831 4420 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:15:19.0834 4420 nvstor - ok
14:15:19.0850 4420 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:15:19.0851 4420 nv_agp - ok
14:15:19.0904 4420 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:15:19.0909 4420 odserv - ok
14:15:19.0934 4420 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:15:19.0935 4420 ohci1394 - ok
14:15:19.0955 4420 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:15:19.0957 4420 ose - ok
14:15:19.0977 4420 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:15:19.0981 4420 p2pimsvc - ok
14:15:19.0995 4420 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:15:20.0001 4420 p2psvc - ok
14:15:20.0015 4420 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:15:20.0017 4420 Parport - ok
14:15:20.0035 4420 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:15:20.0036 4420 partmgr - ok
14:15:20.0082 4420 [ 55223EEFABFDB84A926515FEBAB50D9A ] pbfilter G:\PeerBlock\pbfilter.sys
14:15:20.0082 4420 pbfilter - ok
14:15:20.0098 4420 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:15:20.0101 4420 PcaSvc - ok
14:15:20.0109 4420 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:15:20.0111 4420 pci - ok
14:15:20.0121 4420 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:15:20.0121 4420 pciide - ok
14:15:20.0131 4420 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:15:20.0133 4420 pcmcia - ok
14:15:20.0137 4420 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:15:20.0137 4420 pcw - ok
14:15:20.0156 4420 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:15:20.0163 4420 PEAUTH - ok
14:15:20.0239 4420 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:15:20.0241 4420 PerfHost - ok
14:15:20.0282 4420 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:15:20.0298 4420 pla - ok
14:15:20.0315 4420 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:15:20.0322 4420 PlugPlay - ok
14:15:20.0334 4420 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:15:20.0335 4420 PNRPAutoReg - ok
14:15:20.0342 4420 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:15:20.0344 4420 PNRPsvc - ok
14:15:20.0356 4420 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:15:20.0362 4420 PolicyAgent - ok
14:15:20.0381 4420 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:15:20.0384 4420 Power - ok
14:15:20.0408 4420 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:15:20.0410 4420 PptpMiniport - ok
14:15:20.0424 4420 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:15:20.0426 4420 Processor - ok
14:15:20.0455 4420 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:15:20.0458 4420 ProfSvc - ok
14:15:20.0467 4420 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:15:20.0468 4420 ProtectedStorage - ok
14:15:20.0499 4420 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:15:20.0502 4420 Psched - ok
14:15:20.0549 4420 [ B7B79A598914C1C07B381D4A5F094E75 ] PuranDefrag C:\Windows\system32\PuranDefragS.exe
14:15:20.0553 4420 PuranDefrag - ok
14:15:20.0585 4420 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:15:20.0600 4420 ql2300 - ok
14:15:20.0611 4420 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:15:20.0613 4420 ql40xx - ok
14:15:20.0633 4420 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:15:20.0637 4420 QWAVE - ok
14:15:20.0646 4420 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:15:20.0647 4420 QWAVEdrv - ok
14:15:20.0662 4420 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:15:20.0663 4420 RasAcd - ok
14:15:20.0681 4420 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:15:20.0682 4420 RasAgileVpn - ok
14:15:20.0691 4420 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:15:20.0693 4420 RasAuto - ok
14:15:20.0711 4420 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:15:20.0711 4420 Rasl2tp - ok
14:15:20.0742 4420 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:15:20.0742 4420 RasMan - ok
14:15:20.0773 4420 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:15:20.0773 4420 RasPppoe - ok
14:15:20.0789 4420 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:15:20.0789 4420 RasSstp - ok
14:15:20.0820 4420 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:15:20.0820 4420 rdbss - ok
14:15:20.0836 4420 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:15:20.0836 4420 rdpbus - ok
14:15:20.0851 4420 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:15:20.0851 4420 RDPCDD - ok
14:15:20.0867 4420 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:15:20.0867 4420 RDPENCDD - ok
14:15:20.0883 4420 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:15:20.0883 4420 RDPREFMP - ok
14:15:20.0898 4420 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:15:20.0898 4420 RDPWD - ok
14:15:20.0929 4420 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:15:20.0929 4420 rdyboost - ok
14:15:20.0992 4420 [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nCU C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
14:15:20.0992 4420 Realtek11nCU - ok
14:15:21.0007 4420 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:15:21.0007 4420 RemoteAccess - ok
14:15:21.0023 4420 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:15:21.0023 4420 RemoteRegistry - ok
14:15:21.0054 4420 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:15:21.0054 4420 RpcEptMapper - ok
14:15:21.0085 4420 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:15:21.0085 4420 RpcLocator - ok
14:15:21.0117 4420 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:15:21.0117 4420 RpcSs - ok
14:15:21.0132 4420 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:15:21.0132 4420 rspndr - ok
14:15:21.0148 4420 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:15:21.0148 4420 RTL8167 - ok
14:15:21.0195 4420 [ A3288769E7427D506553D6E4DFB12332 ] RTL8192cu C:\Windows\system32\DRIVERS\rtwlanu.sys
14:15:21.0210 4420 RTL8192cu - ok
14:15:21.0226 4420 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:15:21.0226 4420 SamSs - ok
14:15:21.0241 4420 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:15:21.0241 4420 sbp2port - ok
14:15:21.0273 4420 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:15:21.0276 4420 SCardSvr - ok
14:15:21.0319 4420 [ 4B12E2E559641B0F26474BBC6D7CFAFF ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
14:15:21.0320 4420 SCDEmu - ok
14:15:21.0347 4420 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:15:21.0348 4420 scfilter - ok
14:15:21.0381 4420 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:15:21.0394 4420 Schedule - ok
14:15:21.0416 4420 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:15:21.0417 4420 SCPolicySvc - ok
14:15:21.0443 4420 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:15:21.0446 4420 SDRSVC - ok
14:15:21.0456 4420 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:15:21.0457 4420 secdrv - ok
14:15:21.0479 4420 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:15:21.0481 4420 seclogon - ok
14:15:21.0502 4420 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:15:21.0504 4420 SENS - ok
14:15:21.0521 4420 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:15:21.0522 4420 SensrSvc - ok
14:15:21.0542 4420 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:15:21.0542 4420 Serenum - ok
14:15:21.0564 4420 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:15:21.0566 4420 Serial - ok
14:15:21.0582 4420 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:15:21.0583 4420 sermouse - ok
14:15:21.0616 4420 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:15:21.0619 4420 SessionEnv - ok
14:15:21.0637 4420 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:15:21.0638 4420 sffdisk - ok
14:15:21.0653 4420 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:15:21.0653 4420 sffp_mmc - ok
14:15:21.0660 4420 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:15:21.0661 4420 sffp_sd - ok
14:15:21.0676 4420 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:15:21.0677 4420 sfloppy - ok
14:15:21.0699 4420 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:15:21.0703 4420 SharedAccess - ok
14:15:21.0728 4420 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:15:21.0733 4420 ShellHWDetection - ok
14:15:21.0743 4420 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:15:21.0744 4420 SiSRaid2 - ok
14:15:21.0756 4420 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:15:21.0758 4420 SiSRaid4 - ok
14:15:21.0774 4420 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:15:21.0776 4420 Smb - ok
14:15:21.0801 4420 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:15:21.0802 4420 SNMPTRAP - ok
14:15:21.0811 4420 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:15:21.0811 4420 spldr - ok
14:15:21.0841 4420 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:15:21.0848 4420 Spooler - ok
14:15:21.0904 4420 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:15:21.0921 4420 sppsvc - ok
14:15:21.0938 4420 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:15:21.0940 4420 sppuinotify - ok
14:15:21.0998 4420 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
14:15:21.0998 4420 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
14:15:22.0000 4420 sptd ( LockedFile.Multi.Generic ) - warning
14:15:22.0000 4420 sptd - detected LockedFile.Multi.Generic (1)
14:15:22.0023 4420 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:15:22.0027 4420 srv - ok
14:15:22.0056 4420 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:15:22.0060 4420 srv2 - ok
14:15:22.0075 4420 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:15:22.0077 4420 srvnet - ok
14:15:22.0095 4420 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:15:22.0099 4420 SSDPSRV - ok
14:15:22.0110 4420 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:15:22.0112 4420 SstpSvc - ok
14:15:22.0127 4420 Steam Client Service - ok
14:15:22.0140 4420 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:15:22.0141 4420 stexstor - ok
14:15:22.0180 4420 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:15:22.0188 4420 stisvc - ok
14:15:22.0206 4420 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:15:22.0206 4420 swenum - ok
14:15:22.0224 4420 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:15:22.0231 4420 swprv - ok
14:15:22.0266 4420 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:15:22.0281 4420 SysMain - ok
14:15:22.0313 4420 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:15:22.0313 4420 TabletInputService - ok
14:15:22.0328 4420 [ F0B9D3ED88E56D3CD713DFF21E42AAF0 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
14:15:22.0344 4420 tap0901 - ok
14:15:22.0359 4420 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:15:22.0359 4420 TapiSrv - ok
14:15:22.0375 4420 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:15:22.0375 4420 TBS - ok
14:15:22.0437 4420 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:15:22.0453 4420 Tcpip - ok
14:15:22.0484 4420 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:15:22.0500 4420 TCPIP6 - ok
14:15:22.0500 4420 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:15:22.0500 4420 tcpipreg - ok
14:15:22.0531 4420 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:15:22.0531 4420 TDPIPE - ok
14:15:22.0562 4420 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:15:22.0562 4420 TDTCP - ok
14:15:22.0578 4420 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:15:22.0578 4420 tdx - ok
14:15:22.0593 4420 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:15:22.0593 4420 TermDD - ok
14:15:22.0609 4420 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:15:22.0625 4420 TermService - ok
14:15:22.0625 4420 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:15:22.0625 4420 Themes - ok
14:15:22.0640 4420 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:15:22.0640 4420 THREADORDER - ok
14:15:22.0656 4420 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:15:22.0656 4420 TrkWks - ok
14:15:22.0687 4420 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:15:22.0687 4420 TrustedInstaller - ok
14:15:22.0718 4420 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:15:22.0718 4420 tssecsrv - ok
14:15:22.0734 4420 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:15:22.0734 4420 TsUsbFlt - ok
14:15:22.0765 4420 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:15:22.0765 4420 tunnel - ok
14:15:22.0781 4420 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:15:22.0781 4420 uagp35 - ok
14:15:22.0816 4420 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:15:22.0820 4420 udfs - ok
14:15:22.0843 4420 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:15:22.0845 4420 UI0Detect - ok
14:15:22.0856 4420 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:15:22.0858 4420 uliagpkx - ok
14:15:22.0881 4420 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
14:15:22.0882 4420 umbus - ok
14:15:22.0892 4420 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:15:22.0892 4420 UmPass - ok
14:15:22.0909 4420 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:15:22.0913 4420 upnphost - ok
14:15:22.0939 4420 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:15:22.0941 4420 usbccgp - ok
14:15:22.0968 4420 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:15:22.0969 4420 usbcir - ok
14:15:22.0981 4420 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:15:22.0982 4420 usbehci - ok
14:15:22.0994 4420 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:15:22.0998 4420 usbhub - ok
14:15:23.0014 4420 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:15:23.0015 4420 usbohci - ok
14:15:23.0026 4420 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:15:23.0027 4420 usbprint - ok
14:15:23.0053 4420 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:15:23.0054 4420 usbscan - ok
14:15:23.0065 4420 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:15:23.0067 4420 USBSTOR - ok
14:15:23.0078 4420 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:15:23.0079 4420 usbuhci - ok
14:15:23.0100 4420 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:15:23.0102 4420 UxSms - ok
14:15:23.0113 4420 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:15:23.0114 4420 VaultSvc - ok
14:15:23.0127 4420 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:15:23.0127 4420 vdrvroot - ok
14:15:23.0148 4420 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:15:23.0155 4420 vds - ok
14:15:23.0165 4420 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:15:23.0166 4420 vga - ok
14:15:23.0180 4420 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:15:23.0181 4420 VgaSave - ok
14:15:23.0207 4420 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:15:23.0210 4420 vhdmp - ok
14:15:23.0227 4420 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:15:23.0228 4420 viaide - ok
14:15:23.0235 4420 vmci - ok
14:15:23.0238 4420 VMnetAdapter - ok
14:15:23.0245 4420 VMnetBridge - ok
14:15:23.0249 4420 VMnetuserif - ok
14:15:23.0279 4420 [ 415B167695C4B5960A13098622EF3D80 ] vmusb C:\Windows\system32\Drivers\vmusb.sys
14:15:23.0280 4420 vmusb - ok
14:15:23.0302 4420 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:15:23.0303 4420 volmgr - ok
14:15:23.0335 4420 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:15:23.0339 4420 volmgrx - ok
14:15:23.0353 4420 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:15:23.0356 4420 volsnap - ok
14:15:23.0385 4420 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:15:23.0388 4420 vsmraid - ok
14:15:23.0421 4420 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:15:23.0438 4420 VSS - ok
14:15:23.0449 4420 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:15:23.0450 4420 vwifibus - ok
14:15:23.0465 4420 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:15:23.0466 4420 vwififlt - ok
14:15:23.0478 4420 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:15:23.0483 4420 W32Time - ok
14:15:23.0494 4420 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:15:23.0495 4420 WacomPen - ok
14:15:23.0518 4420 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:15:23.0519 4420 WANARP - ok
14:15:23.0522 4420 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:15:23.0523 4420 Wanarpv6 - ok
14:15:23.0556 4420 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:15:23.0563 4420 WatAdminSvc - ok
14:15:23.0593 4420 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:15:23.0610 4420 wbengine - ok
14:15:23.0633 4420 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:15:23.0637 4420 WbioSrvc - ok
14:15:23.0656 4420 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:15:23.0662 4420 wcncsvc - ok
14:15:23.0672 4420 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:15:23.0674 4420 WcsPlugInService - ok
14:15:23.0688 4420 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:15:23.0689 4420 Wd - ok
14:15:23.0721 4420 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:15:23.0730 4420 Wdf01000 - ok
14:15:23.0741 4420 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:15:23.0744 4420 WdiServiceHost - ok
14:15:23.0746 4420 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:15:23.0748 4420 WdiSystemHost - ok
14:15:23.0774 4420 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:15:23.0778 4420 WebClient - ok
14:15:23.0794 4420 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:15:23.0798 4420 Wecsvc - ok
14:15:23.0805 4420 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:15:23.0808 4420 wercplsupport - ok
14:15:23.0824 4420 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:15:23.0824 4420 WerSvc - ok
14:15:23.0840 4420 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:15:23.0840 4420 WfpLwf - ok
14:15:23.0856 4420 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:15:23.0856 4420 WIMMount - ok
14:15:23.0871 4420 WinDefend - ok
14:15:23.0871 4420 WinHttpAutoProxySvc - ok
14:15:23.0918 4420 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:15:23.0934 4420 Winmgmt - ok
14:15:23.0965 4420 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:15:23.0996 4420 WinRM - ok
14:15:24.0043 4420 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:15:24.0043 4420 WinUsb - ok
14:15:24.0090 4420 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:15:24.0090 4420 Wlansvc - ok
14:15:24.0214 4420 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:15:24.0230 4420 wlidsvc - ok
14:15:24.0261 4420 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:15:24.0261 4420 WmiAcpi - ok
14:15:24.0277 4420 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:15:24.0277 4420 wmiApSrv - ok
14:15:24.0292 4420 WMPNetworkSvc - ok
14:15:24.0292 4420 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:15:24.0308 4420 WPCSvc - ok
14:15:24.0324 4420 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:15:24.0324 4420 WPDBusEnum - ok
14:15:24.0339 4420 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:15:24.0339 4420 ws2ifsl - ok
14:15:24.0339 4420 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
14:15:24.0339 4420 wscsvc - ok
14:15:24.0355 4420 WSearch - ok
14:15:24.0406 4420 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:15:24.0431 4420 wuauserv - ok
14:15:24.0461 4420 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:15:24.0462 4420 WudfPf - ok
14:15:24.0486 4420 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:15:24.0489 4420 WUDFRd - ok
14:15:24.0506 4420 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:15:24.0508 4420 wudfsvc - ok
14:15:24.0529 4420 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:15:24.0533 4420 WwanSvc - ok
14:15:24.0558 4420 ================ Scan global ===============================
14:15:24.0573 4420 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:15:24.0595 4420 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
14:15:24.0603 4420 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
14:15:24.0622 4420 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:15:24.0645 4420 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:15:24.0649 4420 [Global] - ok
14:15:24.0650 4420 ================ Scan MBR ==================================
14:15:24.0652 4420 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:15:24.0656 4420 \Device\Harddisk0\DR0 - ok
14:15:24.0669 4420 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:15:24.0893 4420 \Device\Harddisk1\DR1 - ok
14:15:24.0893 4420 ================ Scan VBR ==================================
14:15:24.0895 4420 [ 2EB39B5952A8CF523D0E98ABA598DF07 ] \Device\Harddisk0\DR0\Partition1
14:15:24.0897 4420 \Device\Harddisk0\DR0\Partition1 - ok
14:15:24.0899 4420 [ DB0EEEF22A337ED5F11B1F16EFD18FF4 ] \Device\Harddisk1\DR1\Partition1
14:15:24.0904 4420 \Device\Harddisk1\DR1\Partition1 - ok
14:15:24.0914 4420 [ 8A329796597071A39CDFC4011882B0AB ] \Device\Harddisk1\DR1\Partition2
14:15:24.0916 4420 \Device\Harddisk1\DR1\Partition2 - ok
14:15:24.0916 4420 ============================================================
14:15:24.0916 4420 Scan finished
14:15:24.0916 4420 ============================================================
14:15:24.0922 0220 Detected object count: 1
14:15:24.0922 0220 Actual detected object count: 1
14:16:20.0435 0220 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:16:20.0435 0220 sptd ( LockedFile.Multi.Generic ) - User select action: Skip


Step 4:
I got it from a roommate who at the time worked in IT for a large, international trucking corporation. We were both university students and I said I needed to get Word and PowerPoint, and he provided. I have had it for a few years, but I don't have the original install files.
JC213
Active Member
 
Posts: 6
Joined: November 27th, 2012, 1:21 am

Re: Temp file keeps growing, eats up disk space

Unread postby nunped » November 29th, 2012, 6:16 am

Hi JC213,

You have an unlicensed copy of Microsoft Office Enterprise 2007. As you can see from our forum rules, you have to uninstall it before we proceed with the cleaning.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Temp file keeps growing, eats up disk space

Unread postby JC213 » November 29th, 2012, 1:52 pm

Okay, I didn't use most of what was in there anyway. I'm fine to use Google Docs from now on. It is uninstalled.
JC213
Active Member
 
Posts: 6
Joined: November 27th, 2012, 1:21 am

Re: Temp file keeps growing, eats up disk space

Unread postby nunped » November 30th, 2012, 2:17 pm

Hi JC213,

Step 1 - OTL fix

  • Right-click OTL.exe and select "run as administrator" to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code: Select all
:commands
[createrestorepoint]

:OTL
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.
O3  -  HKU\S-1-5-21-3957214131-3400773334-1986242629-1000\..\Toolbar\WebBrowser:  (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value  found.
O3 -  HKU\S-1-5-21-3957214131-3400773334-1986242629-1000\..\Toolbar\WebBrowser:  (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value  found.
O15 - HKU\S-1-5-21-3957214131-3400773334-1986242629-1000\..Trusted Domains: virginmobileusa.com ([www1] https in Trusted sites)
O33 - MountPoints2\{845325de-a6f5-11df-a544-00242123a14e}\Shell - "" = AutoRun
O33 - MountPoints2\{845325de-a6f5-11df-a544-00242123a14e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell - "" = AutoRun
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell\install\command - "" = F:\SETUP.EXE

:commands
[emptytemp]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Step 2 - Malwarebytes' Anti-Malware

  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Temp file keeps growing, eats up disk space

Unread postby JC213 » November 30th, 2012, 4:34 pm

Step 1:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found.
Registry value HKEY_USERS\S-1-5-21-3957214131-3400773334-1986242629-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_USERS\S-1-5-21-3957214131-3400773334-1986242629-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3957214131-3400773334-1986242629-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\virginmobileusa.com\www1\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{845325de-a6f5-11df-a544-00242123a14e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{845325de-a6f5-11df-a544-00242123a14e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{845325de-a6f5-11df-a544-00242123a14e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{845325de-a6f5-11df-a544-00242123a14e}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e560efd0-c811-11de-b439-00242123a14e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e560efd0-c811-11de-b439-00242123a14e}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e560efd0-c811-11de-b439-00242123a14e}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e560efd0-c811-11de-b439-00242123a14e}\ not found.
File F:\SETUP.EXE not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Joel
->Temp folder emptied: 4526963 bytes
->Temporary Internet Files folder emptied: 2641173 bytes
->Java cache emptied: 67317713 bytes
->Google Chrome cache emptied: 80402543 bytes
->Flash cache emptied: 506 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49334 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 148.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11302012_122330

Files\Folders moved on Reboot...
C:\Users\Joel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



Step 2:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.30.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Joel :: JOEL-PC [administrator]

11/30/2012 12:29:47 PM
mbam-log-2012-11-30 (12-29-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224247
Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
JC213
Active Member
 
Posts: 6
Joined: November 27th, 2012, 1:21 am

Re: Temp file keeps growing, eats up disk space

Unread postby nunped » November 30th, 2012, 7:12 pm

Hi JC213,

How is your computer behaving?
Do you still have the same problems with free space?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Temp file keeps growing, eats up disk space

Unread postby deltalima » December 4th, 2012, 4:34 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware