Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Part 2: Dllhost.exe *32 Strangling Resources

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Part 2: Dllhost.exe *32 Strangling Resources

Unread postby GhostfaceKilah » October 22nd, 2014, 10:45 pm

I have removed the pirated software from my PC as requested. The link to my original topic is here: viewtopic.php?f=11&t=63168. I will restate my problem below and include new logs.

Over the past 6 days, my internet speed has decreased significantly. I used to have no issues with my ping and internet speed. Now, youtube and online games have been rendered on playable. When using the command prompt to ping websites, the average ping is about 400 ms, ranging anywhere from 250 ms up to 700 ms. My download speed has been reduced from it's normal ~125 kb/sec to 10kb/ sec.

This slow internet speed has not just infected this computer, but all computers in my network. I have tried reseating my modem and my router, but neither of these methods worked.

I scanned my computer using both MSE and Malewarebytes, but neither turned up anything. However, upon examining the detected items history in MSE, I discovered that a Trojan horse, JS/Krypterade.A, had been detected on my PC 24 hours ago. There was no warning of this last night; no notifications popped up. This Trojan horse is supposed to be ransomware, but my PC has never been locked up and money has never been solicited from me via fake threats. Yet, task manager is showing multiple dllhost.exe *32 processes (up to 10) that are consistent with this virus. Network iControl is showing that this dllhost.exe is taking up around 100KBps of bandwith. I am beginning to suspect that I have a virus on this PC.

Due to the fact that downloads are excruciatingly slow and I don't have any other anti-virus software on my hands, is there anything else I can do before downloading new software? If it does come down to me being forced to download something, which programs should I get? Thanks in advance.

I would like to add that Internet Explorer has stopped saving my information when I ask for websites to remember my log-in information. Furthermore, every time I restart Internet Explorer, file downloads are set to disable. Every single file I download has to be downloaded twice because after the first download, Internet Explorer states that the file was not downloaded. On top of this, many .exe files cannot be downloaded; instead, the file is downloaded in a different format, so that it is rendered unusable.

DDS File

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 10.67.2
Run by Renegade at 19:43:58 on 2014-10-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7639.5150 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {8984B388-A5BB-4DF7-B274-77B879E179DB} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
uRun: [SansaDispatch] C:\Users\Renegade\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{310F3A00-3F78-4A22-81F7-7F34C0288745} : DHCPNameServer = 192.168.2.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
AppInit_DLLs= gpsort.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Renegade\AppData\Roaming\Mozilla\Firefox\Profiles\oqbmw1l7.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2013-2-3 32400]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\System32\drivers\BazisVirtualCDBus.sys [2011-6-4 198480]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2014-6-22 66728]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-22 726160]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]
S2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-6-1 920736]
S2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-6-1 951936]
S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-2-3 149120]
S2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [2013-2-3 324608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2012-9-14 95344]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2012-9-14 21872]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2013-2-22 25832]
S3 DCamUSBVM;Lenovo Q350 USB PC Camera;C:\Windows\System32\drivers\usbVM31b.sys [2005-9-19 142336]
S3 EasyAntiCheat;EasyAntiCheat;C:\Windows\System32\EasyAntiCheat.exe --> C:\Windows\System32\EasyAntiCheat.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-30 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-30 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-24 1255736]
.
=============== Created Last 30 ================
.
2014-10-23 02:41:00 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B61BD2A6-7AFF-4E34-8E9B-E7D08F284AD0}\offreg.dll
2014-10-22 06:46:38 -------- d-----w- C:\MGADiagToolOutput
2014-10-21 23:33:51 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B61BD2A6-7AFF-4E34-8E9B-E7D08F284AD0}\mpengine.dll
2014-10-19 03:21:49 -------- d-----w- C:\ProgramData\AVAST Software
2014-10-19 03:19:44 -------- d-----w- C:\ProgramData\Panda Security
2014-10-18 19:16:23 -------- d-----w- C:\FRST
2014-10-18 07:31:28 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-10-18 06:32:25 -------- d-----w- C:\Program Files\HitmanPro
2014-10-16 03:57:45 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-16 03:57:17 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-16 03:57:17 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-16 03:57:17 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-16 03:57:17 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-16 03:57:17 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-16 03:57:17 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-16 03:56:15 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-10-16 03:56:15 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-10-16 03:56:15 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-10-16 03:56:15 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-10-16 03:55:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-16 03:55:42 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-16 03:55:41 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-16 03:49:30 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-16 03:49:30 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-16 03:49:03 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-10-16 03:49:03 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-10-16 03:49:03 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-10-16 03:49:03 322560 ----a-w- C:\Windows\System32\aaclient.dll
2014-10-16 03:49:03 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-10-16 03:49:03 1125888 ----a-w- C:\Windows\System32\mstsc.exe
2014-10-16 03:49:03 1050112 ----a-w- C:\Windows\SysWow64\mstsc.exe
2014-10-16 03:49:02 5780480 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-16 03:49:02 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-10-16 03:46:31 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-16 03:46:31 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-13 04:36:27 -------- d-----w- C:\Users\Renegade\AppData\Roaming\WizardWars
2014-10-13 04:36:12 175136 ----a-w- C:\Windows\SysWow64\EasyAntiCheat.exe
2014-10-13 04:36:07 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2014-10-13 04:35:06 -------- d-----w- C:\ProgramData\Package Cache
2014-10-08 04:38:05 -------- d-----w- C:\Users\Renegade\AppData\Local\EdgeOfReality
2014-09-30 23:50:49 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-30 23:50:49 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-23 23:34:13 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-23 23:34:13 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2014-10-20 00:19:14 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-02 22:53:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 23:09:53 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-08-23 23:09:43 794408 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2014-08-23 23:09:43 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-12 01:41:04 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-07-25 09:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 06:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
.
============= FINISH: 19:44:38.78 ===============

Attach File

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/3/2013 3:05:05 AM
System Uptime: 10/22/2014 7:30:32 PM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | F1A55-M LX PLUS R2.0
Processor: AMD A8-3870 APU with Radeon(tm) HD Graphics | FM1 | 3000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 757.551 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP240: 10/16/2014 12:33:54 AM - Windows Update
RP241: 10/17/2014 11:39:56 PM - Checkpoint by HitmanPro
RP242: 10/18/2014 12:00:42 AM - Checkpoint by HitmanPro
RP243: 10/18/2014 12:00:55 AM - Checkpoint by HitmanPro
RP244: 10/18/2014 12:01:28 AM - Checkpoint by HitmanPro
RP245: 10/18/2014 12:01:59 AM - Checkpoint by HitmanPro
RP246: 10/18/2014 1:40:23 PM - Removed Microsoft Games for Windows - LIVE Redistributable
RP247: 10/18/2014 8:22:39 PM - avast! antivirus system restore point
RP248: 10/19/2014 11:40:11 AM - avast! antivirus system restore point
RP249: 10/21/2014 4:32:56 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 14 ActiveX
Adobe Reader X (10.1.11) MUI
AI Suite II
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
AMD Wireless Display v3.0
Audacity 2.0.5
Blacklight: Retribution
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Command & Conquer The First Decade
Construct 2 r173
Crysis WARHEAD(R)
Crysis Wars(R)
Crysis(R)
Doxillion Document Converter
Dragon Age: Origins
ESET Online Scanner v3
Fallout 3
Half-Life 2
HitmanPro 3.7
Java 7 Update 67
Java Auto Updater
Loadout
Magicka: Wizard Wars
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Halo
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
MixPad Multitrack Recording Software
Mozilla Firefox 32.0.3 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NBA 2K13
Need For Speed™ World
NVIDIA PhysX
PlanetSide 2
PunkBuster Services
Quake Live
Quake Live Internet Explorer Plugin
Raptr
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RollerCoaster Tycoon 2
Sansa Updater
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2883031) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2883032) 32-Bit Edition
Sid Meier's Civilization III Complete
Steam
Team Fortress 2
The Sims Complete Collection
Tribes: Ascend
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899475) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Audio Cable 4.10
VirtualCloneDrive
WavePad Sound Editor
WinCDEmu
WinRAR 5.00 (32-bit)
WinZip 16.5
.
==== Event Viewer Messages From Past Week ========
.
10/22/2014 7:37:16 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/22/2014 7:37:14 PM, Error: Service Control Manager [7031] - The WMI Performance Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/22/2014 7:37:06 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
10/22/2014 7:37:01 PM, Error: Service Control Manager [7034] - The ASUS Com Service service terminated unexpectedly. It has done this 1 time(s).
10/22/2014 7:37:00 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
10/22/2014 7:36:58 PM, Error: Service Control Manager [7034] - The ASUS System Control Service service terminated unexpectedly. It has done this 1 time(s).
10/22/2014 7:36:57 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
10/22/2014 7:36:53 PM, Error: Service Control Manager [7034] - The ASUS HM Com Service service terminated unexpectedly. It has done this 1 time(s).
10/22/2014 7:31:01 PM, Error: Service Control Manager [7034] - The AsusFanControlService service terminated unexpectedly. It has done this 1 time(s).
10/22/2014 7:30:59 PM, Error: Service Control Manager [7000] - The lirsgt service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
10/22/2014 7:30:58 PM, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
10/21/2014 7:04:44 PM, Error: Service Control Manager [7034] - The AsusFanControlService service terminated unexpectedly. It has done this 2 time(s).
10/21/2014 10:46:39 PM, Error: Schannel [36887] - The following fatal alert was received: 40.
10/19/2014 5:00:31 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
10/18/2014 7:35:40 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
10/18/2014 11:11:22 AM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2014 11:11:19 AM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2014 11:06:51 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
10/16/2014 6:51:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2952664).
.
==== End Of File ===========================
GhostfaceKilah
Active Member
 
Posts: 7
Joined: October 19th, 2014, 4:14 pm
Advertisement
Register to Remove

Re: Part 2: Dllhost.exe *32 Strangling Resources

Unread postby pgmigg » October 23rd, 2014, 10:45 am

Hello GhostfaceKilah,

I have removed the pirated software from my PC as requested. The link to my original topic is here: viewtopic.php?f=11&t=63168 . I will restate my problem below and include new logs.
Let see what we have now...

Step 1.
Run CKScanner
  1. You should still have CKScanner.exe on your Desktop.
  2. Double-click CKScanner.exe and click Search For Files.
  3. After a very short time, when the cursor hourglass disappears, click Save List To File.
  4. A message box will verify the file saved.
  5. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2.
You did not answer on my question during your first attempt here about type of your computer using - I will repeat it:
Please tell me is this computer used for any kind of business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Step 3.
Warning! License issue with Microsoft Office Enterprise 2007
The Microsoft Office Enterprise 2007 is not sold to individual home computer users and hence is not generally legal on a home computer.

Per our policy concerning illegally licensed software, I can offer you no further assistance as long as you have Microsoft Office Enterprise 2007 installed.

I strongly recommend that you uninstall Microsoft Office Enterprise 2007 however that choice is up to you.
  • If you choose NOT to remove this program, please indicate that in your next reply and ignore the remaining steps.
  • If you choose to remove this program then perform the following steps:
    1. Click on Start, then click the Start Search box on the Start Menu.
    2. Copy and paste the value below without the word Code: into the open text entry box:
      Code: Select all
       appwiz.cpl 
      and press Enter - the Unistall or change a program list will be opened.
    3. Right-click the MS Office Enterprise 2007 entry, choose Uninstall/Change and give permission to Continue.
  • Reboot (restart) your computer.

Step 4.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of CKFiles.txt log file
  3. Answers to my question related to type of using of your computer
  4. Contents of a OTL.txt log file
  5. Contents of a Extras.txt log file

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Part 2: Dllhost.exe *32 Strangling Resources

Unread postby GhostfaceKilah » October 23rd, 2014, 9:28 pm

Regarding your question, this computer is used for business, but it is not and never has been a part of a business or education network. As for Microsoft Office Professional 2007, I bought it online for a fairly inexpensive price. My understanding is that companies sold or gave away their unused 2007 edition software. I don't know exactly how the company that sold it to me obtained it, but I can assure you that it is not pirated software. I used a legitimate key and did not use any cracks for it. I know it is unusual to have Enterprise edition software on your PC and I get asked about it frequently, but that is the case with me.

I did not have any issues executing your instructions, except that I still can't download .exe files.

CKScanner

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\steam\steamapps\common\team fortress 2\config\html\local storage\http_www.crackle.com_0.localstorage
c:\program files (x86)\steam\steamapps\common\team fortress 2\tf\download\materials\sprites\trails\crackedbeam.vmt
c:\program files (x86)\steam\steamapps\common\team fortress 2\tf\download\materials\sprites\trails\crackedbeam.vtf
c:\program files (x86)\steam\steamapps\sourcemods\fortressforever\materials\ff\ff_wall_cement17_cracked_blue.vmt
c:\program files (x86)\steam\steamapps\sourcemods\fortressforever\materials\ff\ff_wall_cement17_cracked_blue.vtf
c:\program files (x86)\steam\steamapps\sourcemods\fortressforever\materials\ff\ff_wall_cement17_cracked_red.vmt
c:\program files (x86)\steam\steamapps\sourcemods\fortressforever\materials\ff\ff_wall_cement17_cracked_red.vtf
c:\program files (x86)\steam\steamapps\sourcemods\fortressforever\materials\ff_impact\blend_quarkscracks.vmt
c:\program files (x86)\steam\steamapps\sourcemods\fortressforever\materials\ff_impact\blend_quarkscracks_tooltexture.vtf
c:\program files (x86)\steam\steamapps\sourcemods\fortressforever\materials\ff_impact\crackfloor.vmt
c:\program files (x86)\steam\steamapps\sourcemods\fortressforever\materials\ff_impact\crackfloor.vtf
c:\program files (x86)\steam\steamapps\sourcemods\fortressforever\materials\ff_impact\crackfloor_normal.vtf
scanner sequence 3.FF.11.CFCPCA
----- EOF -----

OTL

OTL logfile created on: 10/23/2014 6:15:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Renegade\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.46 Gb Total Physical Memory | 4.90 Gb Available Physical Memory | 65.71% Memory free
14.92 Gb Paging File | 12.09 Gb Available in Paging File | 81.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 754.98 Gb Free Space | 81.06% Space Free | Partition Type: NTFS
Drive D: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.77 Gb Total Space | 0.58 Gb Free Space | 15.37% Space Free | Partition Type: FAT32

Computer Name: AFTERMATH | User Name: Renegade | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/10/23 18:13:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Renegade\Desktop\OTL.exe
PRC - [2014/10/06 19:54:03 | 000,810,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/13 07:31:24 | 000,378,368 | ---- | M] () -- C:\Windows\SysWOW64\gpsort.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/09/18 18:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/28 22:30:42 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/03/28 18:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/10/06 22:22:23 | 000,175,136 | ---- | M] (EasyAntiCheat Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\EasyAntiCheat.exe -- (EasyAntiCheat)
SRV - [2014/09/23 22:09:08 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/22 21:32:08 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/03/20 15:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/01 02:42:18 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc)
SRV - [2012/06/01 02:42:18 | 000,920,736 | R--- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe -- (asComSvc)
SRV - [2012/05/18 01:15:31 | 000,324,608 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2012/02/16 23:26:00 | 000,149,120 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/06/22 20:14:26 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2014/01/03 12:43:53 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2014/01/03 12:43:53 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013/07/24 08:02:55 | 000,034,816 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013/03/28 19:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/03/28 18:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/03/04 05:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2012/09/14 09:32:18 | 000,095,344 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2012/09/14 09:32:16 | 000,021,872 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/12 07:00:48 | 000,726,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/05/30 20:06:14 | 000,032,400 | R--- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndisrd.sys -- (ndisrd)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/08 11:13:12 | 000,198,480 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/09/19 13:57:36 | 000,142,336 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (DCamUSBVM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4237216898-264680874-324243060-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4237216898-264680874-324243060-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-4237216898-264680874-324243060-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4237216898-264680874-324243060-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4237216898-264680874-324243060-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4237216898-264680874-324243060-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-4237216898-264680874-324243060-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: clipconverter%40clipconverter.cc:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/10/12 18:10:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Renegade\AppData\Roaming\Mozilla\Extensions
[2014/10/12 22:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Renegade\AppData\Roaming\Mozilla\Firefox\Profiles\oqbmw1l7.default\extensions
[2014/10/12 22:43:48 | 000,010,370 | ---- | M] () (No name found) -- C:\Users\Renegade\AppData\Roaming\Mozilla\Firefox\Profiles\oqbmw1l7.default\extensions\clipconverter@clipconverter.cc.xpi
[2014/10/12 18:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/10/12 18:10:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www.mail.ru/cnt/9516
CHR - Extension: No name found = C:\Users\Renegade\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaocgokledfmfebefgbeokdodbbdjhdd\1.262_0\
CHR - Extension: No name found = C:\Users\Renegade\AppData\Local\Google\Chrome\User Data\Default\Extensions\jflomnhmiiipomjgphnipjdhikhakhld\1\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4237216898-264680874-324243060-1000..\Run: [SansaDispatch] C:\Users\Renegade\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4237216898-264680874-324243060-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4237216898-264680874-324243060-1000\..Trusted Domains: eset.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-4237216898-264680874-324243060-1000\..Trusted Domains: eset.eu ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-4237216898-264680874-324243060-1000\..Trusted Domains: freechess.org ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-4237216898-264680874-324243060-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4237216898-264680874-324243060-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4237216898-264680874-324243060-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{310F3A00-3F78-4A22-81F7-7F34C0288745}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - AppInit_DLLs: (gpcloud.dll) - C:\Windows\gpcloud.dll ()
O20 - AppInit_DLLs: (gpsort.dll) - C:\Windows\SysWow64\gpsort.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/16 15:13:07 | 001,246,440 | R--- | M] (BioWare) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/04/13 20:17:18 | 000,000,058 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{992b6587-499a-11e3-8414-50465d07c4e4}\Shell - "" = AutoRun
O33 - MountPoints2\{992b6587-499a-11e3-8414-50465d07c4e4}\Shell\AutoRun\command - "" = V:\SETUP.EXE
O33 - MountPoints2\{992b6587-499a-11e3-8414-50465d07c4e4}\Shell\configure\command - "" = V:\SETUP.EXE
O33 - MountPoints2\{992b6587-499a-11e3-8414-50465d07c4e4}\Shell\install\command - "" = V:\SETUP.EXE
O33 - MountPoints2\{d0ce389b-6ed1-11e2-b6a6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d0ce389b-6ed1-11e2-b6a6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2009/07/16 15:13:07 | 001,246,440 | R--- | M] (BioWare)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/10/23 18:14:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Renegade\Desktop\OTL.exe
[2014/10/21 23:46:38 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2014/10/21 23:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2014/10/21 23:30:56 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Renegade\Desktop\MGADiag.exe
[2014/10/21 23:30:45 | 000,509,440 | ---- | C] (Tech Support Guy System) -- C:\Users\Renegade\Desktop\SysInfo.exe
[2014/10/19 17:20:34 | 000,000,000 | ---D | C] -- C:\Users\Renegade\Desktop\FRST-OlderVersion
[2014/10/18 20:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/10/18 20:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2014/10/18 14:35:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/10/18 12:16:23 | 000,000,000 | ---D | C] -- C:\FRST
[2014/10/18 12:16:08 | 002,112,512 | ---- | C] (Farbar) -- C:\Users\Renegade\Desktop\FRST64.exe
[2014/10/18 11:20:38 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Renegade\Desktop\dds.com
[2014/10/18 00:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/10/17 23:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/10/17 23:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/10/15 21:02:52 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/10/15 21:02:52 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/10/15 21:02:52 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/10/15 21:02:52 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/10/15 21:02:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/10/15 21:02:52 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/10/15 21:02:51 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/10/15 21:02:51 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/10/15 21:02:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/10/15 21:02:50 | 002,017,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/10/15 21:02:50 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/10/15 21:02:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/10/15 21:02:49 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/10/15 21:02:49 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/10/15 21:02:49 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/10/15 21:02:49 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/10/15 21:02:49 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/10/15 21:02:48 | 002,108,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/10/15 21:02:48 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/10/15 21:02:48 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/10/15 21:02:47 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/10/15 21:02:47 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/10/15 21:02:47 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/10/15 21:02:47 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/10/15 21:02:46 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/10/15 21:02:46 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/10/15 21:02:46 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/10/15 21:02:46 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/10/15 21:02:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/10/15 21:02:45 | 005,829,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/10/15 21:02:45 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/10/15 21:02:45 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/10/15 21:02:45 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/10/15 21:02:45 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/10/15 21:02:44 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/10/15 20:57:17 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/10/15 20:57:17 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/10/15 20:57:17 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/10/15 20:57:17 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/10/15 20:57:17 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/10/15 20:57:17 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/10/15 20:56:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDYAK.DLL
[2014/10/15 20:56:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDYAK.DLL
[2014/10/15 20:56:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAT.DLL
[2014/10/15 20:56:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAT.DLL
[2014/10/15 20:56:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU1.DLL
[2014/10/15 20:56:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2014/10/15 20:56:15 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU1.DLL
[2014/10/15 20:56:15 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU.DLL
[2014/10/15 20:56:15 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU.DLL
[2014/10/15 20:56:15 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2014/10/15 20:55:42 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/10/15 20:55:42 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/10/15 20:55:41 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/15 20:49:30 | 003,241,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/10/15 20:49:03 | 004,922,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/10/15 20:49:03 | 001,125,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/10/15 20:49:03 | 001,050,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/10/15 20:49:03 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2014/10/15 20:49:03 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2014/10/15 20:49:03 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2014/10/15 20:49:03 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2014/10/15 20:49:02 | 005,780,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/10/15 20:49:02 | 003,179,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/10/15 20:47:43 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2014/10/15 20:47:43 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2014/10/15 20:47:18 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/10/15 20:47:18 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
[2014/10/15 20:47:18 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2014/10/15 20:46:31 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/15 20:46:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/10/12 21:36:27 | 000,000,000 | ---D | C] -- C:\Users\Renegade\AppData\Roaming\WizardWars
[2014/10/12 21:36:12 | 000,175,136 | ---- | C] (EasyAntiCheat Ltd) -- C:\Windows\SysWow64\EasyAntiCheat.exe
[2014/10/12 21:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2014/10/12 21:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014/10/12 21:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/10/12 18:10:35 | 000,000,000 | ---D | C] -- C:\Users\Renegade\AppData\Roaming\Mozilla
[2014/10/12 18:10:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/10/12 18:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/10/07 21:38:05 | 000,000,000 | ---D | C] -- C:\Users\Renegade\AppData\Local\EdgeOfReality
[2014/09/30 16:50:49 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/09/30 16:50:49 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/10/23 18:13:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Renegade\Desktop\OTL.exe
[2014/10/23 17:28:58 | 000,025,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/23 17:28:58 | 000,025,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/23 17:19:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/23 17:19:36 | 1712,267,263 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/21 23:28:40 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Users\Renegade\Desktop\SysInfo.exe
[2014/10/21 23:28:18 | 003,514,358 | ---- | M] () -- C:\Users\Renegade\Desktop\WVCheck.exe
[2014/10/21 23:27:42 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Renegade\Desktop\MGADiag.exe
[2014/10/21 23:27:08 | 000,468,480 | ---- | M] () -- C:\Users\Renegade\Desktop\CKScanner.exe
[2014/10/21 19:14:05 | 000,196,479 | ---- | M] () -- C:\Users\Renegade\Desktop\1.jpeg
[2014/10/21 19:13:30 | 000,338,959 | ---- | M] () -- C:\Users\Renegade\Desktop\2.jpeg
[2014/10/19 20:07:10 | 000,014,206 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/10/19 17:20:34 | 002,112,512 | ---- | M] (Farbar) -- C:\Users\Renegade\Desktop\FRST64.exe
[2014/10/19 17:19:14 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/18 14:35:25 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/10/18 13:41:12 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2014/10/18 11:20:48 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Renegade\Desktop\dds.com
[2014/10/17 23:32:26 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/10/17 23:19:26 | 000,007,629 | ---- | M] () -- C:\Users\Renegade\AppData\Local\Resmon.ResmonCfg
[2014/10/16 18:47:02 | 000,418,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/12 18:10:30 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/10/09 19:05:59 | 000,276,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/10/09 19:05:42 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/10/09 19:00:38 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/06 22:22:23 | 000,175,136 | ---- | M] (EasyAntiCheat Ltd) -- C:\Windows\SysWow64\EasyAntiCheat.exe
[2014/10/05 18:29:31 | 000,000,222 | ---- | M] () -- C:\Users\Renegade\Desktop\Loadout.url
[2014/10/05 18:15:40 | 000,000,222 | ---- | M] () -- C:\Users\Renegade\Desktop\Magicka Wizard Wars.url
[2014/09/25 15:46:19 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/25 15:32:04 | 002,017,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/25 15:31:02 | 002,108,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/24 19:08:38 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/09/24 18:40:50 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/10/21 23:30:58 | 003,514,358 | ---- | C] () -- C:\Users\Renegade\Desktop\WVCheck.exe
[2014/10/21 23:30:51 | 000,468,480 | ---- | C] () -- C:\Users\Renegade\Desktop\CKScanner.exe
[2014/10/21 19:14:31 | 000,338,959 | ---- | C] () -- C:\Users\Renegade\Desktop\2.jpeg
[2014/10/21 19:14:25 | 000,196,479 | ---- | C] () -- C:\Users\Renegade\Desktop\1.jpeg
[2014/10/19 20:03:45 | 000,014,206 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/10/18 13:41:07 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/10/17 23:32:26 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/10/17 23:19:26 | 000,007,629 | ---- | C] () -- C:\Users\Renegade\AppData\Local\Resmon.ResmonCfg
[2014/10/12 18:10:30 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/10/12 18:10:30 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/10/05 18:29:31 | 000,000,222 | ---- | C] () -- C:\Users\Renegade\Desktop\Loadout.url
[2014/10/05 18:15:40 | 000,000,222 | ---- | C] () -- C:\Users\Renegade\Desktop\Magicka Wizard Wars.url
[2014/09/16 23:10:07 | 000,004,608 | ---- | C] () -- C:\Users\Renegade\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/08/23 16:09:45 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/08/23 16:09:43 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/12/18 11:47:53 | 000,449,024 | ---- | C] () -- C:\Windows\gpcloud.dll
[2013/12/18 11:47:53 | 000,378,368 | ---- | C] () -- C:\Windows\SysWow64\gpsort.dll
[2013/12/14 18:17:31 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2013/03/28 19:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/28 19:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/02/22 20:04:44 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2013/02/22 17:43:37 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2013/02/22 17:06:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/02/22 16:31:43 | 006,285,648 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2013/02/08 09:35:59 | 000,000,096 | ---- | C] () -- C:\Users\Renegade\AppData\Local\fusioncache.dat
[2013/02/08 09:30:12 | 000,787,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/08 08:38:02 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/02/03 03:15:15 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013/02/03 03:15:14 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013/02/03 03:10:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/02/03 03:10:24 | 000,037,937 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/12/19 12:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/12/19 12:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 19:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/08 23:25:36 | 000,000,000 | ---D | M] -- C:\Users\Renegade\AppData\Roaming\2K Sports
[2013/12/22 20:36:25 | 000,000,000 | ---D | M] -- C:\Users\Renegade\AppData\Roaming\Audacity
[2013/05/03 20:36:57 | 000,000,000 | ---D | M] -- C:\Users\Renegade\AppData\Roaming\Awesomium
[2014/08/04 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\Renegade\AppData\Roaming\Construct2
[2014/07/09 18:15:00 | 000,000,000 | ---D | M] -- C:\Users\Renegade\AppData\Roaming\library_dir
[2013/12/27 21:07:38 | 000,000,000 | ---D | M] -- C:\Users\Renegade\AppData\Roaming\openvr
[2014/09/02 11:05:41 | 000,000,000 | ---D | M] -- C:\Users\Renegade\AppData\Roaming\Raptr
[2014/05/28 21:54:17 | 000,000,000 | ---D | M] -- C:\Users\Renegade\AppData\Roaming\SanDisk
[2014/10/12 21:36:31 | 000,000,000 | ---D | M] -- C:\Users\Renegade\AppData\Roaming\WizardWars

========== Purity Check ==========
GhostfaceKilah
Active Member
 
Posts: 7
Joined: October 19th, 2014, 4:14 pm

Re: Part 2: Dllhost.exe *32 Strangling Resources

Unread postby GhostfaceKilah » October 23rd, 2014, 9:29 pm

Extras

OTL Extras logfile created on: 10/23/2014 6:15:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Renegade\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.46 Gb Total Physical Memory | 4.90 Gb Available Physical Memory | 65.71% Memory free
14.92 Gb Paging File | 12.09 Gb Available in Paging File | 81.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 754.98 Gb Free Space | 81.06% Space Free | Partition Type: NTFS
Drive D: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.77 Gb Total Space | 0.58 Gb Free Space | 15.37% Space Free | Partition Type: FAT32

Computer Name: AFTERMATH | User Name: Renegade | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012D70BE-7D25-4BF9-806D-8E61BFD7764A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08DF0A38-098D-4D87-B332-380CFAF2050A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A1DD32A-5D47-4A94-8C07-94E41BFF0857}" = rport=138 | protocol=17 | dir=out | app=system |
"{1F4553A3-00FD-40DB-AD80-5514280CBF83}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F503C0B-58A1-466D-8A88-F4FCAF01D54B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{32C245A0-6CBD-42B0-831B-640884BFE911}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B54790C-685B-4769-AB16-B4F221061879}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5251CE69-9561-4FEB-BC38-95A18692BB96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58A92700-9931-4F05-89EA-820AC88D6051}" = rport=137 | protocol=17 | dir=out | app=system |
"{68068169-62F1-42CA-85CD-7CF6EA386688}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9051FD38-094D-4075-87FC-677FCC3ACD48}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9510BF63-55AF-4789-A692-AFCF3B31E9E4}" = rport=139 | protocol=6 | dir=out | app=system |
"{9ADE4667-89EC-4957-B378-0A4AC8B33A9A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B952006B-2B2D-4A64-80BC-69C9AB968EB6}" = lport=138 | protocol=17 | dir=in | app=system |
"{BC4BA70E-6E4B-49E1-811E-3C6606C05BBA}" = lport=137 | protocol=17 | dir=in | app=system |
"{BFE58E0B-5F48-4059-9321-DB7407533E92}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CFD2CC54-E7AF-4BE8-9CEF-2EFF0C915D68}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E8FEAA06-9192-4F23-9CD6-5D4C75C3C207}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED3DD0AA-4108-4FBC-925B-44C5D309A71C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EF0EF46B-A754-4882-AAEA-16333DECDD52}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F12EC4B4-1926-4F12-8EB1-31CAE5CBFB3A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAE148E8-FF73-410B-B52E-750387FF62A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB1BDD7B-ACF9-426F-B3F2-795349E2D421}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE20BCA4-1175-4264-80F0-553A901C07A2}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AD01EF-19F5-40D4-B83B-A96AB1402870}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{00FF14F9-5B0F-4327-BA08-4B03A8D93949}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{02A2A01F-DD81-4DD1-BE19-C25C5FE64130}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{05A34CBC-78BA-41CE-8281-71FA3FD38C44}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{09159CD9-61E0-4ADE-89EF-8F4741CC8542}" = protocol=6 | dir=in | app=c:\program files (x86)\2k sports\nba 2k13\nba2k13.exe |
"{0ECF231D-D9DD-4FEA-8DD5-8B0A93CBB8DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\loadout\loadout.exe |
"{10E1D333-0C66-4B32-8185-CBE592137615}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{170A4B09-F8CF-444C-B1CC-D3923A3B48FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1C2EC655-2A2F-4F05-9C2D-67577BB19568}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe |
"{1F750B10-07FA-4226-A72D-915471DB1B1A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{20025E50-5411-4821-840A-67625CBB01FB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{22A71078-3479-4817-B854-BF33640B9F12}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{2F1560B9-5418-4F46-9209-79E69C171827}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{2FD2A02C-5909-476A-BE18-9DB9E5F8B85B}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{39BBE9F8-01F5-4FE5-B571-4F76D88BF1F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magickawizardwars\wizardwarslauncher.exe |
"{3CD9C9D1-A047-49C4-B3A5-66FC2218EE69}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D16D1BD-9AA8-4257-9EAB-C95CC938AB79}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{3DC3E83B-9BA5-4753-996E-A0B8E09C56AE}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{3E9EACE9-36C4-408A-B928-AF18CE2963AD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4133957B-F10D-455E-8698-DCC6B6C2A9DF}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{44AF89EB-FBF8-490F-A16A-D09F7A9D9F76}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{471FDDF0-9106-46D4-987A-7D4149E1E1C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe |
"{4AA42FA2-C83C-4790-9BED-F85655747C0A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{4CF7185A-5CB5-46F7-B1DE-D9C2DD0A2F84}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{56CBF2FA-D888-4E28-AE99-BB9E1294B6AA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5881C505-100F-4630-B108-115F2CDA5F73}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{5B67D168-FEA7-4B11-8A64-D344ACC12597}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{656E81B4-EA1A-4D44-907B-5FCEF9004E0B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6EA9F980-3FC9-435C-BE64-386E5F17F3EE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6EB2D272-646A-4858-AE4D-7BC74D5E8947}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{70BCA48C-18EB-4845-AEE8-E0C107D5A34D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\uberlauncher.exe |
"{72F4FE04-E00C-447D-AD85-A4827A7004A1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{7E1334EB-9A02-443D-9782-B1088380C830}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{80DFD929-0328-450F-89A1-9A3651D5B6D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
"{8715DDD9-C05F-4872-A990-BD1FF049E8BE}" = protocol=17 | dir=in | app=c:\program files (x86)\2k sports\nba 2k13\nba2k13.exe |
"{908074B3-02D4-45D2-9B1A-D1F8198E8231}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9381EC6D-8782-4594-9977-5529B4C6CBAD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{93F3C9CF-4062-413C-B9AE-DDD77357728C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
"{9505D165-AD18-49C8-8833-8E1A16E9B817}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{97AFE296-4AD3-42BB-A3C9-0C878711F5CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\uberlauncher.exe |
"{98E0A244-5722-4321-8E83-59B5D5BB0890}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{9C838E6A-52D7-4C96-B28A-631A080124F6}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{9E111AFF-828C-4731-B6FA-DE55D2EEEB54}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{9F5185A8-2117-4E3D-9AE1-ECFC0ACAC613}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0A6EC60-A8A9-47A7-82B9-C6E2EC6427D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
"{A4348272-6A0A-4475-A88A-4D0042BAC903}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A7AC3494-BBF0-49AF-9117-458A9D939B23}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{A8FF7A67-8228-4992-8F8E-7BE4B152741D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9E84C47-E5C0-402B-B8C7-CDE227C594D4}" = protocol=6 | dir=out | app=system |
"{AD2A8A07-608C-4C78-A4B4-89610F98E1D3}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{AE3F2CEE-DDAE-4C86-A55A-C0328F8DBCB3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AECC0A69-D2BC-4409-8378-D0D3CBB73F14}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{B07BDAEA-6FEF-4D97-B83F-BC864D685D9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B10FF816-2C3C-4708-AEA8-1FC01031BA94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1D36075-8700-40FD-8C07-2CEA0CA0D291}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magickawizardwars\wizardwarslauncher.exe |
"{B493A9C4-2B6E-4F04-90A3-BDB00F254E70}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{B698DE3E-BC74-4ABC-8173-FAF099527CCF}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{B98C975D-70CE-4444-B6A3-792DEEC5E332}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
"{BC1EDC9D-6FFA-4D95-AD84-D9AE080482F7}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{BCF5051A-4386-413D-A004-21EB4E78B16E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe |
"{BE94D576-70C3-4B68-96B1-21CC8C74433B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C1872D44-350E-43A5-A175-B03636E85ED0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2D414CF-080E-4F66-A59D-CECACC7AF31C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C3C7184B-33C4-4717-B068-043FE3E84F1B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C60A5B1D-536D-4C4A-AC70-1263205FD2ED}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C661DE7C-F26E-455E-97E6-A9396B200A57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\loadout\loadout.exe |
"{C74F0120-C292-450D-A40F-3E25741D355D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CE1630FD-5E1F-4B65-B371-D55B118AE8DF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CE67E3A7-763B-4F2B-AAE6-D5900659D6F3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CEA047F7-260F-4C84-8C08-8BB51797F83B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CFF39BD2-B4ED-483E-96B4-EBC408CA155A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{D5B48B17-33FB-45BD-8805-0707D48713FD}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{D6930590-65A8-4285-BC53-144F8E62DB38}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{D9FFF4AF-2EFA-4398-B818-11C000703F64}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{DA799206-57C2-4C37-BDDF-32748E1EB19C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe |
"{E782D7A0-2130-435E-AEA3-B539EE971464}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F04E2502-C545-4063-BE77-EE69FC2C63E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F8BA7F92-429B-4E7E-9230-3601890A2C2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{FC1CED33-6C06-47EE-8EB7-2031A94FD8F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"TCP Query User{12AB6B6C-FEED-425A-B085-0CA37E54A772}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{1B3741D7-A1CE-4C10-BFBE-C0B3E6FF3EFB}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{2DFA4CDD-3DB9-4347-87D9-77E67AA4442B}C:\program files (x86)\steam\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe |
"TCP Query User{3A0262BD-5945-48F4-BEEE-36D37C0A9C2C}C:\users\renegade\documents\age\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\renegade\documents\age\age2_x1\age2_x1.exe |
"TCP Query User{3B0F6C19-438A-488A-8798-F2F2FD443ED4}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe |
"TCP Query User{6473A110-6B34-4554-A175-4D9C960D96B5}C:\program files (x86)\ea games\command & conquer the first decade\command & conquer renegade(tm)\renegade\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\command & conquer the first decade\command & conquer renegade(tm)\renegade\game.exe |
"TCP Query User{66FE917D-F8F3-4E63-BFF9-8AEF7BFE4ACF}C:\program files (x86)\ubisoft\heroes of might and magic v\bin\h5_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic v\bin\h5_game.exe |
"TCP Query User{8CBA8FE4-3C4F-454D-AC80-F28F190E1A78}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"TCP Query User{95609B24-FE9E-47B7-81A2-EDED3C0F2EF0}C:\users\renegade\documents\age\empires2.exe" = protocol=6 | dir=in | app=c:\users\renegade\documents\age\empires2.exe |
"TCP Query User{9FB96D07-3C63-4F94-87BA-A3B606C7B397}C:\program files (x86)\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe |
"TCP Query User{A45FF5EF-890B-4944-958F-382A8BAC36F7}C:\program files (x86)\steam\steamapps\general_crysis\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\general_crysis\team fortress 2\hl2.exe |
"TCP Query User{A7C2A954-1C2C-468B-ADC7-B142068EFADC}C:\users\renegade\appdata\local\id software\quakelive\quakelive.exe" = protocol=6 | dir=in | app=c:\users\renegade\appdata\local\id software\quakelive\quakelive.exe |
"TCP Query User{BCF2876B-7B6B-49DF-8854-C49D96A41840}C:\program files (x86)\ea games\command & conquer the first decade\command & conquer red alert(tm) ii\ra2\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\command & conquer the first decade\command & conquer red alert(tm) ii\ra2\game.exe |
"UDP Query User{1141C55B-D146-42D8-AFC0-3BB100181753}C:\program files (x86)\steam\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe |
"UDP Query User{163048CC-10CB-440A-923B-17ED02877E5F}C:\program files (x86)\ea games\command & conquer the first decade\command & conquer red alert(tm) ii\ra2\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\command & conquer the first decade\command & conquer red alert(tm) ii\ra2\game.exe |
"UDP Query User{3D2E72EA-47A4-43D9-B2BB-BDFC0B66ED6B}C:\users\renegade\documents\age\empires2.exe" = protocol=17 | dir=in | app=c:\users\renegade\documents\age\empires2.exe |
"UDP Query User{3ED56CED-B4A0-44E5-9B8F-4EE2C552440B}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{513E0FE9-864E-4AC4-A402-9081D73727FF}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{7ACB1828-9CB0-4781-A7D7-646CD2BD4867}C:\program files (x86)\steam\steamapps\general_crysis\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\general_crysis\team fortress 2\hl2.exe |
"UDP Query User{85FA6E55-97E8-4493-A9C4-7FB46128E9AF}C:\users\renegade\appdata\local\id software\quakelive\quakelive.exe" = protocol=17 | dir=in | app=c:\users\renegade\appdata\local\id software\quakelive\quakelive.exe |
"UDP Query User{8BC95C7A-662D-4208-98D6-2425E41A6BDC}C:\users\renegade\documents\age\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\renegade\documents\age\age2_x1\age2_x1.exe |
"UDP Query User{9BB52189-C48F-4565-976A-7CA0AD8C41D3}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{BA33E080-F5E2-4CE2-9C43-849821DC218F}C:\program files (x86)\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe |
"UDP Query User{D988E179-B113-4872-874E-BFC9CFD642CC}C:\program files (x86)\ea games\command & conquer the first decade\command & conquer renegade(tm)\renegade\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\command & conquer the first decade\command & conquer renegade(tm)\renegade\game.exe |
"UDP Query User{DA437DAB-5E24-4CBA-9205-25D1CEAECCDD}C:\program files (x86)\ubisoft\heroes of might and magic v\bin\h5_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic v\bin\h5_game.exe |
"UDP Query User{F77F8E72-98F3-449E-B82F-92FD0B6F0E1D}C:\program files (x86)\microsoft games\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo\halo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}" = AMD Catalyst Install Manager
"{44610EE0-C908-D8F1-425D-914A5B745DEA}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7BC4167C-BD93-55BD-3C97-53D49764B89E}" = ccc-utility64
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81F9BAD3-8695-87CE-F7FB-E0C2DAE248E8}" = AMD Media Foundation Decoders
"{833F5E6D-6E01-11D1-978E-6DFBCEF72570}" = AMD Steady Video Plug-In
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{93CC7ABC-A87B-6AB2-9E6D-073B5FF2A794}" = AMD Accelerated Video Transcoding
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BE090376-7EC6-3760-1EE2-B08AE3BEEF8C}" = AMD Fuel
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{D386FE62-CD8D-C8E0-DCA7-ED5FCAB476A5}" = AMD Wireless Display v3.0
"Construct 2_is1" = Construct 2 r173
"HitmanPro37" = HitmanPro 3.7
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{036A2AC2-5514-1499-8F0E-48009132658F}" = CCC Help Portuguese
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0685213E-9FF3-1368-37E3-5CECB5A0708C}" = CCC Help Russian
"{07CD994D-2144-41B9-5C2C-A85B40EBBA51}" = CCC Help Finnish
"{0F747F46-57A0-6CD3-A234-BD4E46F2BFEB}" = CCC Help Polish
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1EB8D6DC-DA9E-837D-C31A-0FCE20E1EF76}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{295E13D5-2CCE-C01B-4E21-F41F543CF2C2}" = CCC Help Spanish
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{384E9F9A-4E8C-562C-E6D1-E494F9CADF7C}" = CCC Help Korean
"{3C249872-D97C-62F9-A3E2-F7AAAC07BEF8}" = CCC Help Chinese Traditional
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{45160C56-61F6-468D-A5B0-9FAE2C3E68D6}" = Catalyst Control Center - Branding
"{45B2C1A3-2050-0BC1-0A90-50EB4A7E77A8}" = CCC Help Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB8B7F6-726B-2301-DD5A-067F95A8A48F}" = CCC Help German
"{528EFF5D-2209-B614-40C0-5D87F73F3E8D}" = CCC Help French
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{58ECCB6B-73FB-CBBA-42FC-91659DFA342C}" = CCC Help Chinese Standard
"{6547BC5F-1FC4-CD5D-3783-45370C980043}" = AMD VISION Engine Control Center
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{752EEDEB-8605-8E51-2135-48AF996C8DFC}" = CCC Help English
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8D962C94-3D7C-2163-B37E-9CB48B7D1DCD}" = CCC Help Dutch
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A392A7FE-2216-4F7B-AF2F-24F1533DB860}" = Quake Live Internet Explorer Plugin
"{A6F818D2-85B7-84E2-C33C-8E74D747AD55}" = CCC Help Greek
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.11) MUI
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B8230940-0DCC-E180-5744-4442F6C0CA28}" = CCC Help Thai
"{C123749C-23EC-62DB-A5FD-1ED5BC359AAF}" = CCC Help Japanese
"{C218AFCB-7EAB-FEC3-6552-FF090B3FD0A1}" = CCC Help Czech
"{C533DBF1-3A98-5D7D-B6CA-59CC1816F38C}" = CCC Help Italian
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D29491A3-BA85-F712-5C8D-B7E6803FEAD7}" = CCC Help Hungarian
"{D96B6543-A0C0-4351-AF96-73DEF1DD6820}" = NBA 2K13
"{D9A1A69D-D788-12C5-3218-64EFB8C6ACFD}" = Catalyst Control Center Graphics Previews Common
"{E745587A-2ED8-BA64-680E-BC35BE223275}" = CCC Help Danish
"{EA92CB68-9667-343A-1F53-B039583F2A3A}" = Catalyst Control Center InstallProxy
"{EC6004A3-B6E7-9728-55E8-508ABE51798F}" = CCC Help Norwegian
"{EDAA1085-C196-29B1-48B0-B82B72114001}" = CCC Help Swedish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}" = The Sims Complete Collection
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Audacity_is1" = Audacity 2.0.5
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis Wars(R)" = Crysis Wars(R)
"Doxillion" = Doxillion Document Converter
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Halo" = Microsoft Halo
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"MixPad" = MixPad Multitrack Recording Software
"Mozilla Firefox 32.0.3 (x86 en-US)" = Mozilla Firefox 32.0.3 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PunkBusterSvc" = PunkBuster Services
"Quake Live" = Quake Live
"Raptr" = Raptr
"Sid Meier's Civilization III Complete_is1" = Sid Meier's Civilization III Complete
"Steam App 17080" = Tribes: Ascend
"Steam App 202090" = Magicka: Wizard Wars
"Steam App 208090" = Loadout
"Steam App 209870" = Blacklight: Retribution
"Steam App 218230" = PlanetSide 2
"Steam App 220" = Half-Life 2
"Steam App 440" = Team Fortress 2
"VirtualCloneDrive" = VirtualCloneDrive
"WavePad" = WavePad Sound Editor
"WinCDEmu" = WinCDEmu
"WinRAR archiver" = WinRAR 5.00 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4237216898-264680874-324243060-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/21/2014 10:13:55 PM | Computer Name = Aftermath | Source = Application Error | ID = 1000
Description = Faulting application name: wmprph.exe, version: 12.0.7600.16385, time
stamp: 0x4a5bd018 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0x1108 Faulting
application start time: 0x01cfed9d6817a8b1 Faulting application path: C:\Program
Files\Windows Media Player\wmprph.exe Faulting module path: unknown Report Id: 12a3a4ec-5991-11e4-b8e3-50465d07c4e4

Error - 10/21/2014 10:25:22 PM | Computer Name = Aftermath | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 8b4 Start
Time: 01cfed9c8a6d702e Termination Time: 0 Application Path: C:\Windows\Explorer.EXE

Report
Id:

Error - 10/22/2014 10:31:01 PM | Computer Name = Aftermath | Source = Application Error | ID = 1000
Description = Faulting application name: AsusFanControlService.exe, version: 1.0.0.7,
time stamp: 0x4fb60522 Faulting module name: AsusFanControlService.exe, version:
1.0.0.7, time stamp: 0x4fb60522 Exception code: 0xc0000417 Fault offset: 0x00024473
Faulting
process id: 0x740 Faulting application start time: 0x01cfee695d7a537b Faulting application
path: C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
Faulting
module path: C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
Report
Id: a09632a0-5a5c-11e4-8be0-50465d07c4e4

Error - 10/22/2014 10:31:01 PM | Computer Name = Aftermath | Source = Application Error | ID = 1000
Description = Faulting application name: EPUHelp.exe, version: 1.0.0.31, time stamp:
0x00000000 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp:
0x53159a86 Exception code: 0x0eedfade Fault offset: 0x0000c42d Faulting process id:
0x90c Faulting application start time: 0x01cfee6962ad5a38 Faulting application path:
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: a0c272c4-5a5c-11e4-8be0-50465d07c4e4

Error - 10/22/2014 10:36:43 PM | Computer Name = Aftermath | Source = Application Hang | ID = 1002
Description = The program CKScanner.exe version 2.4.2.1 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 15dc Start
Time: 01cfee6a19b58051 Termination Time: 0 Application Path: C:\Users\Renegade\Desktop\CKScanner.exe

Report
Id: 61dd988b-5a5d-11e4-8be0-50465d07c4e4

Error - 10/22/2014 11:12:58 PM | Computer Name = Aftermath | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17344,
time stamp: 0x4a5bc6b7 Faulting module name: MSHTML.dll, version: 11.0.9600.17344,
time stamp: 0x541b8a22 Exception code: 0xc00000fd Fault offset: 0x00094765 Faulting
process id: 0x980 Faulting application start time: 0x01cfee6ea3e8babd Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 7cdd4b92-5a62-11e4-8be0-50465d07c4e4

Error - 10/22/2014 11:42:16 PM | Computer Name = Aftermath | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17344,
time stamp: 0x4a5bc6b7 Faulting module name: MSHTML.dll, version: 11.0.9600.17344,
time stamp: 0x541b8a22 Exception code: 0xc00000fd Fault offset: 0x000b1dd3 Faulting
process id: 0x16a0 Faulting application start time: 0x01cfee732c29d032 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 94ae4d37-5a66-11e4-8be0-50465d07c4e4

Error - 10/23/2014 8:19:51 PM | Computer Name = Aftermath | Source = Application Error | ID = 1000
Description = Faulting application name: AsusFanControlService.exe, version: 1.0.0.7,
time stamp: 0x4fb60522 Faulting module name: AsusFanControlService.exe, version:
1.0.0.7, time stamp: 0x4fb60522 Exception code: 0xc0000417 Fault offset: 0x00024473
Faulting
process id: 0x728 Faulting application start time: 0x01cfef20361ed687 Faulting application
path: C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
Faulting
module path: C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
Report
Id: 78017a08-5b13-11e4-92bd-50465d07c4e4

Error - 10/23/2014 8:20:37 PM | Computer Name = Aftermath | Source = Application Error | ID = 1000
Description = Faulting application name: AsusFanControlService.exe, version: 1.0.0.7,
time stamp: 0x4fb60522 Faulting module name: AsusFanControlService.exe, version:
1.0.0.7, time stamp: 0x4fb60522 Exception code: 0xc0000417 Fault offset: 0x00024473
Faulting
process id: 0xe70 Faulting application start time: 0x01cfef2055c982c9 Faulting application
path: C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
Faulting
module path: C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
Report
Id: 9387826b-5b13-11e4-92bd-50465d07c4e4

Error - 10/23/2014 8:20:37 PM | Computer Name = Aftermath | Source = Application Error | ID = 1000
Description = Faulting application name: EPUHelp.exe, version: 1.0.0.31, time stamp:
0x00000000 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp:
0x53159a86 Exception code: 0x0eedfade Fault offset: 0x0000c42d Faulting process id:
0x764 Faulting application start time: 0x01cfef205549a45c Faulting application path:
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 93953e0c-5b13-11e4-92bd-50465d07c4e4

[ System Events ]
Error - 10/23/2014 8:19:50 PM | Computer Name = Aftermath | Source = Service Control Manager | ID = 7000
Description = The lirsgt service failed to start due to the following error: %%577

Error - 10/23/2014 8:19:51 PM | Computer Name = Aftermath | Source = Service Control Manager | ID = 7034
Description = The AsusFanControlService service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/23/2014 8:20:37 PM | Computer Name = Aftermath | Source = Service Control Manager | ID = 7034
Description = The AsusFanControlService service terminated unexpectedly. It has
done this 2 time(s).

Error - 10/23/2014 8:25:38 PM | Computer Name = Aftermath | Source = Service Control Manager | ID = 7034
Description = The ASUS HM Com Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/23/2014 8:25:41 PM | Computer Name = Aftermath | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/23/2014 8:25:43 PM | Computer Name = Aftermath | Source = Service Control Manager | ID = 7034
Description = The ASUS System Control Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/23/2014 8:25:45 PM | Computer Name = Aftermath | Source = Service Control Manager | ID = 7034
Description = The AMD External Events Utility service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/23/2014 8:25:46 PM | Computer Name = Aftermath | Source = Service Control Manager | ID = 7034
Description = The ASUS Com Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/23/2014 8:25:48 PM | Computer Name = Aftermath | Source = Service Control Manager | ID = 7034
Description = The AMD FUEL Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/23/2014 9:09:12 PM | Computer Name = Aftermath | Source = DCOM | ID = 10010
Description =


< End of report >
GhostfaceKilah
Active Member
 
Posts: 7
Joined: October 19th, 2014, 4:14 pm

Re: Part 2: Dllhost.exe *32 Strangling Resources

Unread postby pgmigg » October 23rd, 2014, 10:38 pm

Regarding your question, this computer is used for business, but it is not and never has been a part of a business or education network.


Business computer

If I could point you in the direction of the rules, which state under Posting for help for business machines
This forum was set up specifically to help home users, our volunteer helpers choose not to work on machines used for other purposes
On this forum the Administrators are the sole arbiters of what constitutes Home use.
We reserve the right to close any topic that in our opinion is from a computer used for other purposes.
All decisions are final, and are not open to discussion or negotiation.


If this is indeed a business computer:

  • If it is a corporate computer, it is suggested that you take this issue to your IT department.
  • If this is a personal computer used for business (personal or corporate), it is suggested that you take this issue to your IT department, or your local PC repair store.

This topic will now be closed. I am sorry I could not have been of further assistance.

Thank you for your understanding.

pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Part 2: Dllhost.exe *32 Strangling Resources

Unread postby NonSuch » October 24th, 2014, 12:40 am

It is the policy of this site that our volunteers only assist with computers that are used exclusively for home use.

http://malwareremoval.com/forum/viewtop ... 98#p491398

As this issue involves either a company owned machine or a machine that is used for business purposes, it falls outside the scope of this forum. Therefore, this topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 375 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware