Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Backdoor.MSIL.Pgen and others [Solved]


  • This topic is locked This topic is locked

#1
tenrii

tenrii

    Member

  • Member
  • PipPip
  • 21 posts
This Monday, I installed a new graphics card onto my computer. After a smooth installation I began to hear the hard drive churning and spinning up more often than I had used to. I initially dismissed it as my computer being quieter thus allowing me to hear the hard drive clearer, but I got paranoid and started to notice drive space disappearing. About four gigabytes of hard drive space disappeared over the space of a few hours. I did not download anything large at all, to my knowledge all I did was browse the web, talk on Skype and play a game on Steam. I posted on a Windows 7 forum for help initially thinking it was a hardware issue. I had run a scan with Microsoft Security Essentials which turned up nothing, but the people there advised me to try a few different clients, namely Malwarebytes and HitmanPro.

After running a full scan with Malwarebytes, it discovered one threat called "hello.exe" which is listed as "Backdoor.MSIL.Pgen". It quarantined the file and I noticed that all my harddrive space was restored. Taking their advice, I also deleted all restore points and deleted any temporary files with CCleaner. However, later that night I noticed I was still losing drive space. It was much slower and less drastic, but still taking place. I ran a scan with HitmanPro which found three more trojans. Like the trojan Malwarebytes found, it was in directory that related to Microsoft Visual Studios (a legal copy) and had the same filename as a .txt or similar file in the same directory, except it was a .exe. Even after this scan however, I started to notice drive space being taken up, except at an even slower pace this time.

I believe this is all related to a program called "Core Temps". After installing my new graphics card, I was in a rush and in that state of poor judgment I tried installing the first result for core temp monitor on Google that I found. While I ran the installer, I selected custom and noticed that it wanted to install a large amount of bloatware alongside the program itself. Having seen similar things before I unchecked all the bloatware, yet the installer ignored this completely and went ahead and installed them. The most visible addition was a Yahoo! toolbar which I could not remove from Firefox as it would not let me see my addons in about:addons. I ended up uninstalling core temps and Firefox.

However, last night I was finally frustrated enough to try simply restoring my computer from a backup I had ran last Thursday. After everything was restored, I ran a scan with a newly installed HitmanPro and found the same files that I had removed earlier. I checked the backup and they were there too. I do not remember any negative performance on my computer or disappearing drive space prior to Monday so I'm rather confused. I started to notice hard drive space filling up almost immediately after the restore, and regained the space back again after HitmanPro removed the files.

Aside from the disappearing drive space, I think I'm also noticing some performance decrease on my computer. It might just be my imagination after fighting with my computer for the past week, but when watching something like Netflix, the quality seems to be degraded and the audio doesn't quite sync with the video. When I try to play something like a game, it seems choppier than usual and things like scripted events happen at a slight delay or extremely abruptly, as if making up for lost time.

I'm at my wits end and at this point I really would just like my computer back without any threat of stolen information or the idea of someone watching what I'm browsing or saying. My backup appears to be infected too and I really don't want to lose all my files, I suffered a (not C:\) drive failure already this month. I'm a computer science student so I really need my computer to be working in order to be productive. My laptop, while reliable, is very old and does not allow me to be as efficient as I can. I would extremely appreciate any help I could get. It's possible that everything is fine now and that I'm simply overreacting, but I need to know.



I apologize for the wall of text, but I tried to be as descriptive as possible. Please let me know if there is anything else I can add that would be of help.



OTL logfile created on: 11/9/2012 3:21:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Austin\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 57.82% Memory free
8.00 Gb Paging File | 6.05 Gb Available in Paging File | 75.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 336.21 Gb Total Space | 104.79 Gb Free Space | 31.17% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1813.23 Gb Free Space | 97.33% Space Free | Partition Type: NTFS

Computer Name: KAGAMIN | User Name: Austin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/11/09 15:20:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Austin\Downloads\OTL.exe
PRC - [2012/10/29 19:14:17 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/15 11:26:01 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/10/02 17:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/08/06 09:34:52 | 004,249,752 | ---- | M] (H.D.S. Hungary) -- C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
PRC - [2012/04/16 08:48:49 | 000,565,480 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
PRC - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/03/12 14:43:38 | 000,241,808 | ---- | M] (Paltiosoft Inc.) -- C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
PRC - [2010/02/03 14:10:22 | 001,642,496 | ---- | M] (Edimax Technology Co., Ltd.) -- C:\Program Files (x86)\Edimax\Common\RaUI.exe
PRC - [2009/12/16 12:49:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Austin\Local Settings\Apps\F.lux\flux.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/29 19:13:49 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/15 11:26:00 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/08/09 08:51:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/08/09 08:51:28 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/08/09 08:51:18 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/08/09 08:51:02 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/08/09 08:50:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/08/09 08:50:58 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/08/09 08:50:48 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/16 08:48:49 | 000,565,480 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
MOD - [2009/12/11 01:16:08 | 000,918,816 | ---- | M] () -- C:\Program Files (x86)\Edimax\Common\RaWLAPI.dll
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Austin\Local Settings\Apps\F.lux\flux.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/07/27 21:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/02/17 20:56:32 | 000,088,688 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\KaraokeSer.exe -- (KaraokeService)
SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/29 19:14:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/24 00:27:46 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/02 17:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 08:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/12 14:43:38 | 000,241,808 | ---- | M] (Paltiosoft Inc.) [Auto | Running] -- C:\Program Files (x86)\SoftDenchi\UCManSvc.exe -- (UCManSvc)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/16 12:49:12 | 000,212,256 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2009/12/16 12:49:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Edimax\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009/07/13 00:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/27 23:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/27 20:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/07/03 10:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/05/14 01:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/17 20:56:36 | 002,709,104 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012/01/18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 05:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/11/04 12:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/12 11:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/07/28 03:14:06 | 001,241,952 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/10/23 11:04:24 | 000,329,728 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2009/10/22 08:49:28 | 000,057,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2009/10/22 08:46:22 | 000,240,128 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2009/10/21 12:58:14 | 000,031,744 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2009/10/21 08:42:38 | 000,126,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2009/10/20 10:51:28 | 000,025,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/25 15:23:56 | 000,047,616 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (AthDfu)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 00:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009/06/30 15:34:00 | 001,797,120 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AMBFt64.sys -- (AMBFilt64)
DRV:64bit: - [2009/06/17 21:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/12/02 13:57:00 | 001,854,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MonFt64.sys -- (MonFilt64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/17 21:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 01 5A 2F D3 AE CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://boards.4chan.org/a/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.9.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.6.2
FF - prefs.js..extensions.enabledAddons: [email protected]:0.96
FF - prefs.js..extensions.enabledAddons: [email protected]:2.01.110814
FF - prefs.js..extensions.enabledAddons: [email protected]:0.1.5
FF - prefs.js..extensions.enabledAddons: [email protected]:0.14.2012050301
FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2.4
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.2.3
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 9.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2011/11/13 23:15:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 9.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/29 19:14:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/29 19:13:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/15 15:00:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/29 19:14:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/29 19:13:45 | 000,000,000 | ---D | M]

[2012/05/20 12:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Extensions
[2012/10/30 13:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions
[2011/10/27 18:53:19 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2012/09/14 14:05:22 | 000,000,000 | ---D | M] (Perapera Chinese) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\[email protected]
[2012/09/09 20:42:18 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\[email protected]
[2011/10/27 18:54:31 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\[email protected]
[2012/02/07 15:40:12 | 001,331,409 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\[email protected]
[2011/10/27 16:48:28 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\[email protected]
[2012/04/03 21:40:48 | 000,047,472 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\[email protected]
[2011/11/20 12:45:13 | 000,220,972 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\[email protected]
[2011/11/03 23:25:27 | 000,583,875 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\[email protected]
[2012/06/17 21:15:59 | 000,271,744 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\[email protected]
[2012/10/30 13:18:32 | 000,075,799 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi
[2011/11/20 18:03:39 | 000,249,155 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2011/12/07 14:07:57 | 000,520,267 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011/12/04 02:33:54 | 000,332,561 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2011/12/15 11:44:26 | 000,644,152 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/12/02 16:56:39 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/03/05 22:25:20 | 000,686,359 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2011/12/16 12:22:34 | 000,773,913 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi
[2012/10/29 19:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/29 19:12:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/29 19:14:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 02:11:06 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 19:34:51 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\ASUS Bluetooth Suite\BtvStack.exe ()
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe (SecureW2 B.V.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VIAJDS] C:\Program Files (x86)\VIA\VIAudioi\HDADeck\VIAJDS.exe (TODO: <Company name>)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [F.lux] C:\Users\Austin\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.119.101.1 128.119.100.83
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A319634-74F2-4FF6-9D4F-3EB7B449F1AF}: DhcpNameServer = 128.119.101.1 128.119.100.83
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/09 12:39:45 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\Malwarebytes
[2012/11/09 12:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/09 12:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/09 12:38:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/09 12:38:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/09 12:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/11/08 23:11:30 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/11/08 23:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/11/08 23:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/11/08 22:05:32 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Local\AMD
[2012/11/08 22:05:14 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\ATI
[2012/11/08 22:05:14 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Local\ATI
[2012/11/08 22:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/11/08 22:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/11/08 22:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/11/08 22:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/11/08 22:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/11/08 22:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/11/08 21:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/11/08 21:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/11/08 21:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/11/08 21:58:24 | 000,000,000 | ---D | C] -- C:\AMD
[2012/10/31 19:54:01 | 000,000,000 | ---D | C] -- C:\madVR
[2012/10/31 19:52:39 | 000,000,000 | ---D | C] -- C:\madFlac
[2012/10/31 19:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LAV Filters
[2012/10/31 19:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2012/10/31 19:50:37 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2012/10/31 19:50:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haali
[2012/10/31 19:37:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mpc-hc SSE2 tester dfr4739
[2012/10/30 22:18:02 | 000,000,000 | ---D | C] -- C:\Users\Austin\Documents\Bioshock
[2012/10/30 00:52:40 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Local\Electronic Arts
[2012/10/30 00:52:27 | 000,000,000 | ---D | C] -- C:\Users\Austin\Documents\Electronic Arts
[2012/10/30 00:51:24 | 000,000,000 | ---D | C] -- C:\Users\Austin\Documents\Electrontic Arts
[2012/10/29 19:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/24 19:43:05 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\LolClient
[2012/10/24 15:10:12 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/10/24 15:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/10/24 14:55:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\League of legends
[2012/10/24 14:54:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012/10/20 14:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/10/18 19:18:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/12 11:57:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDClone 4.2 Free Edition
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/09 15:23:36 | 000,847,092 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/09 15:23:36 | 000,699,394 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/09 15:23:36 | 000,140,306 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/09 15:17:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/09 15:17:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/09 15:17:16 | 3220,725,760 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/09 15:16:20 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/09 12:37:21 | 000,022,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/09 12:37:21 | 000,022,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/08 23:11:30 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/11/08 22:03:38 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/10/29 12:20:22 | 000,001,189 | ---- | M] () -- C:\Users\Austin\SuperAnTester.java
[2012/10/28 19:12:01 | 000,000,399 | ---- | M] () -- C:\Users\Austin\SuperAnagram.java
[2012/10/17 21:10:31 | 000,000,425 | ---- | M] () -- C:\Users\Austin\b.class
[2012/10/17 21:10:24 | 000,000,137 | ---- | M] () -- C:\Users\Austin\b.java
[2012/10/11 18:33:36 | 000,000,930 | ---- | M] () -- C:\Users\Austin\c.class
[2012/10/11 18:33:30 | 000,000,613 | ---- | M] () -- C:\Users\Austin\c.java
[2012/10/11 17:57:06 | 000,000,452 | ---- | M] () -- C:\Users\Austin\a.class
[2012/10/11 17:56:59 | 000,000,197 | ---- | M] () -- C:\Users\Austin\a.java
[2012/10/11 17:55:02 | 000,001,374 | ---- | M] () -- C:\Users\Austin\.drjava
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/08 22:03:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/11/08 20:52:12 | 3220,725,760 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/28 14:58:27 | 000,001,189 | ---- | C] () -- C:\Users\Austin\SuperAnTester.java
[2012/10/28 13:35:00 | 000,000,399 | ---- | C] () -- C:\Users\Austin\SuperAnagram.java
[2012/10/20 14:11:48 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/20 14:11:47 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/11 18:18:12 | 000,000,930 | ---- | C] () -- C:\Users\Austin\c.class
[2012/10/11 18:17:48 | 000,000,613 | ---- | C] () -- C:\Users\Austin\c.java
[2012/10/11 17:38:15 | 000,000,425 | ---- | C] () -- C:\Users\Austin\b.class
[2012/10/11 17:22:51 | 000,000,452 | ---- | C] () -- C:\Users\Austin\a.class
[2012/10/11 17:21:54 | 000,000,197 | ---- | C] () -- C:\Users\Austin\a.java
[2012/10/09 16:43:15 | 000,000,137 | ---- | C] () -- C:\Users\Austin\b.java
[2012/10/01 17:56:02 | 000,001,160 | ---- | C] () -- C:\Users\Austin\Positions.class
[2012/10/01 17:54:05 | 000,000,638 | ---- | C] () -- C:\Users\Austin\Positions.java
[2012/09/30 20:42:44 | 000,000,576 | ---- | C] () -- C:\Users\Austin\BrankingDriver.class
[2012/09/30 20:42:28 | 000,000,289 | ---- | C] () -- C:\Users\Austin\BrankingDriver.java
[2012/09/15 23:11:46 | 000,000,047 | ---- | C] () -- C:\Users\Austin\jagex_cl_loginapplet_LIVE.dat
[2012/08/21 18:44:25 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/08/07 18:58:04 | 000,000,218 | ---- | C] () -- C:\Users\Austin\AppData\Local\recently-used.xbel
[2012/07/27 20:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 20:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/07/04 02:36:42 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/06/03 18:23:33 | 000,000,024 | ---- | C] () -- C:\Users\Austin\jagexappletviewer.preferences
[2012/06/03 18:04:12 | 000,000,046 | ---- | C] () -- C:\Users\Austin\jagex_cl_runescape_LIVE1.dat
[2012/06/03 17:52:37 | 000,000,045 | ---- | C] () -- C:\Users\Austin\jagex_cl_runescape_LIVE.dat
[2012/06/03 17:52:37 | 000,000,024 | ---- | C] () -- C:\Users\Austin\random.dat
[2012/05/28 21:12:26 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012/05/15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/04/30 14:29:17 | 000,000,187 | ---- | C] () -- C:\Users\Austin\AppData\Roaming\.slime-history.eld
[2012/04/12 06:55:23 | 000,005,950 | ---- | C] () -- C:\Users\Austin\_viminfo
[2012/02/21 18:27:22 | 000,000,940 | ---- | C] () -- C:\Users\Austin\PrefixTester.class
[2012/02/21 18:26:30 | 000,000,437 | ---- | C] () -- C:\Users\Austin\PrefixTester.java
[2012/02/21 18:26:30 | 000,000,030 | ---- | C] () -- C:\Users\Austin\PrefixTester.java~
[2012/02/08 18:49:20 | 000,000,775 | ---- | C] () -- C:\Users\Austin\Fallout.class
[2012/02/08 18:48:05 | 000,000,251 | ---- | C] () -- C:\Users\Austin\Fallout.java
[2012/02/08 18:48:05 | 000,000,088 | ---- | C] () -- C:\Users\Austin\Fallout.java~
[2012/02/07 18:33:07 | 000,001,407 | ---- | C] () -- C:\Users\Austin\Banking.class
[2012/02/07 18:32:15 | 000,000,977 | ---- | C] () -- C:\Users\Austin\BankingDriver.class
[2012/02/07 18:31:52 | 000,000,875 | ---- | C] () -- C:\Users\Austin\Banking.java
[2012/02/07 18:31:43 | 000,000,827 | ---- | C] () -- C:\Users\Austin\BankingDriver.java~
[2012/02/07 18:31:43 | 000,000,666 | ---- | C] () -- C:\Users\Austin\BankingDriver.java
[2012/02/02 16:05:59 | 000,000,568 | ---- | C] () -- C:\Users\Austin\Greetings.class
[2012/02/02 16:05:37 | 000,000,184 | ---- | C] () -- C:\Users\Austin\Greetings.java~
[2012/02/02 16:05:37 | 000,000,177 | ---- | C] () -- C:\Users\Austin\Greetings.java
[2012/02/02 12:49:34 | 000,000,787 | ---- | C] () -- C:\Users\Austin\FirstProgram.class
[2012/01/31 18:55:09 | 000,000,391 | ---- | C] () -- C:\Users\Austin\FirstProgram.java
[2012/01/31 18:55:09 | 000,000,120 | ---- | C] () -- C:\Users\Austin\FirstProgram.java~
[2012/01/27 22:57:00 | 000,001,374 | ---- | C] () -- C:\Users\Austin\.drjava
[2012/01/18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/10/30 22:11:45 | 000,000,600 | ---- | C] () -- C:\Users\Austin\AppData\Roaming\winscp.rnd
[2011/10/30 21:06:11 | 000,000,132 | ---- | C] () -- C:\Users\Austin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/10/27 16:07:26 | 000,000,075 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2011/10/27 16:06:30 | 000,870,038 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/30 14:30:09 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\.emacs.d
[2012/10/24 21:29:39 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\.minecraft
[2012/09/11 17:55:13 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\.Spoutcraft
[2012/10/31 12:08:50 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Bioshock
[2012/06/21 16:59:34 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Bitcoin
[2012/11/09 12:31:19 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\BitTorrent
[2012/09/29 21:32:54 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\collection
[2012/04/30 14:28:56 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\common-lisp
[2012/11/09 12:31:21 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\DAEMON Tools Lite
[2012/08/07 18:45:37 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\deluge
[2012/05/19 16:45:50 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Dev-Cpp
[2012/04/11 18:44:39 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Downloaded Installations
[2012/04/13 01:51:53 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Dropbox
[2012/11/09 12:31:19 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\FileZilla
[2012/06/25 10:55:51 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\FLAC to MP3 Converter
[2012/10/31 21:19:50 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\foobar2000
[2012/06/03 20:23:05 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\GetRightToGo
[2012/10/17 18:25:21 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Hard Disk Sentinel
[2012/02/12 01:18:18 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\HeidiSQL
[2012/10/24 19:43:05 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\LolClient
[2012/05/19 16:48:45 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Moonchild Productions
[2012/09/11 18:17:47 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Mumble
[2012/09/07 13:50:33 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\My Games
[2011/10/30 22:56:56 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Notepad++
[2011/10/28 17:44:42 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\OpenOffice.org
[2011/12/11 15:15:18 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Opera
[2012/04/17 05:53:39 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Pokemon Online
[2012/01/03 00:05:18 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\puush
[2012/05/03 15:45:48 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\RenPy
[2012/09/19 13:57:00 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\runic games
[2012/10/24 14:44:52 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\SystemRequirementsLab
[2011/12/04 02:44:21 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Thunderbird
[2012/11/09 15:14:51 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\uTorrent
[2011/12/18 15:40:42 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\X-Chat 2
[2012/05/30 13:00:36 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\XnView

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 20 bytes -> C:\Users\Austin\Documents\College:Mac_Metadata

< End of report >

Extras log, did not know if this needed to be included.

OTL Extras logfile created on: 11/9/2012 3:21:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Austin\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 57.82% Memory free
8.00 Gb Paging File | 6.05 Gb Available in Paging File | 75.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 336.21 Gb Total Space | 104.79 Gb Free Space | 31.17% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1813.23 Gb Free Space | 97.33% Space Free | Partition Type: NTFS

Computer Name: KAGAMIN | User Name: Austin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client
"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09E927C9-34FA-4FA5-B736-7D41EBD9CFA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0F885B68-CE11-47A4-B053-2226C44A0E25}" = lport=2869 | protocol=6 | dir=in | app=system |
"{23879BBA-762C-45E8-A991-70A630EF3CF7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2FF07FB4-A11F-4E9E-BDBA-A72509309FAF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32828CED-8555-41DE-992D-960E713F99FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{335B3B03-5264-437F-800B-6C85341F9D25}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3C1E88EA-8600-426B-8BE4-29EDD0221100}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F6693F5-2ED0-4430-B7DC-7ADA723B298E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{883D2E88-3A5C-4DDA-AC1E-5531C7170E67}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A4B7AB36-2F5C-4196-BAB3-4830294920B5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC9CD567-25B1-4692-A15B-942CC91F7343}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B81088-D742-41CA-869E-AEF0F7CEC817}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shatter\shatter.exe |
"{00FB3BA9-DCD1-4F32-B0A0-562A1251E5AB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe |
"{023E0B26-B62E-4D13-9F5B-CC6BBAC64136}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{02EBB069-1537-4627-BFE2-CB816F8C5923}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{0394F5DA-1956-424D-84FA-E85299222F0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
"{04C3A754-5AB4-4D6F-95B1-A496C727C3B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{04DEFE73-5ACF-479E-BE81-AB0E32AC145D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{05A139E5-FC5B-4E90-B98B-0D707824427F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{05B7122F-C038-4331-BE2A-C1A3F34BC332}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{09538420-6414-4BE1-8F93-F2EBCF9829C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{0A57481E-12AB-495B-8373-ED336C5EFDF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords_pitboss.exe |
"{0B880547-7987-4B93-86A9-C1C845995E09}" = protocol=17 | dir=in | app=c:\users\austin\appdata\roaming\dropbox\bin\dropbox.exe |
"{0CAA6715-7992-4A19-B80F-F50B8DF74164}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{0E03C52E-FA20-42C3-B3B3-FA8E421F4F28}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{0E81C239-94CE-418E-B3B3-F44FBD761CD0}" = protocol=17 | dir=in | app=c:\users\austin\jagexcache\jagexlauncher\bin\jagexlauncher.exe |
"{100F0D10-AC38-4DC0-84F2-6C3778C8CB03}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dustforce\dustforce.exe |
"{10570FE1-A7C2-422E-8FD8-7D3F2BFC36E0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{108053F7-7E5C-42A3-A2F5-8910756AEB5F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{12E7D57B-C79A-4E32-B26A-23B22223A92D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{15AADBCE-5CF4-406F-A785-5B0081E10C71}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{16F40BFD-ABCA-41CB-B48D-E81761A652A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
"{16F78A3D-D98E-42F1-AEDF-4735D329A444}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe |
"{1A524865-3628-4A5E-AB4D-97A3C203E9C4}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{1E24AFA2-2C4A-4F73-B9FA-5AB0CDBF01FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout tactics\ft tools.exe |
"{1F5F2298-4C90-497C-82D3-58AF1A950467}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iii complete\conquests\civ3conquests.exe |
"{2084FB6E-3A57-4485-8E0A-882031A927A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe |
"{21511CB7-9D72-448E-B711-FDDD8BA98916}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\civilization iv colonization\colonization.exe |
"{22AD7068-70CE-4D07-9F69-0D1CEB733625}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nuclear dawn\nucleardawn.exe |
"{22D4DF88-EFA4-4191-B662-B771AA677A54}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\valvetestapp207490\rayman origins.exe |
"{2316291C-B4CE-4625-B621-105AC38981DE}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{2355173D-92F6-42F1-BE4B-588CC67795D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe |
"{26070768-4E8F-413B-9DEC-1DCAA21F7845}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout tactics\ft tools.exe |
"{2617B82B-98C2-49C3-9518-95368B03CA25}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{26ACD739-A4FA-48F6-B247-40C7B9DEE3BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2865C911-3B80-437C-862C-262C45696533}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{2F1974BC-924B-4E1B-91F4-5DAADF8AEBE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{33F2716B-CA57-41AF-BBD9-722C295CE5B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{34F2C5C1-21FC-42CF-A2DF-1DB373D1735F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear - demo\recettear.exe |
"{37F5EE0A-BC40-4173-9F93-C9758E9E9845}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{383E5277-A7C5-4878-9744-D8F439ABA3A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe |
"{392B1349-3191-47C3-810D-95BEE4248770}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rochard\rochard.exe |
"{39F471A1-BFD1-4BE2-B430-D62AB883D6E9}" = protocol=6 | dir=out | app=system |
"{3A6464F3-678E-4C63-B5B9-EEBF46C0ED72}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempireconfig.exe |
"{3C955401-9C1A-419C-864E-012E1FB50A88}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout\falloutw.exe |
"{3EA860BF-DEA0-4DF1-B03D-FD1D1B541F7F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe |
"{4053534E-2CF1-41DE-9E10-74222441E04F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{462D515A-715A-4DCB-8AD0-9E99D926D777}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear - demo\recettear.exe |
"{499E34D3-AA6C-449C-9302-AD6B4C83C153}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4AB10250-9F41-40D3-AE24-3DB171D09ACF}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{4B8A7943-B831-455C-A6E9-C318904FF4F4}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{4D15E5E1-414E-4603-9589-DFF56BD41D9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shatter\shattersettingseditor.exe |
"{4F435336-858E-4022-951F-9AF25FDA5FA7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{501035FB-842F-4A39-9A98-0E6EE1A1D645}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempireconfig.exe |
"{55D38615-0C91-436F-B9FA-90B78B78F5D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout tactics\bos.exe |
"{567B0A12-56A2-4D3A-8B4F-EF1C1E4D46D0}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{581748F6-F06D-4558-8F9D-62CC9C1ED950}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vvvvvv\vvvvvv.exe |
"{5AD72A18-7618-4DD7-A22D-3B6952C09552}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iii complete\conquests\civ3conquests.exe |
"{5B023D8E-7DBE-4AA1-8791-715AE9090105}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempirelauncher.exe |
"{5F940EEE-201D-4AFF-8DAC-C9EB367A5DDF}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{6572BEB8-C8F9-40D5-9745-BD75EB89EE36}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{667E8EBA-3853-45F1-AED4-AA3F120B5E6C}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"{67F2032F-E033-4CD6-AAD7-C12359A3213A}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{67F6F457-9CE8-4C33-9F5A-5228E998D925}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{690BC804-D0AE-4174-87D2-F016A431E6E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
"{6A36AE74-7CC0-411D-8EDD-819C437D58AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\morrowind\morrowind launcher.exe |
"{6AD7E1A5-DDD5-4247-8522-645DD542F90E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe |
"{6C26D4E9-9424-4565-8C6B-958920507444}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space pirates and zombies\spazgame.exe |
"{6CE9E4B2-C35C-42FB-8FEC-CD92C6A5E582}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dustforce\dustforce.exe |
"{6D814D88-6DDB-431D-9C6C-6B9715A3F7ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{6DC376E3-2A44-495C-9370-6985FD2F297D}" = dir=in | app=%systemdrive%\minecraft\minecraft.exe |
"{6ECFF632-4D9D-47E4-B054-CE5FEE967851}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords.exe |
"{71787DB3-E707-4CF4-B7B3-B1C44333EEB8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{734280F6-4866-4EDA-926F-46C6C77C360D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex invisible war\system\dx2.exe |
"{7412CBAC-B704-472E-8C79-7B0C9AC4D908}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"{75ECEE2B-3A1B-4D40-AB37-52F99CB041F6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{7945118D-2EE6-48EE-B054-F2DE1C3A681C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\basement\the basement collection.exe |
"{79E88DD2-EECC-44BE-A666-571855D51C55}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{7C9BD214-B5A8-4866-BBCA-51EA412C7239}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{7D99ED05-2F24-4FDA-BA3E-049FB67166B4}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{7F2F863B-2D10-4CD2-8B11-8AECD9BDCED4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8223F0B4-0FDE-4E96-866A-66F026CCF938}" = protocol=6 | dir=in | app=c:\users\austin\appdata\roaming\dropbox\bin\dropbox.exe |
"{83B37BFA-1A43-4451-89EB-927B6921FB7D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8457AFD0-CAE4-4493-9773-3AAE860A2C7A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe |
"{849CCA76-21F1-4B56-826F-31F4FF0524D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe |
"{8A934259-13E1-4329-AEEA-527DBB3E924F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{8DC1F2EA-3EC2-47C2-B9E2-28F03FCE8692}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
"{921BD34F-489D-406D-AB7E-DF2906E289F8}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{94F205A4-DC63-4000-B3B4-E78D9CD63975}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{95725F08-9C52-4A85-89A3-7351BFC3A34D}" = dir=out | app=%systemdrive%\minecraft\minecraft.exe |
"{9581ABFD-5C16-4AE8-AB36-8A497F955D1F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 2\fallout2.exe |
"{95C51B47-DB44-4441-8B7E-A15E42412CAC}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"{984A6EE3-7B23-47D5-BE8C-CA7FA78D0274}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vessel\vessel.exe |
"{98AC8553-129F-4494-B743-8BDFD0D16CCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{997E8813-6ED8-4E0E-9081-EA2B0B9EFF53}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vessel\vessel.exe |
"{99A9DD99-A546-4226-B7DA-CB6A23D80FF8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9AF2F371-26B7-4510-9CB4-39A23292012A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{A016FF21-9BBA-4F75-8029-39E69505DE8D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jade empire\jadeempirelauncher.exe |
"{A03555B7-BBF8-4AD1-9EE2-4F00C4970645}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{A0A6E313-A5AD-4DCF-A945-12996B7F9A7D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A47A4BFF-0B9F-4227-BE32-01C473A77FFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{A7B81F19-A6A9-4B94-BADC-0A25A1502BD0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe |
"{A93AEB6D-9C54-4C7C-BB00-0B73A8BB3464}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wizorb\wizorb.exe |
"{AB6FA984-AD5D-49BF-8017-C1D9425AB875}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rochard\rochard.exe |
"{ACF23907-560E-43D6-8867-03655524C661}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{AEED0509-0894-44CF-B801-C4B289F272BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\valvetestapp207490\rayman origins.exe |
"{B30858C7-5C32-4598-94A6-77137C0888C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe |
"{B3688743-2E9D-49F6-ADD0-BA2B4155C656}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear - demo\custom.exe |
"{B51C7C25-B63C-4D35-973D-0A8351E174F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\civilization iv colonization\colonization.exe |
"{B603B82E-BBF5-4255-A754-9ED994F51434}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{B7419BB5-232C-421C-8D21-3C76DE8D5568}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B81C773B-27E2-4F5F-823C-958FC5153CA4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords.exe |
"{B8AF916A-FACD-47F0-840A-C100B9237AC0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout\falloutw.exe |
"{BDBB4792-4006-43CD-9AD8-6BBCD0C130B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BE86A7B0-537C-4FF3-B732-19AACBF3C277}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{BEB043B4-EAE9-4838-A6BD-9FCFDB5FDAF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3719F44-76DF-4880-8AF6-F4434702F4CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space pirates and zombies\spazgame.exe |
"{C429CE96-2BAF-43AB-96F1-FC2E4D140576}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torched\editor.exe |
"{C63B06F7-4F91-4BA0-96BF-FC1049FA21A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe |
"{C6B9E3F1-2B05-45DE-9250-6C0E3944E02F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wizorb\wizorb.exe |
"{C76051DE-E398-4D32-8F36-35BF73A7AF6A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{CA8449F2-921A-494A-B8D8-F7778DB172D4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD541E48-E23B-4F32-B49F-47777EA4A6E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{CDB7CE45-B015-4548-A991-CA478935C7DD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D0C0E127-5EA4-416B-ABA0-9691EDD83E66}" = protocol=6 | dir=in | app=c:\users\austin\jagexcache\jagexlauncher\bin\jagexlauncher.exe |
"{D1983F0B-F059-4F08-A5ED-F099AFAA8F1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D2F521AA-415D-4077-93E9-467055FF8C64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D41C8BF8-C2D8-4ED6-B67C-5B3B2BF532CF}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{D49E3F35-3309-4054-A639-4F12222A7922}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{D5BBECED-C907-478A-B230-2E3359DFBD25}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe |
"{D637D3C8-A953-48D3-8F79-263A30D8535D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout tactics\bos.exe |
"{D754168E-BF84-4C7C-9228-6D441B693EFD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\morrowind\morrowind launcher.exe |
"{DA46FBCB-BD50-4728-BA49-201FEC32DDC8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{DB2972B6-587C-4B3A-AD4F-9C7F579AEBB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nuclear dawn\nucleardawn.exe |
"{DC28F5B2-A2F5-4084-A2A7-B851F48F3C46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{DD4051C1-1FD1-468C-92A7-D1EDA6114BAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shatter\shattersettingseditor.exe |
"{DEABC4D5-8AB1-412C-875E-DE55675CB20E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{DF0FF2F1-73E0-4DEF-8759-2081407C4300}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{E24FB501-4655-4435-AA51-85AA86440665}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{E35DF255-300A-436C-872C-97186E6A833F}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"{E38DE8A6-B577-4BCD-8956-98D13A18F6C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{E47608E9-965E-4D52-ADFF-0834313E1821}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex invisible war\system\dx2.exe |
"{E4F31049-BC85-464D-B6B7-E33C6CEA5032}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{E5BAD369-E945-41EC-B9AC-BEEBE7816F2C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E5DDBBFC-2A98-4C2D-A572-7C736E422AC3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shatter\shatter.exe |
"{E6835749-F09F-43A9-ADB4-801AFD54B366}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{E9CFEE11-EB80-406F-829B-D9F928239D39}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 2\fallout2.exe |
"{EB25FFBC-A0A3-4F13-B599-549BD0B7BE94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe |
"{EBDD1291-DC53-4724-9C7D-96395F3786D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv warlords\warlords\civ4warlords_pitboss.exe |
"{F33BC484-D2FB-46A4-9261-2C10E7DBAD2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{F51B78AA-0B8F-406D-8C1C-7B386B848ED1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear - demo\custom.exe |
"{F8604D3E-D816-42CF-88CF-46843CD31533}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9543142-153E-4945-8916-6C165BF29AFB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{FA87A041-5CF9-46DF-85EB-CF13D87856DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FBD40971-27E5-4F7D-9425-0F84BCBA2E06}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torched\editor.exe |
"TCP Query User{113DBD40-09AA-4020-922E-CE1C0E9F8F6B}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{1AE542E9-023B-4B55-B3A4-FABA89426709}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{23064085-F461-47CA-A2CF-A4BCCD67C104}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{2969AA33-CCF0-4C2B-926A-BCE5528A5BAF}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{404E161E-3284-42C8-8F77-510C8CA4B3DE}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"TCP Query User{442122E4-F9C5-446D-A03D-32EDDA9F3C95}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"TCP Query User{5733E30D-0E76-4C85-8F38-D613A876707C}C:\program files (x86)\icechat7\icechat7.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icechat7\icechat7.exe |
"TCP Query User{931EDD09-E8B3-442F-8AE4-C6DA1C6F2A24}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{A67FF69A-2772-499E-AB9B-33FE8C59F0CC}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{C62C6CE3-70C4-497B-994A-49E06ED6086E}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{C7BFCF26-A13A-4CF6-81E4-9E3D48BFFF8B}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{CD7639EC-BB19-44D2-A39B-CA0929BDF16A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D592A2AE-CA0B-4372-9A23-E61095AA7798}C:\users\austin\documents\servar\pokemon-server\server.exe" = protocol=6 | dir=in | app=c:\users\austin\documents\servar\pokemon-server\server.exe |
"TCP Query User{E4FE0FCE-7203-4426-A6C8-9F388454AEDA}C:\program files (x86)\deluge\deluge.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deluge\deluge.exe |
"TCP Query User{EAC069C7-6A91-442E-BE7A-F0A8C911EA78}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F0F604E0-9BCC-499B-B18E-A24FA6A232D2}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{0E47D227-9F72-4883-9EA2-512427C1AECE}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{391EE007-5892-4406-8377-917FC489DF04}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"UDP Query User{39F3BCD5-5735-4A20-856A-1FE4974B16EF}C:\program files (x86)\icechat7\icechat7.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icechat7\icechat7.exe |
"UDP Query User{3FF217CD-7503-4F17-93BE-835883BA911F}C:\program files (x86)\deluge\deluge.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deluge\deluge.exe |
"UDP Query User{607CFCC5-9B0B-4384-B18E-2625472DEEEF}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{626CDC94-0C6A-4822-A5CB-EE442F44F7F5}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{741BBE71-E9E4-46F2-A5FE-243A905E2493}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{7DC24CF4-DA94-4F7B-BA9A-9EA1E8164AE4}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{86E11FF3-2529-4277-813C-A44A64FB6904}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{898CAEE6-409F-42D6-9362-69FEADA49EBF}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{8AFA7940-E3F8-474A-89F9-A50921980F5B}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{9F240288-FAB5-4E20-BAC5-A7B52BF8C1AE}C:\users\austin\documents\servar\pokemon-server\server.exe" = protocol=17 | dir=in | app=c:\users\austin\documents\servar\pokemon-server\server.exe |
"UDP Query User{A9D6F6B3-CBF7-4809-81C3-806743B7E505}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{E4A329CA-ACEE-46E2-99D1-CAD967E88CFF}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{E750A7D6-1BA6-48F1-ABC1-C0605AE33E4E}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{E95A4DAC-3160-4FE5-B420-998652D864C1}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java™ 6 Update 30 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java™ 7 Update 3 (64-bit)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5941D535-34BF-BB6E-E52B-F464E4E955FF}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java™ SE Development Kit 7 Update 3 (64-bit)
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{719DCFB7-0E66-7057-361A-B26565E147F1}" = AMD Fuel
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}" = HP Deskjet 1000 J110 series Basic Device Software
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AF88A32E-BC54-2AA3-2FC8-D63D86DF4A7A}" = AMD Catalyst Install Manager
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D40DEC1D-7CC6-47B3-A5CE-3E46C3EAE9FC}" = Steel Bank Common Lisp 1.0.55.7.mswinmt.1185-d20ec0c (X86-64)
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D7D6AA2C-DD2C-53F1-1F1D-5AC3CDE1B90C}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{E704008B-0515-490F-83E1-95AA2A7F4641}" = Oracle VM VirtualBox 4.1.6
"{E74DBCA2-F0BC-929D-0504-87E97079EB4A}" = AMD Drag and Drop Transcoding
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"HoneyView3" = HoneyView3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Speccy" = Speccy
"Vim 7.3" = Vim 7.3 (self-installing)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04475621-9BF8-EF82-4691-1C8FD9D40FD2}" = CCC Help Polish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07A733AA-2D8C-1E0E-ED9B-B4CA59AE86B3}" = AMD VISION Engine Control Center
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{140347A0-4A0C-44FC-9CA1-C8A3471899B7}" = SdRt4200
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{19B5CAAF-3E36-40F4-83F2-45E0D258000C}" = 神採りアルケミーマイスター Append02
"{1AADBEB8-3F11-7FB7-6DDC-EE2276C1A80E}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Edimax nLite Wireless USB Adapter
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 2.0.05d
"{2C3F42F5-935B-E64C-13D7-4369B0D66DE9}" = CCC Help Greek
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{328b4b27-557b-47e3-841e-3c86ab40a831}_is1" = Mono for Windows 2.10.8
"{37CE847B-3279-1A39-CA09-FBF330B5EC97}" = CCC Help Czech
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C15E8E2-3463-584F-D4F8-D95878737EAB}" = CCC Help Norwegian
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41810510-3CE0-425B-BE07-B9793731737F}" = 神採りアルケミーマイスター
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{420500EA-4038-AADB-DD76-90D0311E5867}" = CCC Help Spanish
"{42C402C3-F95B-4BA2-BC90-99816AAF8159}" = Space Colony
"{43403BCA-6051-A108-682C-5BABB69D3919}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{549ECD2C-5ACD-0598-56E6-BF88F6B5CE9E}" = CCC Help Portuguese
"{5BAD1D5F-157F-C4D7-05B8-7B2D08874DFA}" = CCC Help German
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6E9484D8-F1F5-8737-3C35-C2ACB8BC9BF8}" = CCC Help Danish
"{6EB6BC61-0079-80B7-9AE8-A28E02F81E04}" = CCC Help Japanese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{74DDE8F9-FAD1-4C64-84DF-DF287EAE6FAE}" = CCC Help Turkish
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7C53D4FA-0F42-3B24-686B-2AB688C8B112}" = Catalyst Control Center Localization All
"{85F76CD3-92C2-6422-202C-ADC655E83940}" = CCC Help Chinese Standard
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E71E47-7BDE-2A10-A9C2-373DCAE4EEB9}" = CCC Help Chinese Traditional
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9693675A-7108-247D-A369-AF08C8E32CFD}" = CCC Help English
"{9971CC5F-9E89-6024-72CD-2F9B33305B7F}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E8426B6-0027-8C7E-9729-E86053D9A3D5}" = CCC Help Finnish
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B66F4972-5C17-90A5-95AB-0C4DAEFC92A4}" = CCC Help Korean
"{B7591344-4506-4F91-8485-29458F6250A6}" = Space Colony Demo
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6B0FBD0-067F-5ED3-B4C1-BC61284A1079}" = Catalyst Control Center InstallProxy
"{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}" = 神採りアルケミーマイスター Ver2.00 Update
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1F6BB2F-E9A4-4233-BA03-BB62E8AED82A}" = Star Wars Jedi Knight Jedi Academy Demo
"{D62576C2-C084-4698-974A-5BE77714FDDD}" = System Requirements Lab Test
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DB689397-D3C2-BD23-A83E-FCA68454F0FE}" = CCC Help Dutch
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{EAD24F4A-8BB8-EAC5-A995-3D9A96DF3FA4}" = CCC Help French
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}" = 神採りアルケミーマイスター Append01
"{F0BC0231-25D6-B4BF-5D9E-633220A2C09A}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F501FACA-3AFB-FAC4-825D-F6D1343F0C69}" = Catalyst Control Center Graphics Previews Common
"{F7657E34-0046-9515-61D9-7AAFC84C4AC8}" = CCC Help Thai
"{FBBFABCD-E075-457B-A70B-CF40C66CF033}" = Sid Meier's Civilization 4 Demo
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anki" = Anki
"Aurora 9.0a2 (x86 en-US)" = Aurora 9.0a2 (x86 en-US)
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DD4F47DF-6540-4BDA-BEAD-2B19250B0C48_is1" = FLAC to MP3 Converter 6.1.9
"Deluge" = Deluge 1.3.5
"EasyBCD" = EasyBCD 2.1.2
"FileZilla Client" = FileZilla Client 3.5.3
"foobar2000" = foobar2000 v1.1.9
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"Hard Disk Sentinel_is1" = Hard Disk Sentinel PRO
"HDClone.Free.4.2.0.1033-{61D2D074-96E3-4813-B439-93D4799EEE26}" = HDClone 4.2 Free Edition
"InstallShield_{19B5CAAF-3E36-40F4-83F2-45E0D258000C}" = 神採りアルケミーマイスター Append02
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{41810510-3CE0-425B-BE07-B9793731737F}" = 神採りアルケミーマイスター
"InstallShield_{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}" = 神採りアルケミーマイスター Ver2.00 Update
"InstallShield_{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}" = 神採りアルケミーマイスター Append01
"Katawa Shoujo" = Katawa Shoujo
"lavfilters_is1" = LAV Filters 0.52.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"Mozilla Thunderbird 10.0.2 (x86 en-US)" = Mozilla Thunderbird 10.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"RollerCoaster Tycoon 2 v1.00" = RollerCoaster Tycoon 2 v1.00
"SecureW2 Enterprise Client" = SecureW2 Enterprise Client 3.5.7
"Steam App 105600" = Terraria
"Steam App 107100" = Bastion
"Steam App 107200" = Space Pirates and Zombies
"Steam App 107800" = Rochard
"Steam App 108500" = Vessel
"Steam App 113200" = The Binding Of Isaac
"Steam App 16810" = Sid Meier's Civilization IV: Colonization
"Steam App 17470" = Dead Space
"Steam App 17710" = Nuclear Dawn
"Steam App 200710" = Torchlight II
"Steam App 200900" = Cave Story+
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 207420" = Wizorb
"Steam App 207490" = Rayman Origins
"Steam App 20820" = Shatter
"Steam App 209830" = Lone Survivor
"Steam App 212800" = Super Crate Box
"Steam App 214790" = The Basement Collection
"Steam App 22320" = The Elder Scrolls III: Morrowind
"Steam App 22370" = Fallout 3 - Game of the Year Edition
"Steam App 22380" = Fallout: New Vegas
"Steam App 26800" = Braid
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 34440" = Sid Meier's Civilization IV
"Steam App 34450" = Sid Meier's Civilization IV: Warlords
"Steam App 34460" = Sid Meier's Civilization IV: Beyond the Sword
"Steam App 34470" = Sid Meier's Civilization IV: Colonization
"Steam App 3830" = Psychonauts
"Steam App 38400" = Fallout
"Steam App 38410" = Fallout 2
"Steam App 38420" = Fallout Tactics
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 3910" = Sid Meier's Civilization III: Complete
"Steam App 3990" = Sid Meier's Civilization IV: Warlords
"Steam App 40800" = Super Meat Boy
"Steam App 41500" = Torchlight
"Steam App 41520" = Torchlight Editor
"Steam App 41800" = Gratuitous Space Battles
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 48000" = LIMBO
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 620" = Portal 2
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 65300" = Dustforce
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 6920" = Deus Ex: Invisible War
"Steam App 70300" = VVVVVV
"Steam App 70410" = Recettear: An Item Shop's Tale - Demo
"Steam App 7110" = Jade Empire: Special Edition
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7670" = BioShock
"Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword
"Steam App 94200" = Jamestown
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"xampp" = XAMPP 1.7.7
"XnView_is1" = XnView 1.98.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1" = Ruby 1.9.3-p194
"{2A241A64-9AD1-4D94-A227-6C3D5D2F854D}" = Sid Meier's Civilization 4 Demo
"Bitcoin" = Bitcoin
"Flux" = F.lux
"majikoi" = 真剣で私に恋しなさい!
"Yume Nikki 0.10 English" = Yume Nikki 0.10 English

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/31/2012 12:25:15 PM | Computer Name = Kagamin | Source = WinMgmt | ID = 10
Description =

Error - 10/31/2012 1:08:50 PM | Computer Name = Kagamin | Source = Application Error | ID = 1000
Description = Faulting application name: bioshock.exe, version: 1.0.0.0, time stamp:
0x474f5a3a Faulting module name: bioshock.exe, version: 1.0.0.0, time stamp: 0x474f5a3a
Exception
code: 0xc0000005 Fault offset: 0x0058f1d5 Faulting process id: 0xd50 Faulting application
start time: 0x01cdb78878d25d20 Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\bioshock.exe
Faulting
module path: C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\bioshock.exe
Report
Id: a3c05030-237d-11e2-850e-000272b2919c

Error - 10/31/2012 2:28:00 PM | Computer Name = Kagamin | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 11/1/2012 11:05:18 AM | Computer Name = Kagamin | Source = WinMgmt | ID = 10
Description =

Error - 11/8/2012 9:52:33 PM | Computer Name = Kagamin | Source = WinMgmt | ID = 10
Description =

Error - 11/8/2012 11:04:40 PM | Computer Name = Kagamin | Source = WinMgmt | ID = 10
Description =

Error - 11/8/2012 11:13:53 PM | Computer Name = Kagamin | Source = Windows Backup | ID = 4103
Description =

Error - 11/9/2012 1:25:52 PM | Computer Name = Kagamin | Source = WinMgmt | ID = 10
Description =

Error - 11/9/2012 4:15:41 PM | Computer Name = Kagamin | Source = Application Error | ID = 1000
Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process
id: 0x784 Faulting application start time: 0x01cdbe9f4375fd80 Faulting application
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: 3b63f288-2aaa-11e2-8024-000272b2919c

Error - 11/9/2012 4:17:50 PM | Computer Name = Kagamin | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5/8/2012 11:41:05 AM | Computer Name = Austin-PC | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness service depends on the Network Store
Interface Service service which failed to start because of the following error:
%%1068

Error - 5/8/2012 11:41:05 AM | Computer Name = Austin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD BIOS CSC DfsC discache ElbyCDIO MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx VBoxDrv
VBoxUSBMon
vwififlt
Wanarpv6
WfpLwf

Error - 5/8/2012 11:52:22 AM | Computer Name = Austin-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 5/8/2012 2:20:08 PM | Computer Name = Austin-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 5/8/2012 10:48:25 PM | Computer Name = Austin-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 5/9/2012 1:32:35 PM | Computer Name = Austin-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 5/10/2012 2:14:52 AM | Computer Name = Austin-PC | Source = DCOM | ID = 10010
Description =

Error - 5/11/2012 2:37:53 PM | Computer Name = Austin-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 5/11/2012 3:36:32 PM | Computer Name = Austin-PC | Source = bowser | ID = 8003
Description =

Error - 5/12/2012 4:04:23 PM | Computer Name = Austin-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842


< End of report >

Edited by tenrii, 09 November 2012 - 04:28 PM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello tenrii and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.

Step 2

Download GMER from Here. Note the file\'s name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
tenrii

tenrii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

[*]You must reply within 3 days or your topic will be closed[/list]


Ordinarily this would not be a problem, but due to the holiday I am currently not in a location where I can access my computer and will not return to one until Sunday night. I apologize for any inconvenience but I do really hope this will be okay, extenuating circumstances and all.

Edited by tenrii, 22 November 2012 - 12:22 PM.

  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi tenrii,

Don't worry. I'll leave this topic open until you respond. Thank you for letting me know.
  • 0

#5
tenrii

tenrii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Posting the OTL log now, sorry for the delay. For some reason it did not give me an extras log. Will run the GMER scan after posting this.

OTL logfile created on: 11/25/2012 10:46:10 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Austin\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 60.60% Memory free
8.00 Gb Paging File | 6.18 Gb Available in Paging File | 77.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 336.21 Gb Total Space | 114.12 Gb Free Space | 33.94% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1809.16 Gb Free Space | 97.11% Space Free | Partition Type: NTFS
Drive E: | 2328.64 Gb Total Space | 1705.07 Gb Free Space | 73.22% Space Free | Partition Type: NTFS

Computer Name: KAGAMIN | User Name: Austin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/11/25 10:45:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Austin\Downloads\OTL (1).exe
PRC - [2012/10/02 17:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/08/06 09:34:52 | 004,249,752 | ---- | M] (H.D.S. Hungary) -- C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
PRC - [2012/04/16 08:48:49 | 000,565,480 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
PRC - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/03/12 14:43:38 | 000,241,808 | ---- | M] (Paltiosoft Inc.) -- C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
PRC - [2010/02/03 14:10:22 | 001,642,496 | ---- | M] (Edimax Technology Co., Ltd.) -- C:\Program Files (x86)\Edimax\Common\RaUI.exe
PRC - [2009/12/16 12:49:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 11:11:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/15 11:10:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/15 11:10:49 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/15 11:10:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/15 11:10:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/15 11:10:28 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/15 11:10:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/04/16 08:48:49 | 000,565,480 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
MOD - [2009/12/11 01:16:08 | 000,918,816 | ---- | M] () -- C:\Program Files (x86)\Edimax\Common\RaWLAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/07/27 21:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/02/17 20:56:32 | 000,088,688 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\KaraokeSer.exe -- (KaraokeService)
SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/11/20 11:43:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/24 00:27:46 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/02 17:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 08:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/12 14:43:38 | 000,241,808 | ---- | M] (Paltiosoft Inc.) [Auto | Running] -- C:\Program Files (x86)\SoftDenchi\UCManSvc.exe -- (UCManSvc)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/16 12:49:12 | 000,212,256 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2009/12/16 12:49:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Edimax\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009/07/13 00:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/27 23:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/27 20:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/07/03 10:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/05/14 01:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/17 20:56:36 | 002,709,104 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012/01/18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 05:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/11/04 12:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/12 11:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/07/28 03:14:06 | 001,241,952 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/10/23 11:04:24 | 000,329,728 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2009/10/22 08:49:28 | 000,057,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2009/10/22 08:46:22 | 000,240,128 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2009/10/21 12:58:14 | 000,031,744 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2009/10/21 08:42:38 | 000,126,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2009/10/20 10:51:28 | 000,025,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/25 15:23:56 | 000,047,616 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (AthDfu)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 00:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009/06/30 15:34:00 | 001,797,120 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AMBFt64.sys -- (AMBFilt64)
DRV:64bit: - [2009/06/17 21:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/12/02 13:57:00 | 001,854,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MonFt64.sys -- (MonFilt64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/17 21:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 01 5A 2F D3 AE CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://boards.4chan.org/a/"
FF - prefs.js..extensions.enabledAddons: firebug%40software.joehewitt.com:1.9.1
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: ponify%40pterocorn.blogspot.com:0.96
FF - prefs.js..extensions.enabledAddons: rikaichan-jpen%40polarcloud.com:2.01.110814
FF - prefs.js..extensions.enabledAddons: scriptish%40erikvold.com:0.1.5
FF - prefs.js..extensions.enabledAddons: treestyletab%40piro.sakura.ne.jp:0.14.2012050301
FF - prefs.js..extensions.enabledAddons: %7B0AA9101C-D3C1-4129-A9B7-D778C6A17F82%7D:2.04
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.2.4
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.2.3
FF - prefs.js..extensions.enabledAddons: %7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D:2.0.1
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 9.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2011/11/13 23:15:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 9.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/20 11:44:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/20 11:43:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/15 15:00:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/20 11:44:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/20 11:43:18 | 000,000,000 | ---D | M]

[2012/05/20 12:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Extensions
[2012/10/30 13:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions
[2011/10/27 18:53:19 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2012/09/14 14:05:22 | 000,000,000 | ---D | M] (Perapera Chinese) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\[email protected]
[2012/09/09 20:42:18 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\[email protected]
[2011/10/27 18:54:31 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\[email protected]
[2012/02/07 15:40:12 | 001,331,409 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\[email protected]
[2011/10/27 16:48:28 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\[email protected]
[2012/04/03 21:40:48 | 000,047,472 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\[email protected]
[2011/11/20 12:45:13 | 000,220,972 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\[email protected]
[2011/11/03 23:25:27 | 000,583,875 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\[email protected]
[2012/06/17 21:15:59 | 000,271,744 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\[email protected]
[2012/10/30 13:18:32 | 000,075,799 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi
[2011/11/20 18:03:39 | 000,249,155 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2011/12/07 14:07:57 | 000,520,267 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011/12/04 02:33:54 | 000,332,561 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2011/12/15 11:44:26 | 000,644,152 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/12/02 16:56:39 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/03/05 22:25:20 | 000,686,359 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2011/12/16 12:22:34 | 000,773,913 | ---- | M] () (No name found) -- C:\Users\Austin\AppData\Roaming\Mozilla\Firefox\Profiles\6ij5i0hm.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi
[2012/11/20 11:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/20 11:41:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/20 11:44:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 02:11:06 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 19:34:51 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: YouTube = C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Austin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\ASUS Bluetooth Suite\BtvStack.exe ()
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe (SecureW2 B.V.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VIAJDS] C:\Program Files (x86)\VIA\VIAudioi\HDADeck\VIAJDS.exe (TODO: <Company name>)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [F.lux] C:\Users\Austin\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.119.101.1 128.119.100.83
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A319634-74F2-4FF6-9D4F-3EB7B449F1AF}: DhcpNameServer = 128.119.101.1 128.119.100.83
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/20 11:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/15 18:40:04 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Local\201280
[2012/11/09 12:39:45 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\Malwarebytes
[2012/11/09 12:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/09 12:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/09 12:38:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/09 12:38:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/09 12:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/11/08 23:11:30 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/11/08 23:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/11/08 23:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/11/08 22:05:32 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Local\AMD
[2012/11/08 22:05:14 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\ATI
[2012/11/08 22:05:14 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Local\ATI
[2012/11/08 22:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/11/08 22:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/11/08 22:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/11/08 22:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/11/08 22:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/11/08 22:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/11/08 21:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/11/08 21:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/11/08 21:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/11/08 21:58:24 | 000,000,000 | ---D | C] -- C:\AMD
[2012/10/31 19:54:01 | 000,000,000 | ---D | C] -- C:\madVR
[2012/10/31 19:52:39 | 000,000,000 | ---D | C] -- C:\madFlac
[2012/10/31 19:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LAV Filters
[2012/10/31 19:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2012/10/31 19:50:37 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2012/10/31 19:50:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haali
[2012/10/31 19:37:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mpc-hc SSE2 tester dfr4739
[2012/10/30 22:18:02 | 000,000,000 | ---D | C] -- C:\Users\Austin\Documents\Bioshock
[2012/10/30 00:52:40 | 000,000,000 | ---D | C] -- C:\Users\Austin\AppData\Local\Electronic Arts
[2012/10/30 00:52:27 | 000,000,000 | ---D | C] -- C:\Users\Austin\Documents\Electronic Arts
[2012/10/30 00:51:24 | 000,000,000 | ---D | C] -- C:\Users\Austin\Documents\Electrontic Arts
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/25 10:49:13 | 000,022,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/25 10:49:13 | 000,022,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/25 10:45:22 | 000,847,092 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/25 10:45:22 | 000,699,394 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/25 10:45:22 | 000,140,306 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/25 10:41:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/25 10:39:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/25 10:39:34 | 3220,725,760 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/21 01:16:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/15 11:05:30 | 004,850,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/11 23:30:16 | 000,007,602 | ---- | M] () -- C:\Users\Austin\AppData\Local\Resmon.ResmonCfg
[2012/11/08 23:11:30 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/11/08 22:03:38 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/10/29 12:20:22 | 000,001,189 | ---- | M] () -- C:\Users\Austin\SuperAnTester.java
[2012/10/28 19:12:01 | 000,000,399 | ---- | M] () -- C:\Users\Austin\SuperAnagram.java
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/15 01:01:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 00:56:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/11 23:30:16 | 000,007,602 | ---- | C] () -- C:\Users\Austin\AppData\Local\Resmon.ResmonCfg
[2012/11/08 22:03:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/11/08 20:52:12 | 3220,725,760 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/28 14:58:27 | 000,001,189 | ---- | C] () -- C:\Users\Austin\SuperAnTester.java
[2012/10/28 13:35:00 | 000,000,399 | ---- | C] () -- C:\Users\Austin\SuperAnagram.java
[2012/10/11 18:18:12 | 000,000,930 | ---- | C] () -- C:\Users\Austin\c.class
[2012/10/11 18:17:48 | 000,000,613 | ---- | C] () -- C:\Users\Austin\c.java
[2012/10/11 17:38:15 | 000,000,425 | ---- | C] () -- C:\Users\Austin\b.class
[2012/10/11 17:22:51 | 000,000,452 | ---- | C] () -- C:\Users\Austin\a.class
[2012/10/11 17:21:54 | 000,000,197 | ---- | C] () -- C:\Users\Austin\a.java
[2012/10/09 16:43:15 | 000,000,137 | ---- | C] () -- C:\Users\Austin\b.java
[2012/10/01 17:56:02 | 000,001,160 | ---- | C] () -- C:\Users\Austin\Positions.class
[2012/10/01 17:54:05 | 000,000,638 | ---- | C] () -- C:\Users\Austin\Positions.java
[2012/09/30 20:42:44 | 000,000,576 | ---- | C] () -- C:\Users\Austin\BrankingDriver.class
[2012/09/30 20:42:28 | 000,000,289 | ---- | C] () -- C:\Users\Austin\BrankingDriver.java
[2012/09/15 23:11:46 | 000,000,047 | ---- | C] () -- C:\Users\Austin\jagex_cl_loginapplet_LIVE.dat
[2012/08/21 18:44:25 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/08/07 18:58:04 | 000,000,218 | ---- | C] () -- C:\Users\Austin\AppData\Local\recently-used.xbel
[2012/07/27 20:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 20:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/07/04 02:36:42 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/06/03 18:23:33 | 000,000,024 | ---- | C] () -- C:\Users\Austin\jagexappletviewer.preferences
[2012/06/03 18:04:12 | 000,000,046 | ---- | C] () -- C:\Users\Austin\jagex_cl_runescape_LIVE1.dat
[2012/06/03 17:52:37 | 000,000,045 | ---- | C] () -- C:\Users\Austin\jagex_cl_runescape_LIVE.dat
[2012/06/03 17:52:37 | 000,000,024 | ---- | C] () -- C:\Users\Austin\random.dat
[2012/05/28 21:12:26 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012/05/15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/04/30 14:29:17 | 000,000,187 | ---- | C] () -- C:\Users\Austin\AppData\Roaming\.slime-history.eld
[2012/04/12 06:55:23 | 000,005,950 | ---- | C] () -- C:\Users\Austin\_viminfo
[2012/02/21 18:27:22 | 000,000,940 | ---- | C] () -- C:\Users\Austin\PrefixTester.class
[2012/02/21 18:26:30 | 000,000,437 | ---- | C] () -- C:\Users\Austin\PrefixTester.java
[2012/02/21 18:26:30 | 000,000,030 | ---- | C] () -- C:\Users\Austin\PrefixTester.java~
[2012/02/08 18:49:20 | 000,000,775 | ---- | C] () -- C:\Users\Austin\Fallout.class
[2012/02/08 18:48:05 | 000,000,251 | ---- | C] () -- C:\Users\Austin\Fallout.java
[2012/02/08 18:48:05 | 000,000,088 | ---- | C] () -- C:\Users\Austin\Fallout.java~
[2012/02/07 18:33:07 | 000,001,407 | ---- | C] () -- C:\Users\Austin\Banking.class
[2012/02/07 18:32:15 | 000,000,977 | ---- | C] () -- C:\Users\Austin\BankingDriver.class
[2012/02/07 18:31:52 | 000,000,875 | ---- | C] () -- C:\Users\Austin\Banking.java
[2012/02/07 18:31:43 | 000,000,827 | ---- | C] () -- C:\Users\Austin\BankingDriver.java~
[2012/02/07 18:31:43 | 000,000,666 | ---- | C] () -- C:\Users\Austin\BankingDriver.java
[2012/02/07 18:30:03 | 000,000,875 | ---- | C] () -- C:\Users\Austin\[bleep]class.java
[2012/02/02 16:05:59 | 000,000,568 | ---- | C] () -- C:\Users\Austin\Greetings.class
[2012/02/02 16:05:37 | 000,000,184 | ---- | C] () -- C:\Users\Austin\Greetings.java~
[2012/02/02 16:05:37 | 000,000,177 | ---- | C] () -- C:\Users\Austin\Greetings.java
[2012/02/02 12:49:34 | 000,000,787 | ---- | C] () -- C:\Users\Austin\FirstProgram.class
[2012/01/31 18:55:09 | 000,000,391 | ---- | C] () -- C:\Users\Austin\FirstProgram.java
[2012/01/31 18:55:09 | 000,000,120 | ---- | C] () -- C:\Users\Austin\FirstProgram.java~
[2012/01/27 22:57:00 | 000,001,374 | ---- | C] () -- C:\Users\Austin\.drjava
[2012/01/18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/10/30 22:11:45 | 000,000,600 | ---- | C] () -- C:\Users\Austin\AppData\Roaming\winscp.rnd
[2011/10/30 21:06:11 | 000,000,132 | ---- | C] () -- C:\Users\Austin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/10/27 16:06:30 | 000,870,038 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/30 14:30:09 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\.emacs.d
[2012/10/24 21:29:39 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\.minecraft
[2012/09/11 17:55:13 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\.Spoutcraft
[2012/10/31 12:08:50 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Bioshock
[2012/06/21 16:59:34 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Bitcoin
[2012/11/09 12:31:19 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\BitTorrent
[2012/09/29 21:32:54 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\collection
[2012/04/30 14:28:56 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\common-lisp
[2012/11/09 12:31:21 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\DAEMON Tools Lite
[2012/08/07 18:45:37 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\deluge
[2012/05/19 16:45:50 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Dev-Cpp
[2012/04/11 18:44:39 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Downloaded Installations
[2012/04/13 01:51:53 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Dropbox
[2012/11/09 12:31:19 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\FileZilla
[2012/06/25 10:55:51 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\FLAC to MP3 Converter
[2012/11/18 17:31:59 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\foobar2000
[2012/06/03 20:23:05 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\GetRightToGo
[2012/10/17 18:25:21 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Hard Disk Sentinel
[2012/02/12 01:18:18 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\HeidiSQL
[2012/10/24 19:43:05 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\LolClient
[2012/05/19 16:48:45 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Moonchild Productions
[2012/09/11 18:17:47 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Mumble
[2012/09/07 13:50:33 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\My Games
[2011/10/30 22:56:56 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Notepad++
[2011/10/28 17:44:42 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\OpenOffice.org
[2011/12/11 15:15:18 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Opera
[2012/04/17 05:53:39 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Pokemon Online
[2012/01/03 00:05:18 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\puush
[2012/05/03 15:45:48 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\RenPy
[2012/09/19 13:57:00 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\runic games
[2012/10/24 14:44:52 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\SystemRequirementsLab
[2011/12/04 02:44:21 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\Thunderbird
[2012/11/20 11:29:40 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\uTorrent
[2011/12/18 15:40:42 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\X-Chat 2
[2012/05/30 13:00:36 | 000,000,000 | ---D | M] -- C:\Users\Austin\AppData\Roaming\XnView

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/11/10 15:15:21 | 003,206,144 | ---- | M] (Microsoft Corporation) MD5=2BB457EDBA37215C7EBC0057674A5E48 -- C:\Windows\SysNative\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\W7SOC\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 20 bytes -> C:\Users\Austin\Documents\College:Mac_Metadata

< End of report >
  • 0

#6
tenrii

tenrii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-25 11:55:52
Windows 6.1.7601 Service Pack 1
Running: ezkv0wcg.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272b2919c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x3A 0x25 0xE9 0xC4 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272b2919c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x3A 0x25 0xE9 0xC4 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\[email protected]:\Visual Novels\Fate \x2044 stay night\Fate-stay_night_English_v3.2_[mirror_moon].exe 1

---- Files - GMER 1.0.15 ----

File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$R143V7O.txt 17734 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$I143V7O.txt 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$I4FPB0T.ini 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$I56NPNQ.txt 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$I5WPT46.txt 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$I611UOT.dll 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$I7VFKEU.dll 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$I8HZNP5.txt 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$I92ZSH2.cab 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$IC62YP9.bmp 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$IEHPRNP.MSI 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$IH4GKTP.txt 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$IH5FU69.dll 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$IHAU992.dll 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$IHB55OS.dll 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$IJGUX5H.ini 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$IK429L9.exe 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$IKT1L06.txt 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$IMKIZN1.dll 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$IQPEYQY.txt 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$IT4QOJO.txt 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$IWKLVTF.txt 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$IXZB320.dll 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$IYRN9UP.dll 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$IZ9AN3Y.dll 544 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$R4FPB0T.ini 1110 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$R56NPNQ.txt 17734 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$R5WPT46.txt 17734 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$R611UOT.dll 76304 bytes executable
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$R7VFKEU.dll 97296 bytes executable
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$R8HZNP5.txt 17734 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$R92ZSH2.cab 1442522 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$RC62YP9.bmp 5686 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$REHPRNP.MSI 232960 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$RH4GKTP.txt 17734 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$RH5FU69.dll 81424 bytes executable
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$RHAU992.dll 79888 bytes executable
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$RHB55OS.dll 96272 bytes executable
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$RJGUX5H.ini 843 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$RK429L9.exe 562688 bytes executable
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$RKT1L06.txt 118 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$RMKIZN1.dll 75792 bytes executable
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$RQPEYQY.txt 17734 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$RT4QOJO.txt 17734 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$RWKLVTF.txt 10134 bytes
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$RXZB320.dll 96272 bytes executable
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$RYRN9UP.dll 91152 bytes executable
File E:\$RECYCLE.BIN\S-1-5-21-2986374816-1560656078-681941709-1000\$RZ9AN3Y.dll 95248 bytes executable
File E:\System Volume Information\SPP 0 bytes
File E:\System Volume Information\SPP\OnlineMetadataCache 0 bytes
File E:\System Volume Information\SPP\OnlineMetadataCache\{4397e10c-a8b3-473e-84ce-ac384a9e068c}_OnDiskSnapshotProp 22120 bytes
File E:\Anime 0 bytes
File E:\Anime\Boku wa Tomodachi ga Sukunai 0 bytes
File E:\Anime\Boku wa Tomodachi ga Sukunai\[Coalgirls]_Boku_wa_Tomodachi_ga_Sukunai_09_(1280x720_Blu-Ray_FLAC)_[8FF25872].mkv 498520731 bytes
File E:\Anime\Boku wa Tomodachi ga Sukunai\desktop.ini 184 bytes
File E:\Anime\Boku wa Tomodachi ga Sukunai\[Coalgirls]_Boku_wa_Tomodachi_ga_Sukunai_01_(1280x720_Blu-Ray_FLAC)_[FB393A04].mkv 566173111 bytes
File E:\Anime\Boku wa Tomodachi ga Sukunai\[Coalgirls]_Boku_wa_Tomodachi_ga_Sukunai_02_(1280x720_Blu-Ray_FLAC)_[4987B322].mkv 583751026 bytes
File E:\Anime\Boku wa Tomodachi ga Sukunai\[Coalgirls]_Boku_wa_Tomodachi_ga_Sukunai_03_(1280x720_Blu-Ray_FLAC)_[D5600E9A].mkv 581420181 bytes
File E:\Anime\Boku wa Tomodachi ga Sukunai\[Coalgirls]_Boku_wa_Tomodachi_ga_Sukunai_04_(1280x720_Blu-Ray_FLAC)_[754F2483].mkv 563251462 bytes
File E:\Anime\Boku wa Tomodachi ga Sukunai\[Coalgirls]_Boku_wa_Tomodachi_ga_Sukunai_05_(1280x720_Blu-Ray_FLAC)_[66E5AEC1].mkv 605698435 bytes
File E:\Anime\Boku wa Tomodachi ga Sukunai\[Coalgirls]_Boku_wa_Tomodachi_ga_Sukunai_06_(1280x720_Blu-Ray_FLAC)_[F4F58BA8].mkv 564644280 bytes
File E:\Anime\Boku wa Tomodachi ga Sukunai\[Coalgirls]_Boku_wa_Tomodachi_ga_Sukunai_07_(1280x720_Blu-Ray_FLAC)_[93CA8CFB].mkv 523732236 bytes
File E:\Anime\Boku wa Tomodachi ga Sukunai\[Coalgirls]_Boku_wa_Tomodachi_ga_Sukunai_08_(1280x720_Blu-Ray_FLAC)_[7D5EA4BB].mkv 591257285 bytes
File E:\Anime\Boku wa Tomodachi ga Sukunai\[Coalgirls]_Boku_wa_Tomodachi_ga_Sukunai_10_(1280x720_Blu-Ray_FLAC)_[6EF85814].mkv 570716065 bytes
File E:\Anime\Boku wa Tomodachi ga Sukunai\[Coalgirls]_Boku_wa_Tomodachi_ga_Sukunai_11_(1280x720_Blu-Ray_FLAC)_[C6CC4CB6].mkv 579812191 bytes
File E:\Anime\Boku wa Tomodachi ga Sukunai\[Coalgirls]_Boku_wa_Tomodachi_ga_Sukunai_12_(1280x720_Blu-Ray_FLAC)_[F71A8A5D].mkv 557360127 bytes
File E:\Anime\Boku wa Tomodachi ga Sukunai\[Coalgirls]_Boku_wa_Tomodachi_ga_Sukunai_13_(1280x720_Blu-Ray_FLAC)_[48CC3C05].mkv 640247746 bytes
File E:\Anime\Boku wa Tomodachi ga Sukunai\[Coalgirls]_Boku_wa_Tomodachi_ga_Sukunai_NCED_(1280x720_Blu-Ray_FLAC)_[7BED4E64].mkv 67290590 bytes
File E:\Anime\Boku wa Tomodachi ga Sukunai\[Coalgirls]_Boku_wa_Tomodachi_ga_Sukunai_NCOP(fx)_(1280x720_Blu-Ray_FLAC)_[EF303695].mkv 90585158 bytes
File E:\Anime\Boku wa Tomodachi ga Sukunai\[Coalgirls]_Boku_wa_Tomodachi_ga_Sukunai_NCOP_(1280x720_Blu-Ray_FLAC)_[10628956].mkv 90817749 bytes
File E:\Anime\Chihayafuru 0 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 11 [BD][720p][AAC].mp4 216132363 bytes
File E:\Anime\Chihayafuru\desktop.ini 168 bytes
File E:\Anime\Chihayafuru\info.txt 94 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 01 [BD][720p][AAC].mp4 217893500 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 02 [BD][720p][AAC].mp4 212912401 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 03 [BD][720p][AAC].mp4 222226360 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 04 [BD][720p][AAC].mp4 190763688 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 05 [BD][720p][AAC].mp4 219147292 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 06 [BD][720p][AAC].mp4 221915988 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 07 [BD][720p][AAC].mp4 183443728 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 08 [BD][720p][AAC].mp4 213312236 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 09 [BD][720p][AAC].mp4 190824557 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 10 [BD][720p][AAC].mp4 202757188 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 12 [BD][720p][AAC].mp4 197073729 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 13 [BD][720p][AAC].mp4 193189740 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 14 [BD][720p][AAC].mp4 216988968 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 15 [BD][720p][AAC].mp4 188402616 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 16 [BD][720p][AAC].mp4 204866325 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 17 [BD][720p][AAC].mp4 210321793 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 18 [BD][720p][AAC].mp4 206813173 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 19 [BD][720p][AAC].mp4 201839905 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 20 [BD][720p][AAC].mp4 204072157 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 21 [BD][720p][AAC].mp4 184402307 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 22 [BD][720p][AAC].mp4 220298201 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 23v2 [BD][720p][AAC].mp4 187451586 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 24 [BD][720p][AAC].mp4 205939208 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru - 25 [BD][720p][AAC].mp4 214344405 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru NCED [BD][720p][AAC].mp4 15975000 bytes
File E:\Anime\Chihayafuru\[DeadFish] Chihayafuru NCOP [BD][720p][AAC].mp4 18974446 bytes
File E:\Anime\Chuunibyou Demo Koi ga Shitai! 0 bytes
File E:\Anime\Chuunibyou Demo Koi ga Shitai!\desktop.ini 187 bytes
File E:\Anime\Chuunibyou Demo Koi ga Shitai!\[gg]_Chuunibyou_Demo_Koi_ga_Shitai!_-_01_[5B6EFD1F].mkv 383880238 bytes
File E:\Anime\Chuunibyou Demo Koi ga Shitai!\[gg]_Chuunibyou_Demo_Koi_ga_Shitai!_-_02_[D9C76A37].mkv 362681658 bytes
File E:\Anime\Chuunibyou Demo Koi ga Shitai!\[gg]_Chuunibyou_Demo_Koi_ga_Shitai!_-_03_[F0F2EAFB].mkv 393146711 bytes
File E:\Anime\Chuunibyou Demo Koi ga Shitai!\[gg]_Chuunibyou_Demo_Koi_ga_Shitai!_-_04_[7AA74CD9].mkv 379301209 bytes
File E:\Anime\Chuunibyou Demo Koi ga Shitai!\[gg]_Chuunibyou_Demo_Koi_ga_Shitai!_-_05_[38F3C4D9].mkv 352930456 bytes
File E:\Anime\Chuunibyou Demo Koi ga Shitai!\[gg]_Chuunibyou_Demo_Koi_ga_Shitai!_-_06_[BF8B7DD9].mkv 383187564 bytes
File E:\Anime\Chuunibyou Demo Koi ga Shitai!\[gg]_Chuunibyou_Demo_Koi_ga_Shitai!_-_07_[C4BA1D17].mkv 351714169 bytes
File E:\Anime\Girls und Panzer 0 bytes
File E:\Anime\Girls und Panzer\desktop.ini 173 bytes
File E:\Anime\Girls und Panzer\[HorribleSubs] GIRLS und PANZER - 01 [720p].mkv 345005311 bytes
File E:\Anime\Girls und Panzer\[HorribleSubs] GIRLS und PANZER - 02 [720p].mkv 345811234 bytes
File E:\Anime\Girls und Panzer\[HorribleSubs] GIRLS und PANZER - 03 [720p].mkv 345839434 bytes
File E:\Anime\Girls und Panzer\[HorribleSubs] GIRLS und PANZER - 04 [720p].mkv 345229581 bytes
File E:\Anime\Girls und Panzer\[HorribleSubs] GIRLS und PANZER - 05 [720p].mkv 345742793 bytes
File E:\Anime\JoJo's Bizarre Adventure 0 bytes
File E:\Anime\JoJo's Bizarre Adventure\desktop.ini 195 bytes
File E:\Anime\JoJo's Bizarre Adventure\[Commie] JoJo's Bizarre Adventure - 06 [8482FF96].mkv 431004340 bytes
File E:\Anime\JoJo's Bizarre Adventure\[gg]_Jojo's_Bizarre_Adventure_-_01_[5CDCAEAF].mkv 406696681 bytes
File E:\Anime\JoJo's Bizarre Adventure\[gg]_Jojo's_Bizarre_Adventure_-_02_[A974E492].mkv 498963834 bytes
File E:\Anime\JoJo's Bizarre Adventure\[gg]_Jojo's_Bizarre_Adventure_-_03_[B22CB20A].mkv 534561513 bytes
File E:\Anime\JoJo's Bizarre Adventure\[gg]_Jojo's_Bizarre_Adventure_-_04_[A142D988].mkv 478515486 bytes
File E:\Anime\JoJo's Bizarre Adventure\[gg]_Jojo's_Bizarre_Adventure_-_05_[65C22F09].mkv 457843496 bytes
File E:\Anime\JoJo's Bizarre Adventure\[gg]_Jojo's_Bizarre_Adventure_-_07_[029F99EF].mkv 435460538 bytes
File E:\Anime\Kill Me Baby 0 bytes
File E:\Anime\Kill Me Baby\[UTW-Mazui]_Kill_Me_Baby_-_11_[h264-720p][01E9FCAE].mkv 207847271 bytes
File E:\Anime\Kill Me Baby\desktop.ini 169 bytes
File E:\Anime\Kill Me Baby\[UTW-Mazui]_Kill_Me_Baby_-_01v2_[h264-720p][D277F47D].mkv 230849531 bytes
File E:\Anime\Kill Me Baby\[UTW-Mazui]_Kill_Me_Baby_-_02v2_[h264-720p][D257EB05].mkv 212746851 bytes
File E:\Anime\Kill Me Baby\[UTW-Mazui]_Kill_Me_Baby_-_03_[h264-720p][6DDE5ACE].mkv 218335975 bytes
File E:\Anime\Kill Me Baby\[UTW-Mazui]_Kill_Me_Baby_-_04v2_[h264-720p][6231C938].mkv 212203882 bytes
File E:\Anime\Kill Me Baby\[UTW-Mazui]_Kill_Me_Baby_-_05_[h264-720p][A956963E].mkv 273525373 bytes
File E:\Anime\Kill Me Baby\[UTW-Mazui]_Kill_Me_Baby_-_06v2_[h264-720p][66FE0C8F].mkv 256018131 bytes
File E:\Anime\Kill Me Baby\[UTW-Mazui]_Kill_Me_Baby_-_07_[h264-720p][3E82FF36].mkv 230689891 bytes
File E:\Anime\Kill Me Baby\[UTW-Mazui]_Kill_Me_Baby_-_08_[h264-720p][FCC27D45].mkv 255829245 bytes
File E:\Anime\Kill Me Baby\[UTW-Mazui]_Kill_Me_Baby_-_09_[h264-720p][3B1FBC3C].mkv 194154141 bytes
File E:\Anime\Kill Me Baby\[UTW-Mazui]_Kill_Me_Baby_-_10_[h264-720p][EE97C340].mkv 255371662 bytes
File E:\Anime\Kill Me Baby\[UTW-Mazui]_Kill_Me_Baby_-_12_[h264-720p][6D250A55].mkv 236970216 bytes
File E:\Anime\Kill Me Baby\[UTW-Mazui]_Kill_Me_Baby_-_13_[h264-720p][565FC8E5].mkv 234317346 bytes
File E:\Anime\Nichijou 0 bytes
File E:\Anime\Nichijou\desktop.ini 165 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_01_(1280x720_H.264_AAC)_[714D40B8].mkv 297432256 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_02_(1280x720_H.264_AAC)_[4A2D844B].mkv 324873529 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_03_(1280x720_H.264_AAC)_[35CB9E9E].mkv 230714090 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_04_(1280x720_H.264_AAC)_[37852E4C].mkv 239946612 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_05_(1280x720_H.264_AAC)_[F43BA31F].mkv 275762732 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_06_(1280x720_H.264_AAC)_[3710DF31].mkv 342842640 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_07_(1280x720_H.264_AAC)_[236F4E27].mkv 295038658 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_08_(1280x720_H.264_AAC)_[AA4D7345].mkv 256139011 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_09_(1280x720_H.264_AAC)_[79BFAD09].mkv 272125353 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_11_(1280x720_H.264_AAC)_[5DC4D405].mkv 234061380 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_12_(1280x720_H.264_AAC)_[2BE0EA46].mkv 308870697 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_13_(1280x720_H.264_AAC)_[84F23487].mkv 226219286 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_14_(1280x720_H.264_AAC)_[DE0490F0].mkv 350269004 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_15_(1280x720_H.264_AAC)_[A383ADEF].mkv 303955948 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_16_(1280x720_H.264_AAC)_[8CCED32D].mkv 274563767 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_17_(1280x720_H.264_AAC)_[6851EA91].mkv 275199131 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_18_(1280x720_H.264_AAC)_[281A3961].mkv 270856811 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_19_(1280x720_H.264_AAC)_[9B1F7FA0].mkv 495455648 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_21_(1280x720_H.264_AAC)_[BF27C828].mkv 328944676 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_22_(1280x720_H.264_AAC)_[0CD98DEA].mkv 308934032 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_23_(1280x720_H.264_AAC)_[C387EA91].mkv 303620296 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_24_(1280x720_H.264_AAC)_[CD6D1E87].mkv 298495535 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_25_(1280x720_H.264_AAC)_[5D6C95EC].mkv 357001368 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_26_(1280x720_H.264_AAC)_[857E55E9].mkv 315148763 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_ED01_(1280x720_H.264_AAC)_[04685564].mkv 52761317 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_ED02_(1280x720_H.264_AAC)_[265DA14A].mkv 54729976 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_ED03_(1280x720_H.264_AAC)_[D0616A1F].mkv 54469117 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_ED05_(1280x720_H.264_AAC)_[8A72084B].mkv 66728694 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_ED06_(1280x720_H.264_AAC)_[9AA1C8E5].mkv 72954479 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_ED07_(1280x720_H.264_AAC)_[52099ABD].mkv 63764244 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_ED08_(1280x720_H.264_AAC)_[57039F23].mkv 73255010 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_ED09_(1280x720_H.264_AAC)_[EA70E5C5].mkv 73791764 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_ED10_(1280x720_H.264_AAC)_[B7913327].mkv 64125978 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_ED11_(1280x720_H.264_AAC)_[6C27AAAE].mkv 67778799 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_ED12_(1280x720_H.264_AAC)_[2E0BD2AC].mkv 70236006 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_ED13_(1280x720_H.264_AAC)_[E4FF7736].mkv 72826304 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_ED14_(1280x720_H.264_AAC)_[69FD3E00].mkv 64452522 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_ED15_(1280x720_H.264_AAC)_[EA2DC267].mkv 73600252 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_ED16_(1280x720_H.264_AAC)_[24191924].mkv 68970552 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_OP1_(1280x720_H.264_AAC)_[3B6CA769].mkv 44928487 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_OP2_(1280x720_H.264_AAC)_[B0039164].mkv 53394468 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_10_(1280x720_H.264_AAC)_[3829862B].mkv 276874033 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_20_(1280x720_H.264_AAC)_[A437A03C].mkv 352675839 bytes
File E:\Anime\Nichijou\[Coalgirls]_Nichijou_ED04_(1280x720_H.264_AAC)_[3E52EA11].mkv 72808870 bytes
File E:\Anime\Onii-chan Dakedo Ai Sae Areba Kankeinai yo ne! 0 bytes
File E:\Anime\Onii-chan Dakedo Ai Sae Areba Kankeinai yo ne!\desktop.ini 203 bytes
File E:\Anime\Onii-chan Dakedo Ai Sae Areba Kankeinai yo ne!\[Doki] Onii-chan Dakedo Ai Sae Areba Kankeinai yo ne - 01 (1280x720 Hi10P AAC) [B66EEF09].mkv 255629814 bytes
File E:\Anime\Onii-chan Dakedo Ai Sae Areba Kankeinai yo ne!\[Doki] Onii-chan Dakedo Ai Sae Areba Kankeinai yo ne - 02 (1280x720 Hi10P AAC) [32B160CA].mkv 274915907 bytes
File E:\Anime\Onii-chan Dakedo Ai Sae Areba Kankeinai yo ne!\[Doki] Onii-chan Dakedo Ai Sae Areba Kankeinai yo ne - 03 (1280x720 Hi10P AAC) [7C020F20].mkv 297313902 bytes
File E:\Anime\Onii-chan Dakedo Ai Sae Areba Kankeinai yo ne!\[Doki] Onii-chan Dakedo Ai Sae Areba Kankeinai yo ne - 04 (1280x720 h264 AAC) [DAA2C637].mkv 215033176 bytes
File E:\Anime\Onii-chan Dakedo Ai Sae Areba Kankeinai yo ne!\[Doki] Onii-chan Dakedo Ai Sae Areba Kankeinai yo ne - 05 (1280x720 h264 AAC) [3FE9ACEF].mkv 218884096 bytes
File E:\Anime\Onii-chan Dakedo Ai Sae Areba Kankeinai yo ne!\[Doki] Onii-chan Dakedo Ai Sae Areba Kankeinai yo ne - 06 (1280x720 h264 AAC) [3BAAC90B].mkv 218840591 bytes
File E:\Anime\Onii-chan Dakedo Ai Sae Areba Kankeinai yo ne!\[Doki] Onii-chan Dakedo Ai Sae Areba Kankeinai yo ne - 07 (1280x720 h264 AAC) [27D76E48].mkv 214797985 bytes
File E:\Anime\Puella Magi Madoka Magica 0 bytes
File E:\Anime\Puella Magi Madoka Magica\[Coalgirls]_Magical_Girl_Madoka_Magica_09_(1280x720_Blu-Ray_FLAC)_[5AACC91D].mkv 783386452 bytes
File E:\Anime\Puella Magi Madoka Magica\desktop.ini 182 bytes
File E:\Anime\Puella Magi Madoka Magica\[Coalgirls]_Magical_Girl_Madoka_Magica_01_(1280x720_Blu-Ray_FLAC)_[18B7E8C4].mkv 717902753 bytes
File E:\Anime\Puella Magi Madoka Magica\[Coalgirls]_Magical_Girl_Madoka_Magica_02_(1280x720_Blu-Ray_FLAC)_[22BF9987].mkv 685817819 bytes
File E:\Anime\Puella Magi Madoka Magica\[Coalgirls]_Magical_Girl_Madoka_Magica_03_(1280x720_Blu-Ray_FLAC)_[65EC813C].mkv 749608371 bytes
File E:\Anime\Puella Magi Madoka Magica\[Coalgirls]_Magical_Girl_Madoka_Magica_04_(1280x720_Blu-Ray_FLAC)_[CEE66B77].mkv 772553471 bytes
File E:\Anime\Puella Magi Madoka Magica\[Coalgirls]_Magical_Girl_Madoka_Magica_05_(1280x720_Blu-Ray_FLAC)_[6963A731].mkv 776584691 bytes
File E:\Anime\Puella Magi Madoka Magica\[Coalgirls]_Magical_Girl_Madoka_Magica_06_(1280x720_Blu-Ray_FLAC)_[212F3E5B].mkv 690938431 bytes
File E:\Anime\Puella Magi Madoka Magica\[Coalgirls]_Magical_Girl_Madoka_Magica_07_(1280x720_Blu-Ray_FLAC)_[7CDB4084].mkv 790265746 bytes
File E:\Anime\Puella Magi Madoka Magica\[Coalgirls]_Magical_Girl_Madoka_Magica_08_(1280x720_Blu-Ray_FLAC)_[594128B9].mkv 850343142 bytes
File E:\Anime\Puella Magi Madoka Magica\[Coalgirls]_Magical_Girl_Madoka_Magica_10_(1280x720_Blu-Ray_FLAC)_[4FFDEF3C].mkv 767388311 bytes
File E:\Anime\Puella Magi Madoka Magica\[Coalgirls]_Magical_Girl_Madoka_Magica_11_(1280x720_Blu-Ray_FLAC)_[571169E8].mkv 970783380 bytes
File E:\Anime\Puella Magi Madoka Magica\[Coalgirls]_Magical_Girl_Madoka_Magica_12_(1280x720_Blu-Ray_FLAC)_[91C279AC].mkv 736648535 bytes
File E:\Anime\Puella Magi Madoka Magica\[Coalgirls]_Magical_Girl_Madoka_Magica_OP_(1280x720_Blu-Ray_FLAC)_[CEF19B89].mkv 52613898 bytes
File E:\Anime\Robotics;Notes 0 bytes
File E:\Anime\Robotics;Notes\desktop.ini 172 bytes
File E:\Anime\Robotics;Notes\[Commie] Robotics;Notes - 01 [AD255FB0].mkv 217749645 bytes
File E:\Anime\Robotics;Notes\[Commie] Robotics;Notes - 02 [CC7F8571].mkv 250971965 bytes
File E:\Anime\Robotics;Notes\[Commie] Robotics;Notes - 03 [E5EB435A].mkv 287213565 bytes
File E:\Anime\Robotics;Notes\[Commie] Robotics;Notes - 04 [C1E1B38F].mkv 227713568 bytes
File E:\Anime\Robotics;Notes\[WhyNot] Robotics;Notes - 05 [0FFC8C0A].mkv 432547990 bytes
File E:\Anime\Robotics;Notes\[WhyNot] Robotics;Notes - 06 [467DD58C].mkv 420838522 bytes
File E:\Anime\Sakurasou no Pet na Kanojo 0 bytes
File E:\Anime\Sakurasou no Pet na Kanojo\desktop.ini 183 bytes
File E:\Anime\Sakurasou no Pet na Kanojo\[rori] Sakurasou no Pet na Kanojo - 01 [C026AA28].mkv 321189677 bytes
File E:\Anime\Sakurasou no Pet na Kanojo\[rori] Sakurasou no Pet na Kanojo - 02 [A5561527].mkv 286707535 bytes
File E:\Anime\Sakurasou no Pet na Kanojo\[rori] Sakurasou no Pet na Kanojo - 03 [6831E7E2].mkv 217550022 bytes
File E:\Anime\Sakurasou no Pet na Kanojo\[rori] Sakurasou no Pet na Kanojo - 04 [1746BF2B].mkv 324266194 bytes
File E:\Anime\Sakurasou no Pet na Kanojo\[rori] Sakurasou no Pet na Kanojo - 05 [AEB8723A].mkv 301959427 bytes
File E:\Anime\Sakurasou no Pet na Kanojo\[rori] Sakurasou no Pet na Kanojo - 06 [3EDE6905].mkv 293698906 bytes
File E:\Anime\Sakurasou no Pet na Kanojo\[rori] Sakurasou no Pet na Kanojo - 07 [DADADAAA].mkv 347046753 bytes
File E:\Anime\Sukitte Ii na yo 0 bytes
File E:\Anime\Sukitte Ii na yo\desktop.ini 175 bytes
File E:\Anime\Sukitte Ii na yo\[Commie] Sukitte Ii na yo. - 06 [EFEC0BC2].mkv 208557771 bytes
File E:\Anime\Sukitte Ii na yo\[Commie] Sukitte Ii na yo. - 07 [D2CBDEAC].mkv 202934566 bytes
File E:\Anime\Sukitte Ii na yo\[IB] Sukitte Iinayo - 01v2 [720p] [10bit] [587F59AC].mkv 238370410 bytes
File E:\Anime\Sukitte Ii na yo\[IB] Sukitte Iinayo - 02 [720p] [10bit] [428D5C8B].mkv 226024078 bytes
File E:\Anime\Sukitte Ii na yo\[IB] Sukitte Iinayo - 03 [720p] [10bit] [2C61BFB9].mkv 231034820 bytes
File E:\Anime\Sukitte Ii na yo\[IB] Sukitte Iinayo - 04 [720p] [10bit] [8F819AFD].mkv 204129541 bytes
File E:\Anime\Sukitte Ii na yo\[IB] Sukitte Iinayo - 05 [720p] [10bit] [99084E57].mkv 199405144 bytes
File E:\Anime\Tonari no Kaibutsu-kun 0 bytes
File E:\Anime\Tonari no Kaibutsu-kun\desktop.ini 179 bytes
File E:\Anime\Tonari no Kaibutsu-kun\[Commie] Tonari no Kaibutsu - 01 [54AC9DBF].mkv 296580898 bytes
File E:\Anime\Tonari no Kaibutsu-kun\[Commie] Tonari no Kaibutsu - 02 [EAD8234A].mkv 341766322 bytes
File E:\Anime\Tonari no Kaibutsu-kun\[Commie] Tonari no Kaibutsu - 03 [DC6A5EA3].mkv 301480348 bytes
File E:\Anime\Tonari no Kaibutsu-kun\[Commie] Tonari no Kaibutsu - 04 [54A97A1B].mkv 305419307 bytes
File E:\Anime\Tonari no Kaibutsu-kun\[Commie] Tonari no Kaibutsu - 05 [A14877C3].mkv 338083478 bytes
File E:\Anime\Tonari no Kaibutsu-kun\[Commie] Tonari no Kaibutsu - 06 [09F25554].mkv 290545462 bytes
File E:\Anime\Tonari no Kaibutsu-kun\[Commie] Tonari no Kaibutsu - 07 [8C941250].mkv 309889908 bytes
File E:\Anime\Tonari no Kaibutsu-kun\[Commie] Tonari no Kaibutsu - 08 [4E75DD3B].mkv 305789043 bytes
File E:\Anime\Welcome to the NHK 0 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.06.[x264.AAC][287EAECA].mkv 261425738 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.01.[x264.AAC][2354E4ED].mkv 260638931 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.02.[x264.AAC][7B4D31CB].mkv 260532571 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.03.[x264.AAC][5B048821].mkv 260513839 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.04.[x264.AAC][2573110E].mkv 260468982 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.05.[x264.AAC][9AF0949B].mkv 261465500 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.07.[x264.AAC][3FC53677].mkv 261398115 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.08.[x264.AAC][81C95173].mkv 261485337 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.09.[x264.AAC][EFD3C167].mkv 261482199 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.10.[x264.AAC][8DD12834].mkv 261438886 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.11.[x264.AAC][E4E21242].mkv 261496182 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.12.[x264.AAC][6CC2D905].mkv 261306330 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.13.[x264.AAC][4A0B196C].mkv 261327964 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.14.[x264.AAC][1B955D91].mkv 261374445 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.15.[x264.AAC][3A95BF18].mkv 261289997 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.16.[x264.AAC][D174AB55].mkv 261411801 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.17.[x264.AAC][52FCB827].mkv 261344591 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.18.[x264.AAC][45BB440E].mkv 261431597 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.19.[x264.AAC][08BBBA86].mkv 261384822 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.20.[x264.AAC][A6B8DAF4].mkv 261275382 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.21.[x264.AAC][268A85BB].mkv 261437248 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.22.[x264.AAC][16C67ABF].mkv 261375428 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.23.[x264.AAC][8FAA9BAC].mkv 261435415 bytes
File E:\Anime\Welcome to the NHK\Arigatou.Welcome.to.the.NHK.24.[x264.AAC][A608952A].mkv 261622472 bytes
File E:\Anime\Welcome to the NHK\desktop.ini 175 bytes

---- EOF - GMER 1.0.15 ----
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi tenrii,

Sorry for delay. Let's continue.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#8
tenrii

tenrii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I'm running the scan now but it's estimating that it will be finished in three days. I've been running it for about two and a half hours and it's at 3%. Is this normal?
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
It usually takes about 4h - 5h. Sometimes overnight. What does it say now?
  • 0

#10
tenrii

tenrii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

It usually takes about 4h - 5h. Sometimes overnight. What does it say now?

It's at 76% now and it's been running for 23 hours. Has seven hours left. I guess it was just running a bit slow.

EDIT: Around 8 PM EST it claimed there was less then a minute left, but then it started going through my E: drive even though I did not have that box checked. I am confused as to what it is doing. E: is my backup external drive.

Edited by tenrii, 28 November 2012 - 10:35 PM.

  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Can you tell me did VRT found anything so far? If not please stop the scan and try to save report for me.
  • 0

#12
tenrii

tenrii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Can you tell me did VRT found anything so far? If not please stop the scan and try to save report for me.

It did not detect any threats but it did find several password encrypted files in the Visual Studios directory where I found all the other trojans. Am saving the log now and will post it in my next reply.

Also thank you for your help thus far, it has been very comforting to know that help is here. =D
  • 0

#13
tenrii

tenrii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
The log file is around 430 MB, I cannot attach it.
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Leave it for now. Can you tell me how is your system now? Any problems?
  • 0

#15
tenrii

tenrii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
No missing drive space, but some things seem to be running slowly. Mostly system applications like Windows Explorer and Control Panel. Everything else though, like my browser or games runs pretty well. Dunno if that has anything to do with the virus.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP