Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

The X5XSEx_Pr143 service failed to start due to the following error: T

Started by TomHalstead , Jul 31 2013 12:59 AM

  • This topic is locked This topic is locked

#1
TomHalstead
Posted 31 July 2013 - 12:59 AM

TomHalstead

    Member

  • Member
  • PipPip
  • 17 posts
I Have had a problem with my computer freezing and making horrible noises in my headset, the only way to recover is to hard boot my computer. Every time after this happens I check Eventvwr and it's usually a few errors with AVG ( which I have uninstalled and can not find it anywhere to completely uninstall I WANT IT GONE) as well as the error code "The X5XSEx_Pr143 service failed to start due to the following error: The system cannot find the file specified". I think this is from Free Ride games which I got from downloading random objects. I would love some help. I will post my logs.



OTL logfile created on: 7/31/2013 12:51:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 13.39 Gb Available Physical Memory | 83.71% Memory free
31.99 Gb Paging File | 29.14 Gb Available in Paging File | 91.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 793.47 Gb Free Space | 85.18% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/31 00:51:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2013/07/03 12:13:35 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/06/13 03:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/18 08:28:26 | 000,840,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/10/02 18:56:16 | 006,799,360 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtWLan.exe
PRC - [2012/04/20 15:13:50 | 000,517,960 | ---- | M] () -- C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
PRC - [2012/04/17 21:53:22 | 000,138,752 | ---- | M] (CloudCanvas) -- C:\Program Files (x86)\CloudCanvas\CloudCanvas.exe
PRC - [2012/03/20 14:08:36 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe
PRC - [2010/01/18 20:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009/11/20 05:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/08/28 03:36:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2009/08/24 15:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2009/06/03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/12 12:49:44 | 000,396,240 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 12:49:43 | 013,599,184 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
MOD - [2013/07/12 12:49:42 | 004,052,944 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 12:48:52 | 000,601,552 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 12:48:51 | 000,123,344 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 12:48:49 | 001,597,392 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/07/03 12:13:19 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/08/20 13:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 13:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 13:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/06/03 21:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 21:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/06/04 18:40:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/28 19:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2013/07/24 10:35:19 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/03 12:13:34 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/13 03:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/20 15:13:50 | 000,517,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2012/03/20 14:08:36 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe -- (AsusSE)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/18 20:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009/08/24 15:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/03/28 20:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/03/28 19:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/02/14 05:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/22 21:02:42 | 000,878,696 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2012/04/20 15:11:28 | 000,128,328 | ---- | M] (Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT_U_USBSER.sys -- (Generalusbserialser20675)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/28 20:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/30 05:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/05/26 20:30:00 | 001,121,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/04/27 12:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/27 02:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/01 15:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/11/20 05:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 05:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/19 20:27:34 | 000,027,136 | R--- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/05 21:14:06 | 000,050,688 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/12/02 20:20:54 | 000,024,064 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN)
DRV:64bit: - [2007/12/02 20:20:54 | 000,024,064 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV - [2013/07/31 00:38:54 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/03/10 12:36:29 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2010/03/12 06:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys -- (AODDriver)
DRV - [2009/08/28 19:36:26 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/02/18 20:44:24] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 44 44 30 66 8D CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{2CD54834-3CC5-499e-9AAC-89BF270AC890}: "URL" = http://search.yahoo....cevm&type=STDVM
IE - HKCU\..\SearchScopes\{3474E914-A3D5-46b4-8F19-4201ACC10CDE}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{51A8D808-F805-4086-8855-59264DACE54C}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\..\SearchScopes\{D94EC84A-7EFA-4867-B658-08F3952D359A}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.6.0.20130418072822
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/04/27 22:17:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/07/10 15:47:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/06/10 17:05:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/13 01:31:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Updater By SweetPacks\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/03 12:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/28 04:38:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\FriendsChecker\DynConFf\
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/03 12:13:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/28 04:38:06 | 000,000,000 | ---D | M]

[2013/07/20 04:52:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/07/27 21:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m2nbdz85.default\extensions
[2013/06/22 13:24:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m2nbdz85.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/07/20 14:09:48 | 000,001,793 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m2nbdz85.default\searchplugins\Bing.xml
[2013/07/27 15:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/03 12:13:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/07/27 15:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/03 12:13:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/03 12:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013/07/03 12:13:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: AdBlock = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0\
CHR - Extension: Speed Dial 2 = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.1.3_0\

O1 HOSTS File: ([2013/07/30 04:19:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FriendsChecker) - {FED6A736-129B-49C7-857E-25FC91E87DB3} - C:\Program Files (x86)\FriendsChecker\DynConIE\DynConIE.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A8864317-E18B-4292-99D9-E6E65AB905D3} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [CloudCanvas] C:\Program Files (x86)\CloudCanvas\CloudCanvas.exe (CloudCanvas)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C965271-8A7F-48BC-88CC-EE6B6BB52A4B}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4206D5B9-A8AC-46CA-BDA1-5AE319FE78B2}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/19 04:03:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/31 00:39:30 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013/07/31 00:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/07/31 00:27:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Log Files
[2013/07/30 18:09:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Avg2013
[2013/07/30 18:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/07/30 04:23:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/30 04:20:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/29 17:24:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/29 17:24:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/29 17:24:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/29 17:21:27 | 000,162,008 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2013/07/29 17:20:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/28 04:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/07/28 04:35:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/28 04:33:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/07/28 04:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/07/28 04:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/07/27 22:08:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2013/07/27 20:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/07/27 20:40:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\mbar
[2013/07/27 19:32:12 | 000,000,000 | ---D | C] -- C:\perflogs
[2013/07/27 19:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/07/27 19:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013/07/27 18:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013/07/27 18:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013/07/27 18:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013/07/27 18:55:18 | 000,000,000 | ---D | C] -- C:\AMD
[2013/07/27 18:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013/07/27 18:36:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/07/27 02:40:56 | 075,733,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2013/07/26 17:27:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2013/07/26 17:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/26 00:49:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Curse Advertising
[2013/07/26 00:48:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Deployment
[2013/07/26 00:48:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apps
[2013/07/23 16:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2013/07/22 03:59:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PMB Files
[2013/07/22 03:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/07/22 02:09:22 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/07/22 02:09:17 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/07/22 02:09:17 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/07/22 02:09:17 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/20 04:55:21 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2013/07/20 04:55:16 | 001,132,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2013/07/20 04:54:45 | 000,058,264 | ---- | C] (Exent Technologies Ltd.) -- C:\Windows\ExentInfo.exe
[2013/07/20 04:51:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Add-in Express
[2013/07/20 04:51:32 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/07/20 04:42:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\memtest86+-4.20 (3).tar
[2013/07/20 03:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/07/20 02:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/07/20 02:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013/07/20 02:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013/07/20 01:49:41 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/07/20 01:49:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/07/20 01:49:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/07/20 01:49:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/07/20 01:49:39 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/07/20 01:49:38 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/07/20 01:49:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/07/20 01:49:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/07/20 01:49:38 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/07/20 01:49:38 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/07/20 01:49:37 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/07/20 01:49:37 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/07/20 01:49:37 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/07/20 01:49:37 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/07/20 01:49:37 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/07/20 01:49:37 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/07/20 01:49:37 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/07/20 01:49:37 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/07/20 01:49:37 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/07/20 01:49:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/07/20 01:49:37 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/07/20 01:49:37 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/07/20 01:49:36 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/07/20 01:49:36 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/07/20 01:45:40 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/07/20 01:45:40 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/07/20 01:45:34 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/07/20 01:34:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2013/07/18 02:09:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\HTC
[2013/07/18 02:09:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\HTC Sync
[2013/07/18 02:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC
[2013/07/18 02:08:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2013/07/18 02:08:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\HTC MediaHub
[2013/07/18 02:08:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\HTC
[2013/07/18 02:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
[2013/07/18 02:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2013/07/18 02:07:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2013/07/16 04:40:37 | 000,000,000 | ---D | C] -- C:\fb10ae1f8909292b2af7433c
[2013/07/16 03:00:28 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2013/07/12 03:02:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/10 03:08:53 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/10 03:08:52 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/10 03:08:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/10 03:08:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/10 03:08:51 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/10 03:08:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/10 03:08:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/10 03:08:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/10 03:08:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/10 03:08:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/10 03:08:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/10 03:08:50 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/10 03:08:49 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/10 03:08:49 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/10 03:08:48 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/09 17:14:49 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/09 17:14:49 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/09 17:14:48 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/09 17:14:47 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/09 17:13:45 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/08 03:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2013/07/08 03:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2013/07/08 03:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013/07/08 02:16:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Riot Games
[2013/07/05 00:18:15 | 000,000,000 | ---D | C] -- C:\found.002
[2013/07/03 12:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/31 00:46:50 | 000,013,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/31 00:46:50 | 000,013,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/31 00:43:18 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/31 00:43:18 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/31 00:43:18 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/31 00:39:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2013/07/31 00:38:55 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/31 00:38:54 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013/07/31 00:38:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/31 00:38:11 | 4293,042,174 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/31 00:29:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-175146263-1419570048-2811395378-1000UA.job
[2013/07/31 00:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/31 00:08:21 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/30 13:29:26 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-175146263-1419570048-2811395378-1000Core.job
[2013/07/30 04:34:13 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2013/07/30 04:19:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/30 04:06:14 | 000,162,008 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2013/07/29 16:43:44 | 000,000,343 | ---- | M] () -- C:\Windows\lgfwup.ini
[2013/07/27 22:08:51 | 000,000,318 | ---- | M] () -- C:\Users\Owner\Desktop\Curse Client.appref-ms
[2013/07/27 19:31:46 | 000,000,017 | ---- | M] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
[2013/07/27 19:06:12 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013/07/27 03:09:54 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/26 01:11:42 | 004,843,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/25 21:34:33 | 000,001,024 | ---- | M] () -- C:\Users\Owner\Documents\Ups return Headset.rtf
[2013/07/24 10:35:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/24 10:35:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/22 02:15:30 | 000,000,024 | ---- | M] () -- C:\Users\Owner\random.dat
[2013/07/22 02:10:24 | 000,000,044 | ---- | M] () -- C:\Users\Owner\jagex_cl_runescape_LIVE.dat
[2013/07/22 02:09:10 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/22 02:09:08 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/07/22 02:09:08 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/07/22 02:09:07 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/07/22 02:09:06 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/07/22 02:09:06 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/07/20 04:55:26 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2013/07/20 04:52:45 | 000,000,258 | RHS- | M] () -- C:\Users\Owner\ntuser.pol
[2013/07/20 01:51:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/18 04:40:34 | 000,001,845 | ---- | M] () -- C:\Users\Owner\Documents\Carlsbad Gap 2 (Ollie Attempts) - Copy - Shortcut.lnk
[2013/07/18 04:21:12 | 065,925,803 | ---- | M] () -- C:\Users\Owner\Documents\Carlsbad Gap 2 (Ollie Attempts).wmv
[2013/07/18 04:21:12 | 065,925,803 | ---- | M] () -- C:\Users\Owner\Documents\Carlsbad Gap 2 (Ollie Attempts) - Copy.wmv
[2013/07/15 23:31:47 | 000,002,364 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2013/07/08 03:40:18 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2013/07/04 11:46:06 | 000,058,264 | ---- | M] (Exent Technologies Ltd.) -- C:\Windows\ExentInfo.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/31 00:39:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2013/07/30 04:34:13 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2013/07/29 17:24:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/29 17:24:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/29 17:24:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/29 17:24:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/29 17:24:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/27 22:08:51 | 000,000,318 | ---- | C] () -- C:\Users\Owner\Desktop\Curse Client.appref-ms
[2013/07/27 19:31:46 | 000,000,017 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
[2013/07/27 19:06:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/07/25 21:34:33 | 000,001,024 | ---- | C] () -- C:\Users\Owner\Documents\Ups return Headset.rtf
[2013/07/20 04:55:26 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/07/20 04:52:45 | 000,000,258 | RHS- | C] () -- C:\Users\Owner\ntuser.pol
[2013/07/18 04:40:34 | 000,001,845 | ---- | C] () -- C:\Users\Owner\Documents\Carlsbad Gap 2 (Ollie Attempts) - Copy - Shortcut.lnk
[2013/07/18 04:28:47 | 065,925,803 | ---- | C] () -- C:\Users\Owner\Documents\Carlsbad Gap 2 (Ollie Attempts) - Copy.wmv
[2013/07/18 04:19:18 | 065,925,803 | ---- | C] () -- C:\Users\Owner\Documents\Carlsbad Gap 2 (Ollie Attempts).wmv
[2013/07/08 03:54:00 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/07/08 03:40:09 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2013/06/05 17:59:40 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/03/28 20:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/28 20:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/03/28 19:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/03/28 19:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/03/18 15:09:26 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/02/23 14:04:27 | 000,000,044 | ---- | C] () -- C:\Users\Owner\jagex_cl_oldschool_LIVE.dat
[2013/02/12 22:28:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/24 04:01:51 | 000,000,000 | ---- | C] () -- C:\Users\Owner\jagex__preferences3.dat
[2012/11/17 22:09:06 | 000,000,045 | ---- | C] () -- C:\Users\Owner\jagex_cl_runescape_LIVE3.dat
[2012/11/17 22:01:18 | 000,000,045 | ---- | C] () -- C:\Users\Owner\jagex_cl_runescape_LIVE2.dat
[2012/08/10 21:17:31 | 000,000,024 | ---- | C] () -- C:\Users\Owner\random.dat
[2012/07/24 01:49:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\Profiles
[2012/07/24 01:45:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\Quartz Composer
[2012/06/22 12:39:36 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/12/27 21:01:34 | 000,000,024 | ---- | C] () -- C:\Users\Owner\jagexappletviewer.preferences
[2011/10/25 13:31:52 | 000,000,045 | ---- | C] () -- C:\Users\Owner\jagex_cl_runescape_LIVE1.dat
[2011/10/25 12:45:01 | 000,000,044 | ---- | C] () -- C:\Users\Owner\jagex_cl_runescape_LIVE.dat
[2011/10/22 17:54:37 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/31 09:58:43 | 000,017,920 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/21 02:27:07 | 049,855,122 | ---- | C] () -- C:\Users\Owner\109 fight.tvs
[2011/04/01 22:18:50 | 000,000,066 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\RSBuddy_B0TS.ini
[2011/04/01 21:46:26 | 000,000,042 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\RSBot_Accounts.ini
[2011/03/24 18:45:19 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011/03/24 18:45:19 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Radio Sounds
[2011/03/24 18:32:22 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/03/24 18:32:22 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Project Templates
[2011/02/19 02:53:54 | 000,000,129 | ---- | C] () -- C:\Users\Owner\jagex_runescape_preferences2.dat
[2011/02/19 02:51:49 | 000,000,046 | ---- | C] () -- C:\Users\Owner\jagex_runescape_preferences.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 23:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 22:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >



OTL Extras logfile created on: 7/31/2013 12:51:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 13.39 Gb Available Physical Memory | 83.71% Memory free
31.99 Gb Paging File | 29.14 Gb Available in Paging File | 91.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 793.47 Gb Free Space | 85.18% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DE74A5-2A10-4DBB-97E4-004FE382B87F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{032F9260-2665-4E2B-B302-EF7F36E2ED3D}" = rport=139 | protocol=6 | dir=out | app=system |
"{092A09C7-90EF-414F-81CD-2125BE92E93F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{17CE6D04-62AD-4FC8-B3D7-83962EF9422A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F4E570F-6580-4856-BC1E-FED0DFEFE12A}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{2139072B-F32F-49AF-A6B2-7DB47B93B710}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{26285E7D-4166-406D-B5DC-A4DBA6B1E794}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 |
"{28F2BA64-8737-4321-9DCC-D0B58A226B82}" = rport=445 | protocol=6 | dir=out | app=system |
"{38A51269-625C-4D44-89E1-7A6F94CF3503}" = rport=137 | protocol=17 | dir=out | app=system |
"{3E554BAA-94A8-4BF6-8D6F-18430F7DADF1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3FF210E4-FC03-4391-BD7B-56106469803C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{48258372-ACEA-444F-B263-88B164F5974F}" = rport=138 | protocol=17 | dir=out | app=system |
"{54094BE3-9B36-4E23-89D3-DFE1D241DBA8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{66357166-DBAF-42B2-B3FF-478E7BED2B2D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{69F0928A-2A2C-4200-9488-11E2622C2C1E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D3C65FA-3B5F-4F33-8AA4-0957636E435F}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{6FE0D77D-5DDE-4F72-A550-60D3979FA859}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{7280B594-A62E-4C53-BBBF-7E482A73CA6F}" = lport=138 | protocol=17 | dir=in | app=system |
"{72A16FA7-2181-4B31-864A-63FF23BE6421}" = lport=445 | protocol=6 | dir=in | app=system |
"{8694D5E8-B8B6-4764-AD54-400646428A71}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{904A3F67-F30E-4D89-BD51-AD6AABFA6783}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{932E8490-60FC-4937-B5DD-D7136883E33B}" = lport=5060 | protocol=17 | dir=in | name=phonepower |
"{9C4B8395-B46A-48BF-A8B0-CDCA629785CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A821756B-5EAF-4DCF-AE32-5E4B4938F265}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{AD20D91E-6560-4F81-A0EA-D853FA5EB728}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{AF1A0CD9-076D-4388-86FE-96A4BE819D56}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2C975A0-FE90-41EE-80FF-DEC7DFBBC2A3}" = lport=139 | protocol=6 | dir=in | app=system |
"{B96187FF-9231-45EC-8A45-32A11DC862B5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA03AA1C-F785-40EA-8514-511ECBB432A8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4A49E70-2C98-4AAE-B518-956390C764CC}" = lport=137 | protocol=17 | dir=in | app=system |
"{FCAB3BC9-0C9C-425D-ACAB-557F9C55FCCD}" = rport=5060 | protocol=17 | dir=out | name=phonepower |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03916F5E-BBDD-4E34-947B-845111A81E5B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{064C75A1-6B4D-4856-818B-4565F618CFE4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe |
"{06E6DBC0-819F-49D1-B97A-E31B29ABA447}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{19318140-50F7-4020-82D2-61CB2C24EFBF}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{1FF2A5AB-ABD1-439E-867F-F6E5AA7C6D80}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{215E838A-DF83-4731-AFFB-51538D87E196}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{21BC318E-DAF7-4A09-81CF-C8116BF749BD}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{241510B8-6198-4F9A-80C4-F8BB17A34784}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{256FEBA9-379E-45C0-AC9C-46A90A2E3489}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{2B590279-B253-43A6-B262-4B08335DA334}" = protocol=58 | dir=in | [email protected],-28545 |
"{2C665449-1F52-4F4B-94DE-91F194DB08ED}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{2FC325FD-3716-4EFF-B23E-FBE4E45EEB99}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{315CB48A-7842-4395-ABCC-C219F24D5EAC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{32416250-4F84-4346-85E0-005E8E0777F8}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{32DAA1F7-668D-44D8-B7C2-B4679BD84B76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{351CFAB3-AF35-41CA-975B-4D56CDFB6DE5}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{38641BDA-6541-4133-9F6C-C92DFFF549F2}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{3C7EDA5B-6451-4638-92E5-A46BC5C97DAF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{451D5038-6426-44DD-9E98-CA39AB9BFFF8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{498769F2-C6FD-479F-9521-2F13B0A849D1}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
"{49F2F692-8A2F-49AE-8CDC-5A04DF2C902E}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{4BC9CB17-0981-4399-B5CA-058914C78A61}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{4CBDDD5A-667D-4D45-B24F-90DE7D9FB920}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{58869F91-DC63-4654-958F-B377822049CB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{5C4C5DC2-25DA-49DB-8728-BDF3A3E0AE52}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{621C1FD1-12A7-44B9-A142-F5A1C65F7F86}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{635F3D23-DFB9-4F37-9983-5A559BEC7B52}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{65EE674C-EF85-4A04-AFF9-37FF7E0366B4}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{665408B8-EFEB-4DB9-B0A4-B0437CCBEF84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66DDB78A-E276-4BA2-B2C8-35EE08C87BE0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{6A0C89AA-B4B6-4F09-B1F2-08A7252C6B3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77F09057-F0C3-4770-BAD9-9216E1037A4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79526592-9C99-4894-BE94-2ED084A9F72D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{7AAB4BC9-59FE-4005-B1BA-CCE3DC1F7711}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{82D5FDAA-EF20-4E38-8EEB-9F63F0E308FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8478EBE3-1826-4BCF-BD05-EBDA32A3B9A8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{84E4C88A-E4FD-4E83-87EC-81F130DB4981}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{8A6F6083-D371-41A8-A331-B27CD326377C}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{8D660823-B8F0-4840-8DFD-33FB8AF873EA}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{8E4CB909-DDAB-41B2-ABC0-EF74AFEF2A86}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\apps\2.0\173a5qxv.5ep\3d5enh6j.qk0\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\curseclient.exe |
"{8EF0AEFB-D6D8-4191-944D-40DBA9D7B0D5}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{924A6424-C763-4280-A59A-724E58574DBE}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\apps\2.0\173a5qxv.5ep\3d5enh6j.qk0\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\curseclient.exe |
"{927F5FBC-4070-4E68-8BE3-B6FD2C199BA6}" = protocol=1 | dir=out | [email protected],-28544 |
"{9730F736-7119-4281-98B2-CD167C2ACF4C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{985FEA1F-1D8B-463B-A518-71B8BBA9BD4C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{9890351E-E83F-446F-9A7A-D3E2D36CD5D2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{98E40603-16C0-4FA4-9733-C0BDFA0847CC}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{9FFFBB3F-5294-46AB-8931-1D22ECB54AB6}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{A606EFAC-7854-46D3-99AB-B3972FBA042C}" = protocol=6 | dir=out | app=system |
"{AA530E2B-6664-4900-BB0E-36C8B08B5A9F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{AA9021ED-A90C-4134-A5D0-1DBE87DF6964}" = dir=in | app=c:\program files (x86)\winzip driver updater\winzipdu.exe |
"{AB083225-C8BA-4828-A585-B956926D04DC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AB42397A-9D77-45EB-B0F5-0720F68178CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADB7FEFD-E1A2-469C-ACC7-7424DD4C4A4E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AE04C31F-619C-473B-A63A-40A8240DDDD5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AE9FA99A-BBC9-42CE-AE14-458344C8DD00}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{B435B02D-E603-4C9D-8DAE-F70EAE09C1FC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{B8F99EDC-4D4A-4576-89D2-B5C14967CB9A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{BB62D6EC-80D3-46FB-9A50-0CCEB971E8EF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD305E5F-A2B8-4B12-8EC3-935A32CD9DFA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{BE56825B-11DE-413B-AA9B-3F57DE330412}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{BFBECED4-97DB-42F5-BB78-412305C9DB2F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C0D535D3-06F6-422B-BA9D-7E56FFF3B6D1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{C1E2AB91-5766-4B0A-ABA3-33C3713DCEE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C3D02F66-92DE-43B2-A160-497AE9F28B3F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C98F2789-8423-44BA-B9A9-FFD0A7C89099}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\pce-n15 wlan card utilities\rtwlan.exe |
"{CD61664A-4A36-4616-9018-DEFA46D53BB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CE195D56-095A-4B19-8E7A-C191B8103CDF}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zs291a\hpdiagnosticcoreui.exe |
"{CFDE8C35-F313-4DA4-845C-576A24394476}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{CFF2FD4B-40DD-4814-8290-C0BE13E82661}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{D287BC09-F821-4493-9F58-4E535F1E47DB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{D2F74ACB-7F78-4CA8-A99C-2C66933CE655}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\pce-n15 wlan card utilities\rtwlan.exe |
"{D54467D5-7AD4-42F6-953F-DA8FCBB38E9F}" = protocol=58 | dir=out | [email protected],-28546 |
"{D6E6FDE5-C486-445D-A4BF-3CC89AF5D82C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D7F89CD1-6AAF-4F4E-8769-D219929F35CC}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{DA7DE0AA-203A-4A2A-9838-855611756212}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{DAB480FA-B2AD-4394-9B86-9925B3972DC0}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E0C9CF25-BEF1-43BC-8EC7-59B1CD36BC9D}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E1FCD0F2-EA89-48D1-9EF5-FC97944FA1D0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E3CB066A-2BF6-428D-805F-E174BC9C370F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{E7B10D5A-AAB0-4358-B187-3B2C2E226AED}" = protocol=1 | dir=in | [email protected],-28543 |
"{E997AA2A-3099-4B8E-9C49-CCF11B433604}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe |
"{EE5F63E1-167B-4999-B480-F4F1FF357AA6}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zs291a\hpdiagnosticcoreui.exe |
"{F667F949-DD8F-4A40-8FFD-A0C763CEAC3C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{F99AABB2-8160-4F58-9D02-9952604381B0}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{FA6E036B-E1DF-46C7-A2B9-3DEE76A706A0}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"TCP Query User{041A1EDA-1649-4166-9EA1-C229A7810C4C}C:\program files (x86)\gigabyte\easysaver\updexe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\easysaver\updexe.exe |
"TCP Query User{25747228-2D04-46D9-BED9-C92F46422A55}G:\phonepower.exe" = protocol=6 | dir=in | app=g:\phonepower.exe |
"TCP Query User{3F267F0E-14D9-4A3F-8FDE-88BE9E44BD57}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{5ABEA305-2ED4-4164-A202-51DB0C5BE49D}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{DB79DC08-900F-4F82-8D04-4F9EF14E3D0F}C:\program files (x86)\gigabyte\easysaver\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\easysaver\gbtupd.exe |
"UDP Query User{24276ABB-C2F6-47C4-A451-A4DDCD0E6118}C:\program files (x86)\gigabyte\easysaver\updexe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\easysaver\updexe.exe |
"UDP Query User{4173DA65-E6F4-4B99-AB5A-2FEAF3FB3C44}G:\phonepower.exe" = protocol=17 | dir=in | app=g:\phonepower.exe |
"UDP Query User{F1805634-83C0-43EF-B201-BEDD9AA00FAA}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{F73ADDA7-8F7E-403F-9A2A-25FB3E1E1320}C:\program files (x86)\gigabyte\easysaver\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\easysaver\gbtupd.exe |
"UDP Query User{F7D9365C-2E91-4D54-888D-270916C898E5}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0308919C-E317-4293-8D3C-97EF307BCDBC}" = HP Officejet Pro 8500 A910 Product Improvement Study
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1F870554-9567-9C78-1778-399119DCD2B3}" = AMD Wireless Display v3.0
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}" = AMD Catalyst Install Manager
"{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client
"{380DEEA4-0BBA-80D3-B7CF-6A0FB98D20EC}" = ccc-utility64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.5
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7547BDDC-5A0A-B90C-8CF9-D773C9CBC5A3}" = AMD Accelerated Video Transcoding
"{7763DA4F-FBF2-2E92-572C-6864D31A5DD3}" = AMD Media Foundation Decoders
"{7BC4167C-BD93-55BD-3C97-53D49764B89E}" = ccc-utility64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E1FFC5A-8ACB-65D2-C190-1FBD4C1B25CE}" = AMD Fuel
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2F6D87D-69E1-9FD2-4DD0-FB36124AA0E3}" = ATI AVIVO64 Codecs
"{BE090376-7EC6-3760-1EE2-B08AE3BEEF8C}" = AMD Fuel
"{BFAB7835-55A2-41CD-AE66-F673BCA4E49F}" = AVG 2013
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D386FE62-CD8D-C8E0-DCA7-ED5FCAB476A5}" = AMD Wireless Display v3.0
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}" = HP Officejet Pro 8500 A910 Basic Device Software
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003AF9FB-F196-FCEE-D596-AC2F88386623}" = CCC Help Portuguese
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{036A2AC2-5514-1499-8F0E-48009132658F}" = CCC Help Portuguese
"{0685213E-9FF3-1368-37E3-5CECB5A0708C}" = CCC Help Russian
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{07CD994D-2144-41B9-5C2C-A85B40EBBA51}" = CCC Help Finnish
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F747F46-57A0-6CD3-A234-BD4E46F2BFEB}" = CCC Help Polish
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1606DF85-AE82-C445-7149-8C31803D570A}" = CCC Help Turkish
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{181588FA-0F14-BF9F-9244-3CC7BDB9F5CC}" = CCC Help Greek
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1CCBAA20-4145-FC97-B995-3F85C522CA8A}" = CCC Help French
"{1EB8D6DC-DA9E-837D-C31A-0FCE20E1EF76}" = Catalyst Control Center Localization All
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{232D8631-F0E1-DD69-15B0-8C8858BCDB21}" = CCC Help German
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{23A61389-51BE-D5C5-0E0F-7A5726CB210F}" = CCC Help Danish
"{24154472-27E1-8E76-C0D7-4932F494E7CA}" = CCC Help Hungarian
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{275F6F82-97EE-2B9D-C270-400797E1C705}" = CCC Help Japanese
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{295E13D5-2CCE-C01B-4E21-F41F543CF2C2}" = CCC Help Spanish
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3137E68E-07AE-BE04-E2B2-C8318B3E7EF4}" = CCC Help Polish
"{3274C388-DFFE-3E2F-3426-467713880794}" = CCC Help Dutch
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{384E9F9A-4E8C-562C-E6D1-E494F9CADF7C}" = CCC Help Korean
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3C249872-D97C-62F9-A3E2-F7AAAC07BEF8}" = CCC Help Chinese Traditional
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3EDD8854-BAFB-7F6C-0C15-535A0D07E782}" = CCC Help Czech
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45160C56-61F6-468D-A5B0-9FAE2C3E68D6}" = Catalyst Control Center - Branding
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"{45B2C1A3-2050-0BC1-0A90-50EB4A7E77A8}" = CCC Help Turkish
"{48F7E7C1-7D96-629E-E9E2-5A1618A9A446}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB8B7F6-726B-2301-DD5A-067F95A8A48F}" = CCC Help German
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{528EFF5D-2209-B614-40C0-5D87F73F3E8D}" = CCC Help French
"{556BEFE2-30FF-4113-98F4-01234396DF2B}" = ASUS PCE-N15 WLAN Card Utilities & Driver
"{58ECCB6B-73FB-CBBA-42FC-91659DFA342C}" = CCC Help Chinese Standard
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6547BC5F-1FC4-CD5D-3783-45370C980043}" = AMD VISION Engine Control Center
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D2A900D-EB39-3386-8D9F-3B8F069C57A5}" = Google Talk Plugin
"{6D93924C-6C51-DFC3-E1BF-CA18B57AFD21}" = CCC Help Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{752EEDEB-8605-8E51-2135-48AF996C8DFC}" = CCC Help English
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{890131D1-DFD7-22F2-D43F-3B4898ACD623}" = Catalyst Control Center InstallProxy
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D703B2F-96A0-BFFA-7747-48A9E1FB4F5F}" = CCC Help Chinese Standard
"{8D962C94-3D7C-2163-B37E-9CB48B7D1DCD}" = CCC Help Dutch
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96833DAB-A937-107C-0B28-B04434132772}" = CCC Help Spanish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99965ED6-0FDE-AFEC-D73B-F0C461173730}" = CCC Help English
"{9ABE1D78-E6A8-012F-C53A-1069D193D613}" = CCC Help Italian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A6F818D2-85B7-84E2-C33C-8E74D747AD55}" = CCC Help Greek
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A840B719-1898-4C2C-2E46-F2DA66F8410C}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2AB3F65-2AA1-3439-F9F1-D5AD77FB28FE}" = CCC Help Norwegian
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8230940-0DCC-E180-5744-4442F6C0CA28}" = CCC Help Thai
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C123749C-23EC-62DB-A5FD-1ED5BC359AAF}" = CCC Help Japanese
"{C218AFCB-7EAB-FEC3-6552-FF090B3FD0A1}" = CCC Help Czech
"{C533DBF1-3A98-5D7D-B6CA-59CC1816F38C}" = CCC Help Italian
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5F99B70-E622-E5D7-18B4-82AD7D334FF6}" = CCC Help Russian
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"{C79CBDAE-DB4E-46AE-D386-A3C19FF3446A}" = CCC Help Korean
"{C93686FB-8D46-63A8-E767-259B7D75E2E8}" = CCC Help Finnish
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D29491A3-BA85-F712-5C8D-B7E6803FEAD7}" = CCC Help Hungarian
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D8D2B468-8342-411A-8760-BCC362C3408F}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9A1A69D-D788-12C5-3218-64EFB8C6ACFD}" = Catalyst Control Center Graphics Previews Common
"{E018A8C7-30E9-0A54-B012-BC5172FF7C1A}" = AMD Catalyst Control Center
"{E0955568-4353-4C85-8988-285A8C0F5E87}" = Mumble 1.2.4
"{E745587A-2ED8-BA64-680E-BC35BE223275}" = CCC Help Danish
"{EA92CB68-9667-343A-1F53-B039583F2A3A}" = Catalyst Control Center InstallProxy
"{EC6004A3-B6E7-9728-55E8-508ABE51798F}" = CCC Help Norwegian
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDAA1085-C196-29B1-48B0-B82B72114001}" = CCC Help Swedish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3B21DA4-DAF4-69C7-ACD2-059E97E496FD}" = Adobe Story
"{F46823DC-A45E-D5D1-D0DE-D1BEC0C43C7B}" = CCC Help Thai
"{F4F9E794-3A3A-148D-106B-CEF412CE39A0}" = CCC Help Chinese Traditional
"{F912EF57-65C8-48E8-911F-7FCAF8ADD62E}" = Rosewill Wireless N USB Adapter
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Android USB Driver_is1" = Android USB Driver
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DivX Setup" = DivX Setup
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Hyperionics DB Toolbar" = Hyperionics DB Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"League of Legends 3.0.0" = League of Legends
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TeamViewer 8" = TeamViewer 8
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/29/2013 4:53:57 AM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_FDResPub, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: wsdapi.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7ca31 Exception code: 0xc0000005 Fault offset: 0x0000000000057ba6
Faulting
process id: 0xb24 Faulting application start time: 0x01ce8c38ff010704 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\wsdapi.dll
Report
Id: 67092316-f82c-11e2-b149-1c6f654a9b74

Error - 7/29/2013 9:09:49 AM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 3.1.181.0, time
stamp: 0x50b8ecb1 Faulting module name: HOMENE~3.DLL, version: 6.1.177.0, time stamp:
0x51300b92 Exception code: 0xc0000005 Fault offset: 0x00000000000edd88 Faulting process
id: 0xff8 Faulting application start time: 0x01ce8c390d872aee Faulting application
path: C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe Faulting
module path: c:\PROGRA~1\COMMON~1\mcafee\mhn\HOMENE~3.DLL Report Id: 256cdf34-f850-11e2-b149-1c6f654a9b74

Error - 7/30/2013 6:33:30 AM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 6b4 Start
Time: 01ce8d0fe28e388c Termination Time: 16 Application Path: C:\Windows\Explorer.EXE

Report
Id: 5a0a885e-f903-11e2-9330-1c6f654a9b74

Error - 7/30/2013 1:28:12 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 22.0.0.4917, time
stamp: 0x51c06b1b Faulting module name: xul.dll, version: 22.0.0.4917, time stamp:
0x51c06a5b Exception code: 0xc0000005 Fault offset: 0x00173668 Faulting process id:
0x748 Faulting application start time: 0x01ce8d402d006689 Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\xul.dll Report Id: 68b2e57d-f93d-11e2-a99b-1c6f654a9b74

Error - 7/30/2013 8:09:52 PM | Computer Name = Owner-PC | Source = MsiInstaller | ID = 11719
Description =

Error - 7/30/2013 8:09:53 PM | Computer Name = Owner-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 7/30/2013 8:09:53 PM | Computer Name = Owner-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 7/31/2013 2:25:49 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 7/31/2013 2:25:50 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Owner\Downloads\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 7/31/2013 2:42:43 AM | Computer Name = Owner-PC | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 7/30/2013 8:14:05 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
Error
Code: 126

Error - 7/30/2013 8:14:19 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The X5XSEx_Pr143 service failed to start due to the following error:
%%3

Error - 7/30/2013 8:16:04 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 7/30/2013 8:16:34 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Update service terminated with the following error: %%-2147467243

Error - 7/30/2013 11:21:30 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
Error
Code: 126

Error - 7/30/2013 11:22:09 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The X5XSEx_Pr143 service failed to start due to the following error:
%%3

Error - 7/31/2013 2:12:58 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
Error
Code: 126

Error - 7/31/2013 2:13:14 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The X5XSEx_Pr143 service failed to start due to the following error:
%%3

Error - 7/31/2013 2:38:53 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
Error
Code: 126

Error - 7/31/2013 2:39:04 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The X5XSEx_Pr143 service failed to start due to the following error:
%%3


< End of report >
  • 0

Advertisements

#2
Pyxis
Posted 31 July 2013 - 10:34 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :)

I am Pyxis and I will be assisting you with the problem at hand. Whilst I am taking the time to analyse your set of provided logs, I would like to stress the following reminders:

  • I am a student that is currently undergoing training. As such, my responses have to be checked by a professional before I present them to you to ensure you get the best quality help. If you deem I have overlooked your thread, which is in a matter of more than 24 hours, please send me a PM and I will get back to you shortly.
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. It is important that you only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
I hope you keep in mind these reminders. I will be right back with a full response! :thumbsup:

Thank you.

I Have had a problem with my computer freezing and making horrible noises in my headset, the only way to recover is to hard boot my computer. Every time after this happens I check Eventvwr and it's usually a few errors with AVG ( which I have uninstalled and can not find it anywhere to completely uninstall I WANT IT GONE)

Do you remember what version you had installed? I actually see traces of 2011, 2012 and 2013 versions of this product. Don't worry as I have a solution that could finally remove this program. Quite ironic for an anti-virus to be this persistent, don't you think?

as well as the error code "The X5XSEx_Pr143 service failed to start due to the following error: The system cannot find the file specified". I think this is from Free Ride games which I got from downloading random objects. I would love some help. I will post my logs.

You are correct. We'll have it removed shortly.
  • 0

#3
TomHalstead
Posted 31 July 2013 - 02:44 PM

TomHalstead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I think I had 2012 AVG
  • 0

#4
TomHalstead
Posted 31 July 2013 - 03:46 PM

TomHalstead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thank you for responding so quickly I've tried other forums and no one has replied, I appreciate the time you have already spent and look forward to working with you.
  • 0

#5
Pyxis
Posted 31 July 2013 - 06:37 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi TomHalstead,

Thank you for your patience. I see traces of adware in your system. In this post, we'll attempt to remove these alongside with the error prompts you are getting. As for AVG, let us attempt to remove it manually first and then we'll result to other means if it does not budge.

  • Step 1
Download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.

    Posted Image

  • Copy and paste the following into the Custom Scans/Fixes box:

    :OTL
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
[2013/07/16 04:40:37 | 000,000,000 | ---D | C] -- C:\fb10ae1f8909292b2af7433c
[2013/07/20 04:54:45 | 000,058,264 | ---- | C] (Exent Technologies Ltd.) -- C:\Windows\ExentInfo.exe
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll File not found
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Updater By SweetPacks\Firefox
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\FriendsChecker\DynConFf\
O2 - BHO: (FriendsChecker) - {FED6A736-129B-49C7-857E-25FC91E87DB3} - C:\Program Files (x86)\FriendsChecker\DynConIE\DynConIE.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A8864317-E18B-4292-99D9-E6E65AB905D3} - No CLSID value found.
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found

:Commands
[emptytemp]
  • Click Run Fix.
  • OTL will reboot your system. Allow it by clicking OK.
  • After a the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
  • Copy and paste (CTRL + A and CTRL + C) the content of that log in your next reply.
  • Step 2
Download 'AdwCleaner by Xplode' and save it to your desktop.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Click Delete > OK.
  • Wait for it to finish. It won't take long.
  • Click OK for the next two prompts. Your system will automatically reboot.
  • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner[**].txt.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.
  • Step 3
Download 'Junkware Removal Tool by thisisu' and save it to your desktop.

  • Ensure all programs and windows are closed before proceeding.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • A black window will appear. Press any key to continue.
  • Wait for it to finish. It won't take long.
  • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.
  • Step 4
Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) if you are not using them, as these files either have bad reviews or is associated with malware, adware, spyware or bloatware. Please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7). If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.

Coupon Printer for Windows
EasySaver B9.1214.1
Hyperionics DB Toolbar
Marketsplash ShortcutsIn addition, please uninstall the following:

AVG 2013 (User Choice)
Java™ 6 Update 33 (Outdated)Inform me if you encounter problems in the removal process.
  • Step 5
Download 'SecurityCheck by screen317' and save it to your desktop.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • A black window will appear. Press any key to continue.
  • Wait for it to finish. It won't take long.
  • A log will automatically pop-up after once done.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):

  • MMDDYYYY_HHMMSS.log (OTL)
  • AdwCleaner[**].txt (AdwCleaner)
  • JRT.txt (Junkware Removal Tool)
  • checkup.txt (SecurityCheck)
Additionally, if C:\ComboFix.txt exists, post it here. Kindly let me know how your system is running. :happy:
  • 0

#6
TomHalstead
Posted 01 August 2013 - 12:33 AM

TomHalstead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
So I deleted everything that you requested me to manually delete except AVG, I have tried removing it from Add or Remove programs before but have had no success so it is still on my system.

Here are the Files for OTL as you requested:
All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
Starting removal of ActiveX control {6A060448-60F9-11D5-A6CD-0002B31F7455}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ not found.
C:\fb10ae1f8909292b2af7433c folder moved successfully.
C:\Windows\ExentInfo.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\www.exent.com/GameTreatWidget\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\www.exent.com/GameTreatWidget\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E9E3331-D360-4f87-8803-52DE43566502}\ not found.
File C:\Program Files\Updater By SweetPacks\Firefox not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files (x86)\FriendsChecker\DynConFf not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FED6A736-129B-49C7-857E-25FC91E87DB3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FED6A736-129B-49C7-857E-25FC91E87DB3}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A8864317-E18B-4292-99D9-E6E65AB905D3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8864317-E18B-4292-99D9-E6E65AB905D3}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_JULY_P1 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 58264 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 13189332 bytes
->Temporary Internet Files folder emptied: 25386436 bytes
->Java cache emptied: 991122823 bytes
->FireFox cache emptied: 120485811 bytes
->Google Chrome cache emptied: 351385416 bytes
->Flash cache emptied: 59031 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 197258642 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95336 bytes
RecycleBin emptied: 3529160 bytes

Total Files Cleaned = 1,624.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07312013_234037

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Here are the files from ADW cleaner::
# AdwCleaner v2.306 - Logfile created 07/31/2013 at 23:47:26
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m2nbdz85.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [31876 octets] - [27/07/2013 21:22:26]
AdwCleaner[S2].txt - [1057 octets] - [30/07/2013 04:21:36]
AdwCleaner[S3].txt - [1122 octets] - [31/07/2013 00:11:43]
AdwCleaner[S4].txt - [1050 octets] - [31/07/2013 23:47:26]

########## EOF - C:\AdwCleaner[S4].txt - [1110 octets] ##########

Here are the files from JRT::


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Wed 07/31/2013 at 23:51:24.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\m2nbdz85.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/31/2013 at 23:54:58.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And the files from Checkup:

Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 7 Update 25
Adobe Flash Player 11.8.800.94
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (22.0)
Google Chrome 28.0.1500.72
Google Chrome 28.0.1500.95
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````

And I did use ComboFix before I started this thread so here is the log from that:

ComboFix 13-07-30.02 - Owner 07/30/2013 4:13.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16382.12719 [GMT -6:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\g2ax_customer_downloadhelper_win32_x86.exe
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-30 )))))))))))))))))))))))))))))))
.
.
2013-07-30 10:19 . 2013-07-30 10:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-29 23:15 . 2013-07-29 23:15 651264 ----a-w- c:\windows\system32\drivers\PEAuth.sys.bak
2013-07-29 05:31 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-28 10:43 . 2013-07-28 10:43 -------- d-----w- c:\program files (x86)\ESET
2013-07-28 10:35 . 2013-07-28 10:35 -------- d-----w- c:\windows\ERUNT
2013-07-28 10:33 . 2013-07-28 10:33 -------- d-----w- c:\program files (x86)\ERUNT
2013-07-28 02:44 . 2013-07-30 10:15 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-28 01:32 . 2013-07-28 01:32 -------- d-----w- C:\perflogs
2013-07-28 01:07 . 2013-07-28 01:07 -------- d-----w- c:\programdata\ATI
2013-07-28 01:06 . 2013-07-28 01:06 0 ----a-w- c:\windows\ativpsrm.bin
2013-07-28 00:58 . 2013-07-28 00:58 -------- d-----w- c:\program files\Common Files\ATI Technologies
2013-07-28 00:58 . 2013-07-28 00:58 -------- d-----w- c:\program files (x86)\ATI Technologies
2013-07-28 00:57 . 2013-07-28 00:57 -------- d-----w- c:\program files\ATI
2013-07-28 00:55 . 2013-07-28 00:55 -------- d-----w- C:\AMD
2013-07-28 00:36 . 2013-07-28 00:36 -------- d-----w- c:\programdata\TuneUp Software
2013-07-28 00:36 . 2013-07-28 00:36 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-07-27 22:49 . 2013-07-27 22:49 -------- d-----w- c:\users\Owner\AppData\Local\Avg2013
2013-07-27 00:15 . 2013-07-27 00:15 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-07-27 00:15 . 2013-07-27 21:02 -------- d-----r- c:\program files (x86)\Skype
2013-07-26 23:27 . 2013-07-26 23:27 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2013-07-26 23:27 . 2013-07-26 23:27 -------- d-----w- c:\programdata\Malwarebytes
2013-07-26 07:06 . 2013-07-26 07:06 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2013-07-26 06:49 . 2013-07-26 06:49 -------- d-----w- c:\users\Owner\AppData\Roaming\Curse Advertising
2013-07-26 06:48 . 2013-07-30 08:31 -------- d-----w- c:\users\Owner\AppData\Local\Deployment
2013-07-26 06:48 . 2013-07-26 06:58 -------- d-----w- c:\users\Owner\AppData\Local\Apps
2013-07-24 16:35 . 2013-07-24 16:35 -------- d-----w- c:\programdata\McAfee Security Scan
2013-07-24 16:35 . 2013-07-25 05:18 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2013-07-22 09:59 . 2013-07-27 21:02 -------- d-----w- c:\users\Owner\AppData\Local\PMB Files
2013-07-22 09:59 . 2013-07-27 21:02 -------- d-----w- c:\programdata\PMB Files
2013-07-22 08:09 . 2013-07-22 08:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-20 10:55 . 2013-07-27 20:53 -------- d-----w- C:\Remote Programs
2013-07-20 10:55 . 2012-07-17 23:59 1132448 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2013-07-20 10:54 . 2013-07-04 17:46 58264 ------w- c:\windows\ExentInfo.exe
2013-07-20 09:23 . 2013-07-20 09:25 -------- d-----w- c:\programdata\Package Cache
2013-07-20 08:20 . 2013-07-20 08:20 -------- d-----w- c:\program files (x86)\AMD AVT
2013-07-20 08:03 . 2013-07-20 08:03 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2013-07-20 07:45 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-07-20 07:45 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-07-20 07:45 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-07-20 07:45 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-07-20 07:45 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-07-20 07:45 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-07-20 07:45 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-07-20 07:45 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-07-20 07:45 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-07-20 07:34 . 2013-07-20 07:34 -------- d-----w- c:\users\Owner\AppData\Roaming\WinBatch
2013-07-18 08:09 . 2013-07-18 08:09 -------- d-----w- c:\users\Owner\AppData\Roaming\HTC
2013-07-18 08:09 . 2013-07-18 08:09 -------- d-----w- c:\users\Owner\AppData\Roaming\HTC Sync
2013-07-18 08:09 . 2013-07-18 08:09 -------- d-----w- c:\programdata\HTC
2013-07-18 08:08 . 2013-07-18 08:08 -------- d-----w- c:\users\Owner\AppData\Roaming\Apple Computer
2013-07-18 08:08 . 2013-07-20 07:58 -------- d-----w- c:\users\Owner\AppData\Local\HTC MediaHub
2013-07-18 08:08 . 2013-07-18 08:08 -------- d-----w- c:\programdata\Motorola
2013-07-18 08:07 . 2013-07-27 20:57 -------- d-----w- c:\program files (x86)\HTC
2013-07-18 06:49 . 2013-07-18 06:50 -------- d-----w- c:\users\Owner\AppData\Local\Spotify
2013-07-18 06:48 . 2013-07-18 09:30 -------- d-----w- c:\users\Owner\AppData\Roaming\Spotify
2013-07-17 05:12 . 2013-07-17 05:12 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68E767D4-BD48-49E6-A7BD-C832A5EAF70A}\gapaengine.dll
2013-07-16 10:40 . 2013-07-16 10:40 -------- d-----w- C:\fb10ae1f8909292b2af7433c
2013-07-16 09:00 . 2013-07-16 09:00 -------- d-----w- c:\windows\CheckSur
2013-07-16 06:26 . 2012-05-28 16:28 197264 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-07-16 06:24 . 2013-04-03 19:34 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-07-16 06:01 . 2013-07-16 06:01 -------- d-----w- c:\program files\McAfee.com
2013-07-16 06:01 . 2013-07-28 16:30 -------- d-----w- c:\program files (x86)\McAfee
2013-07-12 09:02 . 2013-07-12 09:04 -------- d-----w- c:\windows\system32\MRT
2013-07-09 23:14 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-09 23:13 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-09 23:13 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-08 09:40 . 2013-07-26 06:49 -------- d-----w- c:\program files (x86)\World of Warcraft
2013-07-08 09:39 . 2013-07-30 02:10 -------- d-----w- c:\programdata\Battle.net
2013-07-08 08:16 . 2013-07-08 08:17 -------- d-----w- c:\users\Owner\AppData\Roaming\Riot Games
2013-07-05 06:18 . 2013-07-05 06:18 -------- d-----w- C:\found.002
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-30 08:28 . 2011-02-19 01:04 25640 ----a-w- c:\windows\gdrv.sys
2013-07-24 16:35 . 2012-04-29 16:57 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-24 16:35 . 2011-05-14 16:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-22 08:09 . 2012-07-23 21:39 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-07-22 08:09 . 2011-02-19 08:51 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-18 09:38 . 2011-04-13 11:55 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-07-18 09:38 . 2011-02-19 08:25 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-06-24 06:57 . 2011-02-18 21:55 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-21 00:11 . 2012-02-11 09:05 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-19 03:50 . 2013-06-19 03:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-19 03:50 . 2011-04-27 21:25 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-12 08:23 . 2013-06-12 08:23 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-13 21:36 . 2013-05-13 21:36 828872 ----a-w- c:\windows\system32\msvcr110.dll
2013-05-13 21:36 . 2013-05-13 21:36 661448 ----a-w- c:\windows\system32\msvcp110.dll
2013-05-13 21:36 . 2013-05-13 21:36 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2013-05-13 21:36 . 2013-05-13 21:36 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2013-05-13 21:36 . 2013-05-13 21:36 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2013-05-13 21:36 . 2013-05-13 21:36 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2013-05-13 05:51 . 2013-06-11 19:25 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-11 19:25 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-11 19:25 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-11 19:25 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-11 19:25 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-11 19:25 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-11 19:25 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-11 19:25 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-11 19:25 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-11 19:25 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 07:57 . 2013-05-10 07:57 27208 ----a-w- c:\windows\system32\AdobePDFUI.dll
2013-05-10 07:57 . 2013-05-10 07:57 55872 ----a-w- c:\windows\system32\AdobePDF.dll
2013-05-10 05:49 . 2013-06-11 19:26 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-11 19:26 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-11 19:26 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-08 06:10 . 2010-03-18 15:15 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
2013-05-08 06:10 . 2010-03-18 15:15 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-05-02 16:32 . 2013-05-02 16:32 2274480 ----a-w- c:\windows\system32\coin94.dll
2013-05-02 15:29 . 2011-02-19 09:47 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="" [BU]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-12-18 1272912]
"CloudCanvas"="c:\program files (x86)\CloudCanvas\CloudCanvas.exe" [2012-04-18 138752]
"Spotify Web Helper"="c:\users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-18 1104384]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 958576]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-12-18 38984]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-12-18 840768]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [BU]
"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [BU]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-02-28 454600]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-02-28 454600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-10-24 210216]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-17 91432]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [BU]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [BU]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-02-19 557056]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [BU]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [BU]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2013-7-27 0]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\DRIVERS\CT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_U_USBSER.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AsusSE;AsusSE;c:\program files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe;c:\program files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 20:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 16:35]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-07 05:47]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-07 05:47]
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-175146263-1419570048-2811395378-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 02:45]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-175146263-1419570048-2811395378-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 02:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m2nbdz85.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - ExtSQL: 2013-06-10 17:05; [email protected]; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2013-06-20 18:04; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m2nbdz85.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: 2013-07-06 03:00; {1c68c940-1b2f-46eb-bd8c-2e1612ff6a58}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m2nbdz85.default\extensions\{1c68c940-1b2f-46eb-bd8c-2e1612ff6a58}
FF - ExtSQL: 2013-07-16 08:45; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-07-20 04:53; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m2nbdz85.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe
WebBrowser-{A8864317-E18B-4292-99D9-E6E65AB905D3} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-30 04:20:52
ComboFix-quarantined-files.txt 2013-07-30 10:20
ComboFix2.txt 2013-07-29 23:39
.
Pre-Run: 850,178,949,120 bytes free
Post-Run: 850,041,442,304 bytes free
.
- - End Of File - - 9A345FBD296CFE89463CEC136D49B6C3
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#7
Pyxis
Posted 01 August 2013 - 11:13 PM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi TomHalstead,

Good job so far. Let's remove AVG and McAfee using the tools they supplied on their sites. You have Microsoft Security Essentials installed and that is good enough. I have to warn you about using ComboFix, though. It can literally destroy someone's system if run without supervision so I would suggest seeking help here first before considering to do so. :)

  • Step 1
Download 'AVG Remover by AVG Technologies' and save it to your desktop.

  • Ensure all programs and windows are closed before proceeding.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Run the downloaded tool and follow the instructions displayed on your screen.
  • Your computer will be restarted automatically. After the restart, it will finish the uninstallation.
  • Step 2
Download 'McAfee Consumer Product Removal (MCPR) by McAfee' and save it to your desktop.

  • Ensure all programs and windows are closed before proceeding.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • At the McAfee Software Removal screen, click Next and Next again to accept the EULA.
  • When prompted, type the CAPTCHA (case sensitive) information, and then click Next.
  • When you see the message Cleanup Successful, restart your computer. Your McAfee product will not be fully removed until after the restart.
Note: If you see the message Cleanup Unsuccessful, click View Logs. A Notepad window will open. Save that file to your desktop. Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.
  • Step 3
Copy and paste the content of the code box below into an empty Notepad window.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19318140-50F7-4020-82D2-61CB2C24EFBF}"=-
"{2FC325FD-3716-4EFF-B23E-FBE4E45EEB99}"=-
"{49F2F692-8A2F-49AE-8CDC-5A04DF2C902E}"=-
"{8D660823-B8F0-4840-8DFD-33FB8AF873EA}"=-
"{8EF0AEFB-D6D8-4191-944D-40DBA9D7B0D5}"=-
"{AE9FA99A-BBC9-42CE-AE14-458344C8DD00}"=-
"{F667F949-DD8F-4A40-8FFD-A0C763CEAC3C}"=-
"{FA6E036B-E1DF-46C7-A2B9-3DEE76A706A0}"=-
"{DAB480FA-B2AD-4394-9B86-9925B3972DC0}"=-
"{E0C9CF25-BEF1-43BC-8EC7-59B1CD36BC9D}"=-
"{256FEBA9-379E-45C0-AC9C-46A90A2E3489}"=-
"{3C7EDA5B-6451-4638-92E5-A46BC5C97DAF}"=-
"{B435B02D-E603-4C9D-8DAE-F70EAE09C1FC}"=-
"{BD305E5F-A2B8-4B12-8EC3-935A32CD9DFA}"=-
"{DA7DE0AA-203A-4A2A-9838-855611756212}"=-
"TCP Query User{041A1EDA-1649-4166-9EA1-C229A7810C4C}C:\program files (x86)\gigabyte\easysaver\updexe.exe"=-
"TCP Query User{DB79DC08-900F-4F82-8D04-4F9EF14E3D0F}C:\program files (x86)\gigabyte\easysaver\gbtupd.exe"=-
"UDP Query User{24276ABB-C2F6-47C4-A451-A4DDCD0E6118}C:\program files (x86)\gigabyte\easysaver\updexe.exe"=-
"UDP Query User{F73ADDA7-8F7E-403F-9A2A-25FB3E1E1320}C:\program files (x86)\gigabyte\easysaver\gbtupd.exe"=-
  • Save it on your desktop as Fix.reg.
  • Open the file as an administrator. You will be prompted for an action.

    Posted Image

  • Don't be afraid as it is safe. Click Yes to proceed.
  • Step 4
If you haven't already, download 'OTL by OldTimer' and save it to your desktop.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.

    Posted Image

  • Copy and paste the following into the Custom Scans/Fixes box:

    C:\Windows\System32\drivers|AVG;true;true;true /FP
C:\Program Files|AVG;true;true;true /FP
C:\Program Files (x86)|AVG;true;true;true /FP
C:\ProgramData|AVG;true;true;true /FP
HKEY_CLASSES_ROOT\CLSID\|AVG /RS
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|AVG /RS
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|AVG /RS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\|AVG /RS
HKEY_CURRENT_USER\Software\AVG /S
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVG /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVG /S
  • Click Run Scan.
  • Files are being searched and it may take some time. Once done, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
  • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):

  • Extras.txt (OTL)
  • OTL.txt (OTL)
By the way, are you still getting that X5XSEx_Pr143 error?
  • 0

#8
TomHalstead
Posted 02 August 2013 - 12:51 AM

TomHalstead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I am still getting that X5XSEx_Pr143 error.

When I tried to run that Fix.reg it did not have the "Run as administrator" (maybe because I only have one account on my computer, and it is the administrator)? It did say "Merge" though so I clicked that and it did bring up that box but gave me the error "Cannot import C:\Users\Owner\Desktop\Fix.reg: The specified file is not a registry script. You can only import binary registry files from within the registry editor". Also when I ran OTL after it finished it only came up with one log which is OTL.txt here are the logs:

OTL logfile created on: 8/2/2013 12:42:41 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 11.64 Gb Available Physical Memory | 72.77% Memory free
31.99 Gb Paging File | 26.98 Gb Available in Paging File | 84.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 813.20 Gb Free Space | 87.30% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/31 00:51:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2013/06/13 03:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/18 08:28:26 | 000,840,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/10/02 18:56:16 | 006,799,360 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtWLan.exe
PRC - [2012/04/20 15:13:50 | 000,517,960 | ---- | M] () -- C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
PRC - [2012/04/17 21:53:22 | 000,138,752 | ---- | M] (CloudCanvas) -- C:\Program Files (x86)\CloudCanvas\CloudCanvas.exe
PRC - [2012/03/20 14:08:36 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe
PRC - [2010/01/18 20:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009/11/20 05:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/24 18:49:46 | 000,396,240 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/24 18:49:44 | 004,052,944 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/24 18:48:54 | 000,601,552 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013/07/24 18:48:53 | 000,123,344 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013/07/24 18:48:51 | 001,597,392 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/06/04 18:40:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/28 19:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2013/07/24 10:35:19 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/03 12:13:34 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/13 03:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/20 15:13:50 | 000,517,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2012/03/20 14:08:36 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe -- (AsusSE)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/18 20:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/03/28 20:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/03/28 19:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/02/14 05:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/22 21:02:42 | 000,878,696 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2012/04/20 15:11:28 | 000,128,328 | ---- | M] (Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_U_USBSER.sys -- (Generalusbserialser20675)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/28 20:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/30 05:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/05/26 20:30:00 | 001,121,632 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/04/27 12:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/27 02:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/01 15:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/11/20 05:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 05:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/19 20:27:34 | 000,027,136 | R--- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/05 21:14:06 | 000,050,688 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/12/02 20:20:54 | 000,024,064 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN)
DRV:64bit: - [2007/12/02 20:20:54 | 000,024,064 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV - [2013/07/31 23:48:51 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/03/10 12:36:29 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2010/03/12 06:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys -- (AODDriver)
DRV - [2009/08/28 19:36:26 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/02/18 20:44:24] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 44 44 30 66 8D CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{2CD54834-3CC5-499e-9AAC-89BF270AC890}: "URL" = http://search.yahoo....cevm&type=STDVM
IE - HKCU\..\SearchScopes\{3474E914-A3D5-46b4-8F19-4201ACC10CDE}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{51A8D808-F805-4086-8855-59264DACE54C}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\..\SearchScopes\{D94EC84A-7EFA-4867-B658-08F3952D359A}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.6.0.20130418072822
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/04/27 22:17:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/07/10 15:47:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/06/10 17:05:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/03 12:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/28 04:38:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/03 12:13:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/28 04:38:06 | 000,000,000 | ---D | M]

[2013/07/20 04:52:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/07/27 21:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m2nbdz85.default\extensions
[2013/06/22 13:24:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m2nbdz85.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/07/20 14:09:48 | 000,001,793 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m2nbdz85.default\searchplugins\Bing.xml
[2013/08/01 00:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/27 15:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/03 12:13:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/03 12:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013/07/03 12:13:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Click&Clean = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\
CHR - Extension: AdBlock = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0\
CHR - Extension: Speed Dial 2 = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.1.3_0\
CHR - Extension: Auto Replay for YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.26_0\
CHR - Extension: Auto HD For YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\4.0.2_0\
CHR - Extension: Click&Clean App = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\

O1 HOSTS File: ([2013/07/30 04:19:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [CloudCanvas] C:\Program Files (x86)\CloudCanvas\CloudCanvas.exe (CloudCanvas)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C965271-8A7F-48BC-88CC-EE6B6BB52A4B}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4206D5B9-A8AC-46CA-BDA1-5AE319FE78B2}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/19 04:03:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/31 23:40:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/31 00:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/07/31 00:27:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Log Files
[2013/07/30 04:23:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/30 04:20:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/29 17:24:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/29 17:24:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/29 17:24:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/29 17:20:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/28 04:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/07/28 04:35:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/28 04:33:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/07/28 04:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/07/28 04:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/07/27 20:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/07/27 19:32:12 | 000,000,000 | ---D | C] -- C:\perflogs
[2013/07/27 19:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/07/27 19:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013/07/27 18:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013/07/27 18:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013/07/27 18:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013/07/27 18:55:18 | 000,000,000 | ---D | C] -- C:\AMD
[2013/07/27 18:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013/07/27 18:36:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/07/27 02:40:56 | 075,733,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2013/07/26 17:27:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2013/07/26 17:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/26 00:49:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Curse Advertising
[2013/07/26 00:48:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Deployment
[2013/07/26 00:48:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apps
[2013/07/23 16:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2013/07/22 03:59:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PMB Files
[2013/07/22 03:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/07/22 02:09:22 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/07/22 02:09:17 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/07/22 02:09:17 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/07/22 02:09:17 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/20 04:55:21 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2013/07/20 04:55:16 | 001,132,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2013/07/20 04:51:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Add-in Express
[2013/07/20 04:51:32 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/07/20 04:42:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\memtest86+-4.20 (3).tar
[2013/07/20 03:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/07/20 02:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/07/20 02:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013/07/20 02:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013/07/20 01:49:41 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/07/20 01:49:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/07/20 01:49:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/07/20 01:49:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/07/20 01:49:39 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/07/20 01:49:38 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/07/20 01:49:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/07/20 01:49:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/07/20 01:49:38 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/07/20 01:49:38 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/07/20 01:49:37 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/07/20 01:49:37 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/07/20 01:49:37 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/07/20 01:49:37 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/07/20 01:49:37 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/07/20 01:49:37 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/07/20 01:49:37 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/07/20 01:49:37 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/07/20 01:49:37 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/07/20 01:49:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/07/20 01:49:37 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/07/20 01:49:37 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/07/20 01:49:36 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/07/20 01:49:36 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/07/20 01:45:40 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/07/20 01:45:40 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/07/20 01:45:34 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/07/20 01:34:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2013/07/18 02:09:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\HTC
[2013/07/18 02:09:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\HTC Sync
[2013/07/18 02:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC
[2013/07/18 02:08:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2013/07/18 02:08:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\HTC MediaHub
[2013/07/18 02:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
[2013/07/18 02:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2013/07/18 02:07:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2013/07/16 03:00:28 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2013/07/12 03:02:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/10 03:08:53 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/10 03:08:52 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/10 03:08:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/10 03:08:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/10 03:08:51 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/10 03:08:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/10 03:08:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/10 03:08:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/10 03:08:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/10 03:08:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/10 03:08:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/10 03:08:50 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/10 03:08:49 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/10 03:08:49 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/10 03:08:48 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/09 17:14:49 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/09 17:14:49 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/09 17:14:48 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/09 17:14:47 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/09 17:13:45 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/08 03:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2013/07/08 03:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2013/07/08 03:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013/07/08 02:16:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Riot Games
[2013/07/05 00:18:15 | 000,000,000 | ---D | C] -- C:\found.002
[2013/07/03 12:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/08/02 00:39:58 | 000,013,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/02 00:39:58 | 000,013,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/02 00:35:10 | 000,001,207 | ---- | M] () -- C:\Users\Owner\Desktop\Fix.reg
[2013/08/02 00:32:39 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/02 00:32:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/02 00:32:24 | 4293,042,174 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/02 00:29:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-175146263-1419570048-2811395378-1000UA.job
[2013/08/02 00:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/02 00:19:23 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/01 15:37:14 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-175146263-1419570048-2811395378-1000Core.job
[2013/07/31 23:48:51 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013/07/31 09:36:14 | 000,002,364 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2013/07/31 04:00:22 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/31 04:00:22 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/31 04:00:22 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/31 00:39:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2013/07/30 04:19:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/29 16:43:44 | 000,000,343 | ---- | M] () -- C:\Windows\lgfwup.ini
[2013/07/27 19:31:46 | 000,000,017 | ---- | M] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
[2013/07/27 19:06:12 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013/07/27 03:09:54 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/26 01:11:42 | 004,843,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/25 21:34:33 | 000,001,024 | ---- | M] () -- C:\Users\Owner\Documents\Ups return Headset.rtf
[2013/07/24 10:35:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/24 10:35:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/22 02:15:30 | 000,000,024 | ---- | M] () -- C:\Users\Owner\random.dat
[2013/07/22 02:10:24 | 000,000,044 | ---- | M] () -- C:\Users\Owner\jagex_cl_runescape_LIVE.dat
[2013/07/22 02:09:10 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/22 02:09:08 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/07/22 02:09:07 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/07/20 04:55:26 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2013/07/20 04:52:45 | 000,000,258 | RHS- | M] () -- C:\Users\Owner\ntuser.pol
[2013/07/20 01:51:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/08 03:40:18 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

========== Files Created - No Company Name ==========

[2013/08/02 00:35:10 | 000,001,207 | ---- | C] () -- C:\Users\Owner\Desktop\Fix.reg
[2013/07/31 00:39:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2013/07/29 17:24:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/29 17:24:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/29 17:24:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/29 17:24:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/29 17:24:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/27 19:31:46 | 000,000,017 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
[2013/07/27 19:06:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/07/25 21:34:33 | 000,001,024 | ---- | C] () -- C:\Users\Owner\Documents\Ups return Headset.rtf
[2013/07/20 04:55:26 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/07/20 04:52:45 | 000,000,258 | RHS- | C] () -- C:\Users\Owner\ntuser.pol
[2013/07/08 03:54:00 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/07/08 03:40:09 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2013/06/05 17:59:40 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/03/28 20:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/28 20:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/03/28 19:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/03/28 19:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/03/18 15:09:26 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/02/23 14:04:27 | 000,000,044 | ---- | C] () -- C:\Users\Owner\jagex_cl_oldschool_LIVE.dat
[2013/02/12 22:28:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/24 04:01:51 | 000,000,000 | ---- | C] () -- C:\Users\Owner\jagex__preferences3.dat
[2012/11/17 22:09:06 | 000,000,045 | ---- | C] () -- C:\Users\Owner\jagex_cl_runescape_LIVE3.dat
[2012/11/17 22:01:18 | 000,000,045 | ---- | C] () -- C:\Users\Owner\jagex_cl_runescape_LIVE2.dat
[2012/08/10 21:17:31 | 000,000,024 | ---- | C] () -- C:\Users\Owner\random.dat
[2012/07/24 01:49:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\Profiles
[2012/07/24 01:45:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\Quartz Composer
[2011/12/27 21:01:34 | 000,000,024 | ---- | C] () -- C:\Users\Owner\jagexappletviewer.preferences
[2011/10/25 13:31:52 | 000,000,045 | ---- | C] () -- C:\Users\Owner\jagex_cl_runescape_LIVE1.dat
[2011/10/25 12:45:01 | 000,000,044 | ---- | C] () -- C:\Users\Owner\jagex_cl_runescape_LIVE.dat
[2011/10/22 17:54:37 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/31 09:58:43 | 000,017,920 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/21 02:27:07 | 049,855,122 | ---- | C] () -- C:\Users\Owner\109 fight.tvs
[2011/04/01 22:18:50 | 000,000,066 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\RSBuddy_B0TS.ini
[2011/04/01 21:46:26 | 000,000,042 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\RSBot_Accounts.ini
[2011/03/24 18:45:19 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011/03/24 18:45:19 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Radio Sounds
[2011/03/24 18:32:22 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/03/24 18:32:22 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Project Templates
[2011/02/19 02:53:54 | 000,000,129 | ---- | C] () -- C:\Users\Owner\jagex_runescape_preferences2.dat
[2011/02/19 02:51:49 | 000,000,046 | ---- | C] () -- C:\Users\Owner\jagex_runescape_preferences.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 23:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 22:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< C:\Windows\System32\drivers|AVG;true;true;true /FP >

< C:\Program Files|AVG;true;true;true /FP >
[2012/11/08 16:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\cs
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\da
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\de
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\en-US
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\es
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\es-LA
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\fr
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\hi
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\hu
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\id
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\images
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\it
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\ja
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\ko
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\ms
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\nl
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\pl
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\pt
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\pt-BR
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\ru
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\sk
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\sr
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\tr
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\zh-CN
[2012/09/06 16:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\zh-TW

< C:\Program Files (x86)|AVG;true;true;true /FP >

< C:\ProgramData|AVG;true;true;true /FP >
[2012/12/17 16:18:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_avgidsagent.exe_d22b5cbfa1352279ae894ae7fc331a2720e856_1465aa81

< HKEY_CLASSES_ROOT\CLSID\|AVG /RS >
HKEY_CLASSES_ROOT\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}\LocalServer32\\: C:\PROGRA~2\AVG\AVG10\PCTuneup\MICROS~1.EXE
HKEY_CLASSES_ROOT\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}\\LocalizedString: @C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll,-200
HKEY_CLASSES_ROOT\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}\InprocServer32\\: C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.DLL
HKEY_CLASSES_ROOT\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}\InprocServer32\\: C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
HKEY_CLASSES_ROOT\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}\ProgID\\: AVG Secure Search.BrowserWndAPI.1
HKEY_CLASSES_ROOT\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}\VersionIndependentProgID\\: AVG Secure Search.BrowserWndAPI
HKEY_CLASSES_ROOT\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}\InprocServer32\\: C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
HKEY_CLASSES_ROOT\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}\ProgID\\: AVG Secure Search.BrowserWndAPI.1
HKEY_CLASSES_ROOT\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}\VersionIndependentProgID\\: AVG Secure Search.BrowserWndAPI
HKEY_CLASSES_ROOT\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}\\url: fwstats.mtrap.avg.com

< HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|AVG /RS >

< HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|AVG /RS >

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\|AVG /RS >
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}\LocalServer32\\: C:\PROGRA~2\AVG\AVG10\PCTuneup\MICROS~1.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}\\LocalizedString: @C:\Program Files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll,-200
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B29DEAA-3F68-4A51-8877-A0EB3F879AC3}\InprocServer32\\: C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}\InprocServer32\\: C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}\ProgID\\: AVG Secure Search.BrowserWndAPI.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}\VersionIndependentProgID\\: AVG Secure Search.BrowserWndAPI
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}\InprocServer32\\: C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}\ProgID\\: AVG Secure Search.BrowserWndAPI.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}\VersionIndependentProgID\\: AVG Secure Search.BrowserWndAPI
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}\\url: fwstats.mtrap.avg.com

< HKEY_CURRENT_USER\Software\AVG /S >

< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVG /S >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVG /S >

< End of report >
  • 0

#9
TomHalstead
Posted 02 August 2013 - 12:57 AM

TomHalstead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Ok so i just tried to run that Fix.reg again and it said it has successfully been added to the registry, also not sure if this matters but when I ran that AVG remover my computer didn't restart automatically.
  • 0

#10
Pyxis
Posted 02 August 2013 - 07:00 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi TomHalstead,

Regarding that expected reboot, AVG's own instructions seem faulty but not to worry as the log does not show the 2013 product, meaning it has been removed. However, it also indicates the 2012 version alongside the things it installed (AVG Secure Search and AVG PC TuneUp) are still there. Bear with me as we attempt to finally rid your system of this malwa--I mean, anti-virus. :whistling: In this post, we will:

  • Remove AVG once and for all;
  • Remove browser-related McAfee remnants and other plug-ins;
  • Remove that X5XSEx_Pr143 error.
Please do not forget to move OTL to your desktop--I still see it in the Downloads folder. ;)

  • Step 1
Download 'AVG Remover by AVG Technologies' and save it to your desktop.

  • Ensure all programs and windows are closed before proceeding.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Run the downloaded tool and follow the instructions displayed on your screen.
  • Your computer will be restarted automatically. After the restart, it will finish the uninstallation.
  • Step 2
Download 'AVG Browser Configuration Tool by AVG Technologies' and save it to your desktop.

  • Ensure all programs and windows are closed before proceeding.
  • Run the downloaded tool and follow the instructions displayed on your screen.
  • Click Accept to confirm the license agreement.
  • You may receive a prompt from Internet Explorer or other browsers about your preferred search engine.
  • Click Exit to close the tool.
  • Open Internet Explorer and follow this.
  • Step 3
    Open Google Chrome.

    • Enter chrome://plugins/ in the address bar.
    • Locate the following plug-ins and press Disable for each:
      Coupons Inc., Coupon Printer Manager
      McAfee Security Scanner +
      McAfee SecurityCenter
      McAfee SiteAdvisor
  • You may close Google Chrome now.
  • Step 4
Download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.

    Posted Image

  • Copy and paste the following into the Custom Scans/Fixes box:

    :OTL
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.order.1: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll File not found

:Services
X5XSEx_Pr143

:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"=-

:Files
C:\PROGRA~2\mcafee
C:\Program Files (x86)\McAfee Security Scan
C:\Program Files (x86)\McAfee
C:\Program Files (x86)\Free Ride Games
C:\PROGRAM FILES\UPDATER BY SWEETPACKS
C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
  • Click Run Fix.
  • Once done, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
  • After that, click the None button on top.
  • Under Extra Registry, choose Use SafeList.
  • Click Run Scan.
  • Once done, a Notepad window will appear, named Extras.txt. Alternatively, you can find that log at your desktop.
  • Copy and paste (CTRL + A and CTRL + C) the content of both logs (MMDDYYYY_HHMMSS.log and Extras.txt) in your next reply.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):

  • MMDDYYYY_HHMMSS.log (OTL)
  • Extras.txt (OTL)
As usual, please let me know how things went.
  • 0

Advertisements

#11
TomHalstead
Posted 02 August 2013 - 09:25 PM

TomHalstead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I thank you for replying so quickly, very good support. Yeah I do not like AVG anymore just because the pain it is to remove. Once again the AVG uninstaller did not restart my computer, but one thing it did do is remove Google Chrome from my computer, VERY annoying had to re-install all my addons that I had. And when I went to remove the AVG and Mcafee from both Internet Explorer and Google Chrome (After I re-installed it) they were not there, so I'm thinking the uninstaller removed it. I will now post the logs from OTL

Logs from C:\OTL\MovedFiles\MMDDYYYY_HHMMSS.log.

========== OTL ==========
Prefs.js: "Secure Search" removed from browser.search.defaultenginename
Prefs.js: "Secure Search" removed from browser.search.order.1
Prefs.js: "Secure Search" removed from browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0\ deleted successfully.
========== SERVICES/DRIVERS ==========
Service X5XSEx_Pr143 stopped successfully!
Service X5XSEx_Pr143 deleted successfully!
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender deleted successfully.
========== FILES ==========
File\Folder C:\PROGRA~2\mcafee not found.
File\Folder C:\Program Files (x86)\McAfee Security Scan not found.
File\Folder C:\Program Files (x86)\McAfee not found.
File\Folder C:\Program Files (x86)\Free Ride Games not found.
File\Folder C:\PROGRAM FILES\UPDATER BY SWEETPACKS not found.
File\Folder C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll not found.
File\Folder C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll not found.

OTL by OldTimer - Version 3.2.69.0 log created on 08022013_211837

Logs from Extras.txt

OTL Extras logfile created on: 8/2/2013 9:19:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 13.33 Gb Available Physical Memory | 83.32% Memory free
31.99 Gb Paging File | 28.92 Gb Available in Paging File | 90.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 815.65 Gb Free Space | 87.56% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
  • 0

#12
TomHalstead
Posted 02 August 2013 - 09:29 PM

TomHalstead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
So I think, as it says in the logs everything I needed removed is gone! I really appreciate you helping me out on this, it has been very annoying for a long while. I happen to have another problem on my computer that I was wondering if you may be able to help me with? So when I go to "Turn on or off Microsoft programs" In the box it says "Please wait...." for about 15 seconds and then just goes blank, and I need this because I need to turn on Microsoft.NET framework 4.0. If not that's fine but I really do appreciate all you have helped me with thus far.
  • 0

#13
Pyxis
Posted 03 August 2013 - 12:15 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi TomHalstead,

That sounds good! :) Yes, II'll be able to help with that other problem in a while. Could you double-check Extras.txt for me first, though? It appears to have been cut off. If that's all there really is there, could you produce another log for me? If you forgot how to do so, follow Step 4 starting from the 5th bullet here:

After that, click the None button on top.

Also, I assume X5XSEx_Pr143 is not bothering you any longer?
  • 0

#14
TomHalstead
Posted 03 August 2013 - 12:38 AM

TomHalstead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Oh wow I'm sorry, didn't notice I didn't get it all here you go:

OTL Extras logfile created on: 8/2/2013 9:19:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 13.33 Gb Available Physical Memory | 83.32% Memory free
31.99 Gb Paging File | 28.92 Gb Available in Paging File | 90.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 815.65 Gb Free Space | 87.56% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- "C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe" -- "%1"

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DE74A5-2A10-4DBB-97E4-004FE382B87F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{032F9260-2665-4E2B-B302-EF7F36E2ED3D}" = rport=139 | protocol=6 | dir=out | app=system |
"{092A09C7-90EF-414F-81CD-2125BE92E93F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{17CE6D04-62AD-4FC8-B3D7-83962EF9422A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1F4E570F-6580-4856-BC1E-FED0DFEFE12A}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{2139072B-F32F-49AF-A6B2-7DB47B93B710}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{26285E7D-4166-406D-B5DC-A4DBA6B1E794}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 |
"{28F2BA64-8737-4321-9DCC-D0B58A226B82}" = rport=445 | protocol=6 | dir=out | app=system |
"{38A51269-625C-4D44-89E1-7A6F94CF3503}" = rport=137 | protocol=17 | dir=out | app=system |
"{3E554BAA-94A8-4BF6-8D6F-18430F7DADF1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3FF210E4-FC03-4391-BD7B-56106469803C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{48258372-ACEA-444F-B263-88B164F5974F}" = rport=138 | protocol=17 | dir=out | app=system |
"{54094BE3-9B36-4E23-89D3-DFE1D241DBA8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{66357166-DBAF-42B2-B3FF-478E7BED2B2D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{69F0928A-2A2C-4200-9488-11E2622C2C1E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D3C65FA-3B5F-4F33-8AA4-0957636E435F}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{6FE0D77D-5DDE-4F72-A550-60D3979FA859}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{7280B594-A62E-4C53-BBBF-7E482A73CA6F}" = lport=138 | protocol=17 | dir=in | app=system |
"{72A16FA7-2181-4B31-864A-63FF23BE6421}" = lport=445 | protocol=6 | dir=in | app=system |
"{8694D5E8-B8B6-4764-AD54-400646428A71}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{904A3F67-F30E-4D89-BD51-AD6AABFA6783}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{932E8490-60FC-4937-B5DD-D7136883E33B}" = lport=5060 | protocol=17 | dir=in | name=phonepower |
"{9C4B8395-B46A-48BF-A8B0-CDCA629785CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A821756B-5EAF-4DCF-AE32-5E4B4938F265}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{AD20D91E-6560-4F81-A0EA-D853FA5EB728}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{AF1A0CD9-076D-4388-86FE-96A4BE819D56}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2C975A0-FE90-41EE-80FF-DEC7DFBBC2A3}" = lport=139 | protocol=6 | dir=in | app=system |
"{B96187FF-9231-45EC-8A45-32A11DC862B5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA03AA1C-F785-40EA-8514-511ECBB432A8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4A49E70-2C98-4AAE-B518-956390C764CC}" = lport=137 | protocol=17 | dir=in | app=system |
"{FCAB3BC9-0C9C-425D-ACAB-557F9C55FCCD}" = rport=5060 | protocol=17 | dir=out | name=phonepower |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03916F5E-BBDD-4E34-947B-845111A81E5B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{064C75A1-6B4D-4856-818B-4565F618CFE4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe |
"{06E6DBC0-819F-49D1-B97A-E31B29ABA447}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{1FF2A5AB-ABD1-439E-867F-F6E5AA7C6D80}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{215E838A-DF83-4731-AFFB-51538D87E196}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{21BC318E-DAF7-4A09-81CF-C8116BF749BD}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{241510B8-6198-4F9A-80C4-F8BB17A34784}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{2B590279-B253-43A6-B262-4B08335DA334}" = protocol=58 | dir=in | [email protected],-28545 |
"{2C665449-1F52-4F4B-94DE-91F194DB08ED}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{315CB48A-7842-4395-ABCC-C219F24D5EAC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{32416250-4F84-4346-85E0-005E8E0777F8}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{32DAA1F7-668D-44D8-B7C2-B4679BD84B76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{351CFAB3-AF35-41CA-975B-4D56CDFB6DE5}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{38641BDA-6541-4133-9F6C-C92DFFF549F2}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{451D5038-6426-44DD-9E98-CA39AB9BFFF8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{498769F2-C6FD-479F-9521-2F13B0A849D1}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
"{4BC9CB17-0981-4399-B5CA-058914C78A61}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{4CBDDD5A-667D-4D45-B24F-90DE7D9FB920}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{58869F91-DC63-4654-958F-B377822049CB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{5C4C5DC2-25DA-49DB-8728-BDF3A3E0AE52}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{621C1FD1-12A7-44B9-A142-F5A1C65F7F86}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{635F3D23-DFB9-4F37-9983-5A559BEC7B52}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{65EE674C-EF85-4A04-AFF9-37FF7E0366B4}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{665408B8-EFEB-4DB9-B0A4-B0437CCBEF84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66DDB78A-E276-4BA2-B2C8-35EE08C87BE0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{6A0C89AA-B4B6-4F09-B1F2-08A7252C6B3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77F09057-F0C3-4770-BAD9-9216E1037A4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7AAB4BC9-59FE-4005-B1BA-CCE3DC1F7711}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{82D5FDAA-EF20-4E38-8EEB-9F63F0E308FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8478EBE3-1826-4BCF-BD05-EBDA32A3B9A8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{84E4C88A-E4FD-4E83-87EC-81F130DB4981}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{8A6F6083-D371-41A8-A331-B27CD326377C}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{8E4CB909-DDAB-41B2-ABC0-EF74AFEF2A86}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\apps\2.0\173a5qxv.5ep\3d5enh6j.qk0\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\curseclient.exe |
"{924A6424-C763-4280-A59A-724E58574DBE}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\apps\2.0\173a5qxv.5ep\3d5enh6j.qk0\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\curseclient.exe |
"{927F5FBC-4070-4E68-8BE3-B6FD2C199BA6}" = protocol=1 | dir=out | [email protected],-28544 |
"{9730F736-7119-4281-98B2-CD167C2ACF4C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{985FEA1F-1D8B-463B-A518-71B8BBA9BD4C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{9890351E-E83F-446F-9A7A-D3E2D36CD5D2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{98E40603-16C0-4FA4-9733-C0BDFA0847CC}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{9FFFBB3F-5294-46AB-8931-1D22ECB54AB6}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{A606EFAC-7854-46D3-99AB-B3972FBA042C}" = protocol=6 | dir=out | app=system |
"{AA530E2B-6664-4900-BB0E-36C8B08B5A9F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe |
"{AA9021ED-A90C-4134-A5D0-1DBE87DF6964}" = dir=in | app=c:\program files (x86)\winzip driver updater\winzipdu.exe |
"{AB083225-C8BA-4828-A585-B956926D04DC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AB42397A-9D77-45EB-B0F5-0720F68178CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADB7FEFD-E1A2-469C-ACC7-7424DD4C4A4E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AE04C31F-619C-473B-A63A-40A8240DDDD5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B8F99EDC-4D4A-4576-89D2-B5C14967CB9A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{BB62D6EC-80D3-46FB-9A50-0CCEB971E8EF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE56825B-11DE-413B-AA9B-3F57DE330412}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{BFBECED4-97DB-42F5-BB78-412305C9DB2F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C0D535D3-06F6-422B-BA9D-7E56FFF3B6D1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{C1E2AB91-5766-4B0A-ABA3-33C3713DCEE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C3D02F66-92DE-43B2-A160-497AE9F28B3F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C98F2789-8423-44BA-B9A9-FFD0A7C89099}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\pce-n15 wlan card utilities\rtwlan.exe |
"{CD61664A-4A36-4616-9018-DEFA46D53BB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CE195D56-095A-4B19-8E7A-C191B8103CDF}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zs291a\hpdiagnosticcoreui.exe |
"{CFDE8C35-F313-4DA4-845C-576A24394476}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{CFF2FD4B-40DD-4814-8290-C0BE13E82661}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{D287BC09-F821-4493-9F58-4E535F1E47DB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{D2F74ACB-7F78-4CA8-A99C-2C66933CE655}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\pce-n15 wlan card utilities\rtwlan.exe |
"{D54467D5-7AD4-42F6-953F-DA8FCBB38E9F}" = protocol=58 | dir=out | [email protected],-28546 |
"{D6E6FDE5-C486-445D-A4BF-3CC89AF5D82C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D7F89CD1-6AAF-4F4E-8769-D219929F35CC}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{E1FCD0F2-EA89-48D1-9EF5-FC97944FA1D0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E3CB066A-2BF6-428D-805F-E174BC9C370F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{E7B10D5A-AAB0-4358-B187-3B2C2E226AED}" = protocol=1 | dir=in | [email protected],-28543 |
"{E997AA2A-3099-4B8E-9C49-CCF11B433604}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe |
"{EE5F63E1-167B-4999-B480-F4F1FF357AA6}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zs291a\hpdiagnosticcoreui.exe |
"{F99AABB2-8160-4F58-9D02-9952604381B0}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{041A1EDA-1649-4166-9EA1-C229A7810C4C}C:\program files (x86)\gigabyte\easysaver\updexe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\easysaver\updexe.exe |
"TCP Query User{25747228-2D04-46D9-BED9-C92F46422A55}G:\phonepower.exe" = protocol=6 | dir=in | app=g:\phonepower.exe |
"TCP Query User{3F267F0E-14D9-4A3F-8FDE-88BE9E44BD57}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{5ABEA305-2ED4-4164-A202-51DB0C5BE49D}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{DB79DC08-900F-4F82-8D04-4F9EF14E3D0F}C:\program files (x86)\gigabyte\easysaver\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\easysaver\gbtupd.exe |
"UDP Query User{24276ABB-C2F6-47C4-A451-A4DDCD0E6118}C:\program files (x86)\gigabyte\easysaver\updexe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\easysaver\updexe.exe |
"UDP Query User{4173DA65-E6F4-4B99-AB5A-2FEAF3FB3C44}G:\phonepower.exe" = protocol=17 | dir=in | app=g:\phonepower.exe |
"UDP Query User{F1805634-83C0-43EF-B201-BEDD9AA00FAA}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{F73ADDA7-8F7E-403F-9A2A-25FB3E1E1320}C:\program files (x86)\gigabyte\easysaver\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\easysaver\gbtupd.exe |
"UDP Query User{F7D9365C-2E91-4D54-888D-270916C898E5}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0308919C-E317-4293-8D3C-97EF307BCDBC}" = HP Officejet Pro 8500 A910 Product Improvement Study
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1F870554-9567-9C78-1778-399119DCD2B3}" = AMD Wireless Display v3.0
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}" = AMD Catalyst Install Manager
"{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client
"{380DEEA4-0BBA-80D3-B7CF-6A0FB98D20EC}" = ccc-utility64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.5
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7547BDDC-5A0A-B90C-8CF9-D773C9CBC5A3}" = AMD Accelerated Video Transcoding
"{7763DA4F-FBF2-2E92-572C-6864D31A5DD3}" = AMD Media Foundation Decoders
"{7BC4167C-BD93-55BD-3C97-53D49764B89E}" = ccc-utility64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E1FFC5A-8ACB-65D2-C190-1FBD4C1B25CE}" = AMD Fuel
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2F6D87D-69E1-9FD2-4DD0-FB36124AA0E3}" = ATI AVIVO64 Codecs
"{BE090376-7EC6-3760-1EE2-B08AE3BEEF8C}" = AMD Fuel
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D386FE62-CD8D-C8E0-DCA7-ED5FCAB476A5}" = AMD Wireless Display v3.0
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}" = HP Officejet Pro 8500 A910 Basic Device Software
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003AF9FB-F196-FCEE-D596-AC2F88386623}" = CCC Help Portuguese
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{036A2AC2-5514-1499-8F0E-48009132658F}" = CCC Help Portuguese
"{0685213E-9FF3-1368-37E3-5CECB5A0708C}" = CCC Help Russian
"{07CD994D-2144-41B9-5C2C-A85B40EBBA51}" = CCC Help Finnish
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F747F46-57A0-6CD3-A234-BD4E46F2BFEB}" = CCC Help Polish
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1606DF85-AE82-C445-7149-8C31803D570A}" = CCC Help Turkish
"{181588FA-0F14-BF9F-9244-3CC7BDB9F5CC}" = CCC Help Greek
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1CCBAA20-4145-FC97-B995-3F85C522CA8A}" = CCC Help French
"{1EB8D6DC-DA9E-837D-C31A-0FCE20E1EF76}" = Catalyst Control Center Localization All
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{232D8631-F0E1-DD69-15B0-8C8858BCDB21}" = CCC Help German
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{23A61389-51BE-D5C5-0E0F-7A5726CB210F}" = CCC Help Danish
"{24154472-27E1-8E76-C0D7-4932F494E7CA}" = CCC Help Hungarian
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{275F6F82-97EE-2B9D-C270-400797E1C705}" = CCC Help Japanese
"{295E13D5-2CCE-C01B-4E21-F41F543CF2C2}" = CCC Help Spanish
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3137E68E-07AE-BE04-E2B2-C8318B3E7EF4}" = CCC Help Polish
"{3274C388-DFFE-3E2F-3426-467713880794}" = CCC Help Dutch
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{384E9F9A-4E8C-562C-E6D1-E494F9CADF7C}" = CCC Help Korean
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3C249872-D97C-62F9-A3E2-F7AAAC07BEF8}" = CCC Help Chinese Traditional
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3EDD8854-BAFB-7F6C-0C15-535A0D07E782}" = CCC Help Czech
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45160C56-61F6-468D-A5B0-9FAE2C3E68D6}" = Catalyst Control Center - Branding
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"{45B2C1A3-2050-0BC1-0A90-50EB4A7E77A8}" = CCC Help Turkish
"{48F7E7C1-7D96-629E-E9E2-5A1618A9A446}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB8B7F6-726B-2301-DD5A-067F95A8A48F}" = CCC Help German
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{528EFF5D-2209-B614-40C0-5D87F73F3E8D}" = CCC Help French
"{556BEFE2-30FF-4113-98F4-01234396DF2B}" = ASUS PCE-N15 WLAN Card Utilities & Driver
"{58ECCB6B-73FB-CBBA-42FC-91659DFA342C}" = CCC Help Chinese Standard
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6547BC5F-1FC4-CD5D-3783-45370C980043}" = AMD VISION Engine Control Center
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D2A900D-EB39-3386-8D9F-3B8F069C57A5}" = Google Talk Plugin
"{6D93924C-6C51-DFC3-E1BF-CA18B57AFD21}" = CCC Help Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{752EEDEB-8605-8E51-2135-48AF996C8DFC}" = CCC Help English
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{890131D1-DFD7-22F2-D43F-3B4898ACD623}" = Catalyst Control Center InstallProxy
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D703B2F-96A0-BFFA-7747-48A9E1FB4F5F}" = CCC Help Chinese Standard
"{8D962C94-3D7C-2163-B37E-9CB48B7D1DCD}" = CCC Help Dutch
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96833DAB-A937-107C-0B28-B04434132772}" = CCC Help Spanish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99965ED6-0FDE-AFEC-D73B-F0C461173730}" = CCC Help English
"{9ABE1D78-E6A8-012F-C53A-1069D193D613}" = CCC Help Italian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A6F818D2-85B7-84E2-C33C-8E74D747AD55}" = CCC Help Greek
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A840B719-1898-4C2C-2E46-F2DA66F8410C}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2AB3F65-2AA1-3439-F9F1-D5AD77FB28FE}" = CCC Help Norwegian
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8230940-0DCC-E180-5744-4442F6C0CA28}" = CCC Help Thai
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C123749C-23EC-62DB-A5FD-1ED5BC359AAF}" = CCC Help Japanese
"{C218AFCB-7EAB-FEC3-6552-FF090B3FD0A1}" = CCC Help Czech
"{C533DBF1-3A98-5D7D-B6CA-59CC1816F38C}" = CCC Help Italian
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5F99B70-E622-E5D7-18B4-82AD7D334FF6}" = CCC Help Russian
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"{C79CBDAE-DB4E-46AE-D386-A3C19FF3446A}" = CCC Help Korean
"{C93686FB-8D46-63A8-E767-259B7D75E2E8}" = CCC Help Finnish
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D29491A3-BA85-F712-5C8D-B7E6803FEAD7}" = CCC Help Hungarian
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D8D2B468-8342-411A-8760-BCC362C3408F}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9A1A69D-D788-12C5-3218-64EFB8C6ACFD}" = Catalyst Control Center Graphics Previews Common
"{E018A8C7-30E9-0A54-B012-BC5172FF7C1A}" = AMD Catalyst Control Center
"{E745587A-2ED8-BA64-680E-BC35BE223275}" = CCC Help Danish
"{EA92CB68-9667-343A-1F53-B039583F2A3A}" = Catalyst Control Center InstallProxy
"{EC6004A3-B6E7-9728-55E8-508ABE51798F}" = CCC Help Norwegian
"{EDAA1085-C196-29B1-48B0-B82B72114001}" = CCC Help Swedish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3B21DA4-DAF4-69C7-ACD2-059E97E496FD}" = Adobe Story
"{F46823DC-A45E-D5D1-D0DE-D1BEC0C43C7B}" = CCC Help Thai
"{F4F9E794-3A3A-148D-106B-CEF412CE39A0}" = CCC Help Chinese Traditional
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Android USB Driver_is1" = Android USB Driver
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"League of Legends 3.0.0" = League of Legends
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TeamViewer 8" = TeamViewer 8
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/1/2013 10:47:20 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/1/2013 6:18:10 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program Wow-64.exe version 5.3.0.17128 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 132c Start
Time: 01ce8f04dae0ba9e Termination Time: 220 Application Path: C:\Program Files (x86)\World
of Warcraft\Wow-64.exe Report Id:

Error - 8/1/2013 6:39:57 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program Wow-64.exe version 5.3.0.17128 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 264 Start
Time: 01ce8f0668a3e3e6 Termination Time: 370 Application Path: C:\Program Files (x86)\World
of Warcraft\Wow-64.exe Report Id:

Error - 8/1/2013 7:14:29 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: atieclxx.exe, version: 6.14.11.1143, time
stamp: 0x5154efc9 Faulting module name: atieclxx.exe, version: 6.14.11.1143, time
stamp: 0x5154efc9 Exception code: 0xc0000005 Fault offset: 0x000000000002ea19 Faulting
process id: 0x500 Faulting application start time: 0x01ce8f0cd5e0d561 Faulting application
path: C:\Windows\system32\atieclxx.exe Faulting module path: C:\Windows\system32\atieclxx.exe
Report
Id: 1d440383-fb00-11e2-87f4-1c6f654a9b74

Error - 8/2/2013 6:34:16 AM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program Wow-64.exe version 5.3.0.17128 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b68 Start
Time: 01ce8f4ec829fca8 Termination Time: 155 Application Path: C:\Program Files (x86)\World
of Warcraft\Wow-64.exe Report Id:

Error - 8/2/2013 5:07:16 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: atieclxx.exe, version: 6.14.11.1143, time
stamp: 0x5154efc9 Faulting module name: atieclxx.exe, version: 6.14.11.1143, time
stamp: 0x5154efc9 Exception code: 0xc0000005 Fault offset: 0x000000000002ea19 Faulting
process id: 0x4b0 Faulting application start time: 0x01ce8fc43abba214 Faulting application
path: C:\Windows\system32\atieclxx.exe Faulting module path: C:\Windows\system32\atieclxx.exe
Report
Id: 81fe57a0-fbb7-11e2-a9f3-1c6f654a9b74

Error - 8/2/2013 10:32:25 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/2/2013 10:32:26 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Owner\Downloads\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 8/2/2013 2:32:31 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
Error
Code: 126

Error - 8/2/2013 2:32:49 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The X5XSEx_Pr143 service failed to start due to the following error:
%%3

Error - 8/2/2013 2:53:24 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
Error
Code: 126

Error - 8/2/2013 2:53:31 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The X5XSEx_Pr143 service failed to start due to the following error:
%%3

Error - 8/2/2013 7:16:26 AM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:14:45 AM on ?8/?2/?2013 was unexpected.

Error - 8/2/2013 7:16:27 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
Error
Code: 126

Error - 8/2/2013 7:16:40 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The X5XSEx_Pr143 service failed to start due to the following error:
%%3

Error - 8/2/2013 5:06:56 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:57:19 AM on ?8/?2/?2013 was unexpected.

Error - 8/2/2013 5:07:01 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
Error
Code: 126

Error - 8/2/2013 5:07:31 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The X5XSEx_Pr143 service failed to start due to the following error:
%%3


< End of report >
  • 0

#15
Pyxis
Posted 03 August 2013 - 11:28 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi TomHalstead,

Thanks for posting the log. I think we have managed to remove all of the initial issues. Let's work on the .NET Framework.

  • Step 1
Copy and paste the content of the code box below into an empty Notepad window.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{F73ADDA7-8F7E-403F-9A2A-25FB3E1E1320}C:\\program files (x86)\\gigabyte\easysaver\\gbtupd.exe"=-
"TCP Query User{DB79DC08-900F-4F82-8D04-4F9EF14E3D0F}C:\\program files (x86)\\gigabyte\easysaver\\gbtupd.exe"=-
"UDP Query User{24276ABB-C2F6-47C4-A451-A4DDCD0E6118}C:\\program files (x86)\\gigabyte\easysaver\\updexe.exe"=- 
"TCP Query User{041A1EDA-1649-4166-9EA1-C229A7810C4C}C:\\program files (x86)\\gigabyte\easysaver\\updexe.exe"=-
  • Save it on your desktop as Fix.reg.
  • Open the file by double-clicking it and allow it to run. You will be prompted for an action.

    Posted Image

  • Don't be afraid as it is safe. Click Yes to proceed.
  • Step 2
Download '.NET Framework Setup Cleanup Utility by Aaron Stebner' and save it to your desktop.

  • Unzip the tool and run it. It will ask for administrator privileges.
  • Press Yes twice.

    Posted Image

  • Ensure the above setting is followed. Press Cleanup Now.
  • Reboot your system once done.
  • Step 3
Download 'Microsoft .NET Framework 4 by Microsoft' and save it to your desktop.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Follow the on-screen instructions to install the program.
Let me know how it goes! :thumbsup:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP