Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Keylogger [Closed] [Solved]


  • This topic is locked This topic is locked

#1
averysadman

averysadman

    Member

  • Member
  • PipPipPip
  • 179 posts
Hi, I had an online account password compromised recently, it was very easy to recover but I want to be sure there are no keyloggers or other hacking tools on my system. Malwarebytes didn't detect anything, but I ran an OTL scan as instructed in the guide. I would really appreciate if someone more knowledgeable than me could look it over and see if there are any problem.
Thanks in advance.

OTL logfile created on: 10/8/2013 11:08:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dan\Documents
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 3.33 Gb Available Physical Memory | 41.68% Memory free
15.99 Gb Paging File | 10.30 Gb Available in Paging File | 64.39% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 193.55 Gb Free Space | 64.93% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 43.84 Gb Free Space | 9.41% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 986.86 Gb Free Space | 52.97% Space Free | Partition Type: NTFS
Drive L: | 465.76 Gb Total Space | 465.66 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: ARBITER | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/08 23:08:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\My Documents\OTL.exe
PRC - [2013/10/08 21:38:21 | 003,561,816 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2013/08/20 18:00:06 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/07/31 00:21:08 | 000,124,416 | ---- | M] (VideoLAN) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
PRC - [2013/06/05 09:29:26 | 001,767,424 | ---- | M] (Corsair Components Inc) -- C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe
PRC - [2012/08/20 15:14:26 | 000,251,392 | ---- | M] (Corsair Components Inc) -- C:\Program Files (x86)\Corsair\M65 Mouse\CorsTra.exe
PRC - [2012/07/02 00:00:00 | 003,284,992 | ---- | M] () -- c:\Program Files (x86)\Trillian\plugins\skypekit.exe
PRC - [2012/07/02 00:00:00 | 002,380,752 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe
PRC - [2011/07/19 13:37:16 | 000,978,840 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
PRC - [2011/04/29 07:40:20 | 000,095,656 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
PRC - [2010/03/30 23:15:57 | 001,433,600 | ---- | M] () -- C:\Users\Dan\My Documents\KeePassX-0.4.3-win32\KeePassX\KeePassX.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/08 21:38:22 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll
MOD - [2013/10/03 08:03:05 | 000,415,184 | ---- | M] () -- C:\Users\Dan\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 08:03:04 | 013,611,984 | ---- | M] () -- C:\Users\Dan\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
MOD - [2013/10/03 08:03:03 | 004,055,504 | ---- | M] () -- C:\Users\Dan\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 08:02:12 | 000,698,832 | ---- | M] () -- C:\Users\Dan\AppData\Local\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 08:02:11 | 000,099,792 | ---- | M] () -- C:\Users\Dan\AppData\Local\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 08:02:09 | 001,604,560 | ---- | M] () -- C:\Users\Dan\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/07/31 00:22:00 | 002,376,192 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
MOD - [2013/07/31 00:21:58 | 011,387,904 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
MOD - [2013/07/31 00:21:52 | 001,434,112 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll
MOD - [2013/07/31 00:21:52 | 000,387,584 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
MOD - [2013/07/31 00:21:52 | 000,221,696 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
MOD - [2013/07/31 00:21:52 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
MOD - [2013/07/31 00:21:52 | 000,190,976 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll
MOD - [2013/07/31 00:21:52 | 000,086,528 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
MOD - [2013/07/31 00:21:52 | 000,084,992 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll
MOD - [2013/07/31 00:21:52 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
MOD - [2013/07/31 00:21:52 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
MOD - [2013/07/31 00:21:52 | 000,074,752 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
MOD - [2013/07/31 00:21:52 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
MOD - [2013/07/31 00:21:50 | 000,968,704 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
MOD - [2013/07/31 00:21:48 | 001,759,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
MOD - [2013/07/31 00:21:48 | 001,338,880 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
MOD - [2013/07/31 00:21:48 | 000,340,480 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
MOD - [2013/07/31 00:21:48 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll
MOD - [2013/07/31 00:21:48 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
MOD - [2013/07/31 00:21:48 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
MOD - [2013/07/31 00:21:48 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
MOD - [2013/07/31 00:21:48 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
MOD - [2013/07/31 00:21:48 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
MOD - [2013/07/31 00:21:46 | 008,026,112 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
MOD - [2013/07/31 00:21:46 | 000,393,728 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
MOD - [2013/07/31 00:21:46 | 000,279,552 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
MOD - [2013/07/31 00:21:42 | 000,287,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll
MOD - [2013/07/31 00:21:42 | 000,181,248 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
MOD - [2013/07/31 00:21:42 | 000,087,552 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
MOD - [2013/07/31 00:21:42 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
MOD - [2013/07/31 00:21:42 | 000,072,704 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
MOD - [2013/07/31 00:21:42 | 000,070,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
MOD - [2013/07/31 00:21:42 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll
MOD - [2013/07/31 00:21:40 | 000,403,968 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
MOD - [2013/07/31 00:21:36 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
MOD - [2013/07/31 00:21:34 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
MOD - [2013/07/31 00:21:34 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
MOD - [2013/07/31 00:21:34 | 000,107,520 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
MOD - [2013/07/31 00:21:34 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
MOD - [2013/07/31 00:21:34 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll
MOD - [2013/07/31 00:21:34 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
MOD - [2013/07/31 00:21:32 | 001,551,872 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
MOD - [2013/07/31 00:21:32 | 001,405,440 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
MOD - [2013/07/31 00:21:32 | 000,164,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
MOD - [2013/07/31 00:21:32 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
MOD - [2013/07/31 00:21:32 | 000,073,216 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
MOD - [2013/07/31 00:21:32 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
MOD - [2013/07/31 00:21:32 | 000,070,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
MOD - [2013/07/31 00:21:32 | 000,070,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
MOD - [2013/07/31 00:21:32 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
MOD - [2013/07/31 00:21:28 | 001,285,120 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
MOD - [2013/07/31 00:21:28 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll
MOD - [2013/07/31 00:21:26 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
MOD - [2013/07/31 00:21:26 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
MOD - [2013/07/31 00:21:24 | 000,740,352 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
MOD - [2013/07/31 00:21:24 | 000,091,136 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
MOD - [2013/07/31 00:21:24 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
MOD - [2013/07/31 00:21:24 | 000,075,264 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
MOD - [2013/07/31 00:21:24 | 000,073,216 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
MOD - [2013/07/31 00:21:24 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
MOD - [2013/07/31 00:21:22 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
MOD - [2013/07/31 00:21:22 | 000,115,712 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
MOD - [2013/07/31 00:21:22 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll
MOD - [2013/07/31 00:21:22 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
MOD - [2013/07/31 00:21:22 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
MOD - [2013/07/31 00:21:22 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
MOD - [2013/07/31 00:21:22 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
MOD - [2013/07/31 00:21:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
MOD - [2013/07/31 00:21:20 | 000,293,888 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
MOD - [2013/07/31 00:21:20 | 000,282,112 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
MOD - [2013/07/31 00:21:20 | 000,224,768 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
MOD - [2013/07/31 00:21:20 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
MOD - [2013/07/31 00:21:20 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
MOD - [2013/07/31 00:21:20 | 000,079,360 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
MOD - [2013/07/31 00:21:16 | 000,134,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
MOD - [2013/07/31 00:21:16 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
MOD - [2013/07/31 00:21:14 | 000,092,672 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll
MOD - [2013/07/31 00:21:14 | 000,070,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll
MOD - [2013/07/31 00:21:12 | 000,229,888 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
MOD - [2013/07/31 00:21:12 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
MOD - [2013/07/31 00:21:12 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll
MOD - [2013/07/31 00:21:08 | 000,693,760 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll
MOD - [2013/07/31 00:21:08 | 000,469,504 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll
MOD - [2013/07/31 00:21:08 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
MOD - [2013/07/31 00:21:08 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll
MOD - [2013/07/31 00:21:08 | 000,071,168 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll
MOD - [2012/07/02 00:00:00 | 003,284,992 | ---- | M] () -- c:\Program Files (x86)\Trillian\plugins\skypekit.exe
MOD - [2012/07/02 00:00:00 | 000,187,392 | ---- | M] () -- C:\Program Files (x86)\Trillian\libpng15.dll
MOD - [2012/07/02 00:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Trillian\libungif.dll
MOD - [2012/07/02 00:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Trillian\zlib1.dll
MOD - [2012/07/02 00:00:00 | 000,011,264 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\buddy.dll
MOD - [2012/07/02 00:00:00 | 000,007,168 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\talk.dll
MOD - [2012/07/02 00:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\trillian.dll
MOD - [2012/07/02 00:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\events.dll
MOD - [2012/07/02 00:00:00 | 000,003,584 | ---- | M] () -- c:\Program Files (x86)\Trillian\languages\en\toolkit.dll
MOD - [2012/05/14 12:41:26 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Corsair\M65 Mouse\hidGetKey.dll
MOD - [2010/03/30 23:16:04 | 000,350,720 | ---- | M] () -- C:\Users\Dan\My Documents\KeePassX-0.4.3-win32\KeePassX\imageformats\qmng4.dll
MOD - [2010/03/30 23:16:03 | 000,192,000 | ---- | M] () -- C:\Users\Dan\My Documents\KeePassX-0.4.3-win32\KeePassX\imageformats\qjpeg4.dll
MOD - [2010/03/30 23:16:02 | 000,082,944 | ---- | M] () -- C:\Users\Dan\My Documents\KeePassX-0.4.3-win32\KeePassX\imageformats\qgif4.dll
MOD - [2010/03/30 23:16:02 | 000,081,920 | ---- | M] () -- C:\Users\Dan\My Documents\KeePassX-0.4.3-win32\KeePassX\imageformats\qico4.dll
MOD - [2010/03/30 23:15:58 | 009,515,520 | ---- | M] () -- C:\Users\Dan\My Documents\KeePassX-0.4.3-win32\KeePassX\QtGui4.dll
MOD - [2010/03/30 23:15:58 | 000,398,336 | ---- | M] () -- C:\Users\Dan\My Documents\KeePassX-0.4.3-win32\KeePassX\QtXml4.dll
MOD - [2010/03/30 23:15:57 | 002,415,104 | ---- | M] () -- C:\Users\Dan\My Documents\KeePassX-0.4.3-win32\KeePassX\QtCore4.dll
MOD - [2010/03/30 23:15:57 | 001,433,600 | ---- | M] () -- C:\Users\Dan\My Documents\KeePassX-0.4.3-win32\KeePassX\KeePassX.exe
MOD - [2010/03/30 23:15:57 | 000,043,008 | ---- | M] () -- C:\Users\Dan\My Documents\KeePassX-0.4.3-win32\KeePassX\libgcc_s_dw2-1.dll
MOD - [2010/03/30 23:15:57 | 000,011,362 | ---- | M] () -- C:\Users\Dan\My Documents\KeePassX-0.4.3-win32\KeePassX\mingwm10.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/12/19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/04/07 01:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/11/08 10:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2013/08/20 18:00:06 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/06/07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/15 10:02:12 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/07 21:40:25 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013/03/07 21:40:18 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013/03/04 21:55:11 | 000,271,424 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/02/24 16:04:53 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2013/02/24 16:04:34 | 000,210,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2013/02/24 16:04:31 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
DRV:64bit: - [2012/12/19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/09/05 13:31:26 | 000,025,600 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SnakeEyes.sys -- (SnakeEyes)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/02/22 12:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/11 08:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/12/13 14:02:01 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/07/14 17:18:52 | 000,157,184 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/24 14:35:36 | 000,019,968 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzjoystk.sys -- (rzjoystk)
DRV:64bit: - [2010/04/27 20:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/03/22 11:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/09 12:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/18 18:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/10/01 23:03:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2009/09/21 21:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 22:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/01 01:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/05/01 00:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009/05/01 00:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/07/28 20:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2013/08/16 07:19:12 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2013/03/24 23:46:04 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2012/10/08 16:50:52 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012/10/08 16:50:13 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/10/15 04:10:20 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2010/03/12 14:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys -- (AODDriver)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?r...opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D 51 0C 93 AD 85 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dan\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dan\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



========== Chrome ==========

CHR - default_search_provider: Startpage HTTPS (Enabled)
CHR - default_search_provider: search_url = https://startpage.co...anguage=english
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dan\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dan\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dan\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

O1 HOSTS File: ([2013/07/14 14:17:44 | 000,001,188 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 ut2004master2.epicgames.com
O1 - Hosts: 127.0.0.1 ut2004master1.epicgames.com
O1 - Hosts: 0.0.0.0 boxore.com
O1 - Hosts: 0.0.0.0 www.boxore.com
O1 - Hosts: 0.0.0.0 boxore.org
O1 - Hosts: 0.0.0.0 www.boxore.org
O1 - Hosts: 0.0.0.0 boxore.net
O1 - Hosts: 0.0.0.0 www.boxore.net
O1 - Hosts: 0.0.0.0 dlmanager.com
O1 - Hosts: 0.0.0.0 www.dlmanager.com
O1 - Hosts: 0.0.0.0 dlmanager.org
O1 - Hosts: 0.0.0.0 www.dlmanager.org
O1 - Hosts: 0.0.0.0 dlmanager.net
O1 - Hosts: 0.0.0.0 www.dlmanager.net
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Corsair M65 Mouse] C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe (Corsair Components Inc)
O4 - HKLM..\Run: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ToolBox.lnk = File not found
O4 - Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinLaunch - Shortcut.lnk = C:\Users\Dan\Downloads\winlaunch_0_4_6_0___mac_launchpad_for_windows_by_mrc0rrupted-d4ldftg\x64(64bit)\WinLaunch.exe (WinLaunch.bplaced.net)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.42
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A32423A-FA95-4E87-AA09-8F48BFE7F716}: DhcpNameServer = 192.168.1.42
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{16fcfe12-c915-11e1-8005-00e01c3fa43b}\Shell - "" = AutoRun
O33 - MountPoints2\{16fcfe12-c915-11e1-8005-00e01c3fa43b}\Shell\AutoRun\command - "" = "K:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{68f9c0c0-2582-11e1-9f3c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{68f9c0c0-2582-11e1-9f3c-806e6f6e6963}\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\{de0ace83-c495-11e0-a502-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{de0ace83-c495-11e0-a502-806e6f6e6963}\Shell\AutoRun\command - "" = V:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRunCD.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/08 23:08:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Documents\OTL.exe
[2013/10/08 23:03:59 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Dan\Documents\HijackThis.exe
[2013/10/08 21:53:56 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\KeePassX
[2013/10/08 21:53:37 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\KeePassX-0.4.3-win32
[2013/10/05 07:32:10 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamNG.drive
[2013/10/05 07:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BeamNG
[2013/10/02 21:26:51 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zandronum
[2013/10/02 21:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zandronum
[2013/10/02 21:23:32 | 017,380,107 | ---- | C] (Zandronum) -- C:\Users\Dan\Documents\zandronum1.2-win32-installer.exe
[2013/10/02 21:19:54 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\DOOM THE MERCENARIES
[2013/09/18 19:44:31 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\WarThunder
[2013/09/18 19:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder
[2013/09/18 19:44:24 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
[2013/09/18 19:38:40 | 004,198,248 | ---- | C] (2013 Gaijin Entertainment Corporation ) -- C:\Users\Dan\Documents\wt_launcher_1.0.1.269.exe
[2013/09/13 21:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
[2013/09/13 21:14:29 | 004,816,605 | ---- | C] (Geeks3D ) -- C:\Users\Dan\Documents\FurMark_1.11.0_Setup.exe
[2013/09/09 17:13:57 | 000,000,000 | -HSD | C] -- C:\windows\Installer
[2013/09/09 17:13:45 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2013/09/09 17:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2013/09/09 17:13:07 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\MSIAfterburnerSetup300Beta14_SE-[Guru3D.com]
[4 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/08 23:08:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Documents\OTL.exe
[2013/10/08 23:06:00 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/08 23:04:04 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Dan\Documents\HijackThis.exe
[2013/10/08 23:00:00 | 000,073,628 | ---- | M] () -- C:\Users\Dan\Network_Meter_Data.js
[2013/10/08 22:48:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1292611385-2853479902-2964421468-1000UA.job
[2013/10/08 21:53:31 | 006,754,649 | ---- | M] () -- C:\Users\Dan\Documents\KeePassX-0.4.3-win32.zip
[2013/10/08 09:55:30 | 000,000,462 | ---- | M] () -- C:\windows\tasks\Wise Registry Cleaner Schedule Task.job
[2013/10/08 09:48:01 | 000,000,848 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1292611385-2853479902-2964421468-1000Core.job
[2013/10/08 02:06:00 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/05 06:34:23 | 098,903,976 | ---- | M] () -- C:\Users\Dan\Documents\BeamNG-Techdemo-0.3-setup.exe
[2013/10/05 06:23:28 | 000,048,199 | ---- | M] () -- C:\Users\Dan\Documents\[isoHunt] BeamNG DRIVE 0.3.06 (2-click run).torrent
[2013/10/03 20:16:06 | 000,778,150 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/10/03 20:16:06 | 000,659,580 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/10/03 20:16:06 | 000,120,508 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/10/03 20:14:47 | 000,016,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/03 20:14:47 | 000,016,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/03 20:07:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/10/03 20:07:29 | 2145,558,527 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/03 07:35:41 | 000,010,614 | ---- | M] () -- C:\Users\Dan\Documents\[BakaBT.147066v0] [A-FanRips]_Riding_Bean_[H264_AC3]_[B224BAC7].mkv.torrent
[2013/10/02 21:25:43 | 017,380,107 | ---- | M] (Zandronum) -- C:\Users\Dan\Documents\zandronum1.2-win32-installer.exe
[2013/10/02 21:19:05 | 046,252,310 | ---- | M] () -- C:\Users\Dan\Documents\DOOM THE MERCENARIES.rar
[2013/10/01 19:42:50 | 000,161,169 | ---- | M] () -- C:\Users\Dan\Documents\SmartVideo_For_YouTube_0_9927.crx
[2013/09/28 17:24:28 | 000,000,028 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Network Meter_Usage.ini
[2013/09/28 03:22:31 | 000,020,992 | ---- | M] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/19 01:25:27 | 001,065,984 | ---- | M] () -- C:\Users\Dan\AppData\Local\file__0.localstorage
[2013/09/18 19:39:37 | 004,198,248 | ---- | M] (2013 Gaijin Entertainment Corporation ) -- C:\Users\Dan\Documents\wt_launcher_1.0.1.269.exe
[2013/09/18 04:43:48 | 000,290,184 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr
[2013/09/18 04:43:48 | 000,290,184 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
[2013/09/18 03:21:53 | 000,290,184 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.ex0
[2013/09/17 05:05:26 | 002,584,044 | ---- | M] () -- C:\Users\Dan\Documents\happy_birthday.pdf
[2013/09/14 00:17:27 | 001,046,528 | ---- | M] () -- C:\Users\Dan\Documents\MicrosoftFixit50848.msi
[2013/09/13 21:15:57 | 004,816,605 | ---- | M] (Geeks3D ) -- C:\Users\Dan\Documents\FurMark_1.11.0_Setup.exe
[2013/09/09 19:24:10 | 000,000,045 | ---- | M] () -- C:\windows\SysWow64\initdebug.nfo
[2013/09/09 19:23:55 | 001,867,968 | ---- | M] () -- C:\Users\Dan\Documents\speedfan438-[Guru3D.com].exe
[2013/09/09 17:12:49 | 016,281,689 | ---- | M] () -- C:\Users\Dan\Documents\MSIAfterburnerSetup300Beta14_SE-[Guru3D.com].zip
[4 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/08 21:52:31 | 006,754,649 | ---- | C] () -- C:\Users\Dan\Documents\KeePassX-0.4.3-win32.zip
[2013/10/05 06:25:23 | 098,903,976 | ---- | C] () -- C:\Users\Dan\Documents\BeamNG-Techdemo-0.3-setup.exe
[2013/10/05 06:23:28 | 000,048,199 | ---- | C] () -- C:\Users\Dan\Documents\[isoHunt] BeamNG DRIVE 0.3.06 (2-click run).torrent
[2013/10/03 07:35:41 | 000,010,614 | ---- | C] () -- C:\Users\Dan\Documents\[BakaBT.147066v0] [A-FanRips]_Riding_Bean_[H264_AC3]_[B224BAC7].mkv.torrent
[2013/10/02 21:07:06 | 046,252,310 | ---- | C] () -- C:\Users\Dan\Documents\DOOM THE MERCENARIES.rar
[2013/10/01 19:42:48 | 000,161,169 | ---- | C] () -- C:\Users\Dan\Documents\SmartVideo_For_YouTube_0_9927.crx
[2013/09/17 05:05:19 | 002,584,044 | ---- | C] () -- C:\Users\Dan\Documents\happy_birthday.pdf
[2013/09/14 00:17:24 | 001,046,528 | ---- | C] () -- C:\Users\Dan\Documents\MicrosoftFixit50848.msi
[2013/09/09 19:23:46 | 001,867,968 | ---- | C] () -- C:\Users\Dan\Documents\speedfan438-[Guru3D.com].exe
[2013/09/09 17:10:42 | 016,281,689 | ---- | C] () -- C:\Users\Dan\Documents\MSIAfterburnerSetup300Beta14_SE-[Guru3D.com].zip
[2013/09/02 05:00:00 | 000,073,628 | ---- | C] () -- C:\Users\Dan\Network_Meter_Data.js
[2013/08/20 07:51:28 | 000,290,184 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2013/08/20 07:51:27 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2013/08/20 07:48:21 | 002,580,552 | ---- | C] () -- C:\windows\SysWow64\pbsvc.exe
[2013/07/16 17:33:58 | 000,000,028 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\Network Meter_Usage.ini
[2013/07/09 01:45:27 | 003,130,440 | ---- | C] () -- C:\windows\SysWow64\pbsvc_blr.exe
[2013/07/05 10:36:36 | 000,000,624 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/06/29 15:48:53 | 001,192,831 | ---- | C] () -- C:\windows\unins001.exe
[2013/06/29 15:48:53 | 000,010,799 | ---- | C] () -- C:\windows\unins001.dat
[2013/06/29 15:48:31 | 001,193,175 | ---- | C] () -- C:\windows\unins000.exe
[2013/06/29 15:48:31 | 000,043,191 | ---- | C] () -- C:\windows\unins000.dat
[2013/03/10 04:59:24 | 000,000,530 | ---- | C] () -- C:\windows\eReg.dat
[2013/03/05 22:36:29 | 000,000,714 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/02/25 05:02:49 | 000,211,109 | ---- | C] () -- C:\ProgramData\LUInstall.LiveUpdate
[2013/02/15 21:09:57 | 001,065,984 | ---- | C] () -- C:\Users\Dan\AppData\Local\file__0.localstorage
[2012/12/19 21:52:22 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012/12/19 21:52:22 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012/10/25 16:23:00 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI
[2012/10/09 22:17:19 | 000,001,083 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\Network Meter_Settings.ini
[2012/09/24 05:17:45 | 000,005,289 | ---- | C] () -- C:\windows\cdplayer.ini
[2012/09/08 20:24:56 | 000,000,080 | ---- | C] () -- C:\Users\Dan\AppData\Local\X-Plane Installer.prf
[2012/08/09 08:15:50 | 000,007,643 | ---- | C] () -- C:\Users\Dan\AppData\Local\Temp7.html
[2012/08/09 08:15:47 | 000,001,858 | ---- | C] () -- C:\Users\Dan\AppData\Local\Temp1.html
[2012/08/02 19:46:43 | 000,000,252 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\GPU MeterV2_Settings.ini
[2012/07/07 07:44:18 | 000,000,241 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\GPU Meter_Settings.ini
[2012/06/23 16:51:54 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat
[2012/06/07 02:27:48 | 000,000,375 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\Digital Clock_Settings.ini
[2012/05/08 17:24:20 | 001,131,153 | ---- | C] () -- C:\windows\SysWow64\unins000.exe
[2012/05/08 17:24:20 | 000,009,797 | ---- | C] () -- C:\windows\SysWow64\unins000.dat
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll
[2012/04/14 21:08:55 | 000,000,017 | ---- | C] () -- C:\Users\Dan\AppData\Local\resmon.resmoncfg
[2012/02/01 11:05:52 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012/01/08 22:20:22 | 000,771,962 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/11/23 18:28:44 | 000,020,992 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011/11/02 16:34:11 | 000,000,106 | ---- | C] () -- C:\windows\galaxy.ini
[2011/10/25 22:50:17 | 000,069,632 | R--- | C] () -- C:\windows\SysWow64\xmltok.dll
[2011/10/25 22:50:17 | 000,036,864 | R--- | C] () -- C:\windows\SysWow64\xmlparse.dll
[2011/10/25 22:50:01 | 000,185,344 | ---- | C] () -- C:\windows\patchw32.dll
[2011/10/17 17:05:53 | 000,000,412 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\All CPU Meter_Settings.ini
[2011/08/14 13:40:18 | 000,000,042 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\TheHunterSettings_live.cfg

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/05 03:51:16 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\.minecraft
[2013/06/01 00:48:10 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\.mono
[2013/05/09 03:45:08 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\3909 LLC
[2012/10/25 16:35:10 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Bioshock2
[2011/10/27 04:45:51 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Canon
[2013/04/04 22:07:55 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\CVitae
[2011/08/12 02:27:02 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DAEMON Tools Lite
[2011/12/13 13:57:49 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DAEMON Tools Pro
[2012/11/04 20:58:39 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\digipen
[2013/10/07 21:05:28 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DisplayFusion
[2012/06/02 04:04:07 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Dream Aquarium
[2013/04/17 18:17:21 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\FileZilla
[2013/07/14 14:17:15 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\FLAC to MP3 Converter
[2013/03/07 21:42:07 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Foxit Software
[2013/08/24 12:51:39 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Full Control
[2013/10/08 21:56:42 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\KeePassX
[2012/06/23 16:58:20 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Leadertech
[2012/08/06 23:05:13 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ManyCam
[2011/10/18 21:40:03 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mount&Blade Warband
[2013/05/15 01:50:32 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mumble
[2013/01/28 21:10:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\OpenOffice.org
[2013/08/15 02:30:36 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Origin
[2011/12/31 00:36:08 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PhotoFiltre
[2012/08/03 05:24:56 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Red Kawa
[2012/10/21 11:21:40 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Sega
[2013/01/11 07:01:50 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Stardock
[2013/06/16 10:54:15 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\StarTrekPC
[2011/08/12 06:05:54 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\System
[2013/06/04 18:29:16 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Touchstone
[2012/07/17 16:12:16 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Trillian
[2012/12/09 08:03:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\TS3Client
[2012/06/24 15:52:52 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ts3overlay
[2013/04/10 05:45:07 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\UDP Software
[2011/12/28 20:59:39 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Unity
[2013/10/07 04:28:00 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\uTorrent
[2013/06/12 07:33:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\WindSolutions
[2013/10/08 13:34:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Wise Registry Cleaner
[2011/08/12 06:05:52 | 000,000,000 | -HSD | M] -- C:\Users\Dan\AppData\Roaming\wyUpdate AU

========== Purity Check ==========



< End of report >
[/code]
  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :)

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.


There should be another log that was produced when you ran OTL called Extras.txt and it should be located in the same location as the OTL log was, in this case, C:\Users\Dan\Documents

I see a couple of programs on your machine, they aren't malware, but we do not recommend them here. I'd like to peruse the Extras log to see if there are any other programs that we would recommend uninstalling.

Things I need to see in your next post.

OTL Extras Log

  • 1

#3
averysadman

averysadman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 179 posts
Hi, thanks for your time. Here is the log you requested.

OTL Extras logfile created on: 10/8/2013 11:08:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dan\Documents
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 3.33 Gb Available Physical Memory | 41.68% Memory free
15.99 Gb Paging File | 10.30 Gb Available in Paging File | 64.39% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 193.55 Gb Free Space | 64.93% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 43.84 Gb Free Space | 9.41% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 986.86 Gb Free Space | 52.97% Space Free | Partition Type: NTFS
Drive L: | 465.76 Gb Total Space | 465.66 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: ARBITER | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DBA48F9-7D7D-4E54-A99C-1048B54FE402}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{0FFF0DB2-CDCD-4D64-B2FA-C54F7842C1D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{104252E1-477B-40BF-8C93-3EE6F041481A}" = lport=138 | protocol=17 | dir=in | app=system |
"{116CF1A6-5711-438D-8081-C597AA1B8A9E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{149B0AC4-CE06-4D4A-8DCF-D1759DDB6502}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{150A62D9-A056-4050-90CC-1E5546382960}" = lport=3390 | protocol=6 | dir=in | app=system |
"{1772EDC6-06FD-4767-AEFD-51D2AC04042E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1CAE7218-DE7B-4FF5-AAD2-46E71CB7A2D6}" = rport=137 | protocol=17 | dir=out | app=system |
"{1DB7D0DF-31C1-4679-9D9D-3792F9BE2052}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2296FEC5-593D-46A2-AC60-377E0CDA96EA}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{23739F04-2840-4DDF-B130-5407AE3A4BFA}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{29146BAD-388F-47B1-AF13-14DC1D4D2FCA}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2FE2B56E-8750-4A1E-A93F-927CAE001859}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2FF8729E-5263-404E-BDE2-DA844C581DC7}" = rport=445 | protocol=6 | dir=out | app=system |
"{310866FC-7BD1-4DE4-A056-EDBA0506E1A7}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{37AFCDB7-6D62-467A-9FD4-6246C0811A7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A890142-838E-412E-81C6-EB0A8D06661D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44607959-0F05-4C3F-8BC8-C6B60C98BCB6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47627D99-C059-457D-87BD-13F03018384F}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{490EAA09-B601-43EF-878D-A26B54EAE45E}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{51CF6AD9-8B76-4C2E-AC8D-DA2BCD125705}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58B7A599-1B66-4A5F-BC18-58E87E1B64A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{62250B75-1DA4-4FFE-B3D2-E76199EA8F48}" = rport=139 | protocol=6 | dir=out | app=system |
"{64501C2B-4DA2-400F-9DC2-A0EC072C844C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6CC04CB6-4841-4463-9FEC-83C3E4AFB150}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{6CDBED62-F571-40AF-A1DA-6D9B47ACCD7A}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6F8F03B3-47DD-4083-8D36-57A70CCAD178}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{75210FFA-B5A0-44DB-9B39-6D4D53C848E0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77761199-D713-4577-BCB8-FB2EF0BF2960}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8097481F-2764-403F-8B71-FE595E27F770}" = lport=10244 | protocol=6 | dir=in | app=system |
"{8BCF1749-9118-4F3E-95B2-306E28C10CC5}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{8C18F583-EBB5-4EF4-93E3-D1E4DE5769AF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9071A494-C406-4580-9B9A-E69533762115}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98D2472F-4859-45FC-835F-67E3DAEC20EE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A45243F-22AB-4E9F-A75D-CE2F0302B142}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9B2B2391-86C1-4571-90FC-754EA57D674E}" = lport=3390 | protocol=6 | dir=in | app=system |
"{A652327A-2BB1-4299-87B6-B3A93D6C25A0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8777E88-D3C7-4A6E-A057-72D1D4307A8E}" = lport=10244 | protocol=6 | dir=in | app=system |
"{AE32DE79-39C5-4F39-A09B-75413F7DF8BB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B0A9BB0D-1B79-470A-ADE4-596B511AB3AA}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{B1DA4BC0-C4DE-4FC7-BE83-EB0397078361}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BD18AB82-421A-44F4-9DDA-36726D39F9F6}" = lport=139 | protocol=6 | dir=in | app=system |
"{C01EC51C-C776-48B9-BC34-9B17C0E86422}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C38ACB36-1F85-45E0-A5FB-39A785F2869D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C408E648-07B7-473C-A2C3-95D1F2871DAB}" = lport=137 | protocol=17 | dir=in | app=system |
"{C446057A-441F-4A17-AADB-7E05B2427402}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8891EA7-3E63-451A-9C0A-D86A8521A742}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C99E0A7C-731B-4815-992B-5EE0CC9BD65D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA026492-EBBD-47F8-9018-0264BFFD60DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5EAAC26-433C-4321-A3B7-6F5203F8B63C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6B9C18A-E613-47DC-8C4C-970859B72EEF}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{D94394DE-B335-4625-9B0F-9E430DD38089}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE7CAB2E-940F-4363-869B-D132BBF9633E}" = lport=445 | protocol=6 | dir=in | app=system |
"{E7FAEDDC-2CED-4CD4-B63F-93261E41A4FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E819C48A-E63C-4BA0-868A-B2C1A4A7FF16}" = rport=138 | protocol=17 | dir=out | app=system |
"{EA9E67A0-9F73-4F20-8281-B5A033A816B9}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{F192B505-B711-4D26-B80B-003B89ADD4CE}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F4082254-9E0D-4C30-98DB-223F5D2F3CAD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC723AC1-6C01-4801-A92A-66A8050265F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C4F8F5-0B1B-4CC5-A59A-F806A282BC14}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\shadow warrior classic\bin\sw.exe |
"{03B2BF8E-D2C0-47D2-9019-D5FC5B8AB41E}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{095D6BE0-291B-42EF-A296-E0C3F7EC7D48}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\aliens vs predator\avp.exe |
"{0E06B66B-60A1-4870-9BA6-3A00B7AA5CC9}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{11CDE9BA-8CBF-4A8C-BF11-F481D06D2CBD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15B8A991-40CB-43EE-8C3B-8E009D48EAA0}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{16A31835-B800-46C4-8E2D-0B46DAD66182}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{186C1CE6-AC65-47F7-A04A-B030715A617B}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{19A496BA-7819-470B-9C4A-C6014593DCAA}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\europa universalis iii - complete\eu3game.exe |
"{1C01B2F1-6EF9-42F2-9849-D9EEFBE2AB1A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1DFDB4F4-2B32-4FB8-851C-D4671156E52B}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe |
"{1DFF5758-057A-4CB3-8115-4AFB3464726F}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{218DCA27-58E0-4C68-B43A-A983352F18C3}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{24445937-FD89-421A-A6E6-C02B47D18188}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{265A6439-6608-43A5-916C-B0762A307312}" = protocol=58 | dir=in | [email protected],-28545 |
"{2749A0EB-2253-4ACF-BD79-B8905ABB02A7}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
"{28AE2567-C18C-4B85-A70F-2C0A76DD9AA5}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
"{2A762C76-3A5D-428C-9A20-B836219D46A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2DD36135-FE2F-4FB6-A75F-6B56484277BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E43C22A-E700-45C3-BDEF-7C97A62AC956}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\hexen 2\glh2.exe |
"{2FF387BA-CD91-4110-B768-5E29A23DE350}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\dungeonland\dungeonland.exe |
"{3509B3D9-8EF9-4803-A4CD-9CF7F0EB67B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{39C5A89B-7752-4F3D-A25D-B1398999E7E9}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
"{3A959AB6-477C-4488-BC2A-6A8BC912D96A}" = protocol=6 | dir=in | app=g:\origin\dead space 3\deadspace3.exe |
"{3BA86887-5025-4B79-BFD1-EB68CEA33D5E}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{40647B05-2F91-4728-81D2-E679B7448821}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\serious sam the random encounter\sstre.exe |
"{42809AA2-5AD6-4FCE-89CF-D05AC5EB68AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{42F92307-4455-4FB6-90C2-92B14A3C715A}" = protocol=17 | dir=in | app=g:\origin\battlefield 3\bf3.exe |
"{4933ECF3-3BEC-4F90-8D42-9ABBF548179B}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\duke nukem 3d\bin\duke3d.exe |
"{4971ED6D-E146-4098-A4E9-E86A4EBDC05F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4BC0C05D-E3CD-4910-981B-93DA3D4F0438}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5086B8C7-83BE-4957-9629-5EC20EEEEF3C}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\shadow warrior classic\bin\dosbox\dosbox.exe |
"{5295DC94-767C-4C48-B4E1-3540FD8FDA29}" = protocol=6 | dir=in | app=g:\origin\mirrors edge\binaries\mirrorsedge.exe |
"{530F0C55-BF6A-4DD1-B2DB-F7864E8D2DA9}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\leviathan warships\leviathan.exe |
"{55B840DB-7EC7-4236-9C11-C6312E4790A3}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sonic generations\sonicgenerations.exe |
"{55BD53A9-05B3-4A35-9C63-54CBC0130AA1}" = protocol=17 | dir=in | app=g:\origin\burnout paradise\burnoutparadise.exe |
"{57344A73-FEE7-49F9-8643-D5231F74F4D8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{580E183F-1EF1-4AEC-8E5B-48D66FD0A092}" = protocol=17 | dir=in | app=g:\games\war thunder\warthunder\launcher.exe |
"{5971FE6C-7580-4703-B83F-101B364FF8B9}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5BD73347-C3D6-4353-BD82-855084C210D2}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{5E91D1B5-E0EF-44C0-BA22-9ECC8A361CA3}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
"{5F0A4D64-2B2D-4710-82BD-940336DBDE69}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{60A4AC75-D70E-4617-838C-2E9C3F280961}" = protocol=17 | dir=in | app=g:\origin\dead space 3\deadspace3.exe |
"{65DEA061-7441-43F2-A025-6102F0E5E767}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\i am alive\src\system\iamalive_game.exe |
"{6BDB917B-7F17-43F7-8A11-7DC6B18368AB}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\sonic generations\configurationtool.exe |
"{6DD771E3-B2C7-4FCA-B1F4-7F1EBC904D11}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sonic generations\configurationtool.exe |
"{74A6B65B-B4BF-4D50-9431-AA374C42E57E}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\serious sam 2\bin\sam2.exe |
"{75C7ACE5-29FD-44DB-AB75-4460E905290A}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
"{78AF6767-B716-40E8-B505-36D7EE12F3A0}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\hexen 2\glh2.exe |
"{7C387A72-BBAF-4E3C-9974-536307F863B8}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\serious sam the random encounter\sstre.exe |
"{7C801DBB-C727-4996-B3B9-C77E70A57867}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\alien swarm\swarm.exe |
"{81C60A5D-5652-4F14-94BD-A1D3EF702D2C}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{83B8A50C-7902-465E-B05A-3A0BEC783015}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{847BC65E-7EED-43EB-A063-6F3B2760BE59}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |
"{84B64D9B-8D8E-4D04-956C-F451C21EAA56}" = protocol=1 | dir=out | [email protected],-28544 |
"{85644A0B-83DD-433B-A3D4-8BA73B5C231D}" = protocol=1 | dir=in | [email protected],-28543 |
"{89FFEAC1-326D-465E-9241-17F92F789A46}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
"{8AD3A598-1879-4864-8949-D6E9EB6F3592}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{909F372F-F3F8-469A-9DA7-F24A687948D0}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\shadow warrior classic\bin\sw.exe |
"{91185A89-76A0-4F97-AD19-BDE205D278FC}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{951C30BA-3F2A-42EB-9B27-2D4DA6FBC039}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\chrome specforce\specforce.exe |
"{96ED4C6D-75D2-4762-9D5C-34E50D24B894}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\duke nukem 3d\bin\duke3d.exe |
"{9A4888A0-22D6-434F-A181-451774AE6538}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\chrome specforce\specforce.exe |
"{9B27DDB1-1A33-4F7C-90A7-5F0C3A556E15}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9B28E46E-D751-431B-ABC8-9BB08BB64DC9}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\leviathan warships\leviathan.exe |
"{9CEF9F00-5158-4A85-BE98-774F9B97A5BC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9F81DE93-6B58-494F-9E20-66A22C600FB7}" = protocol=6 | dir=in | app=g:\games\war thunder\warthunder\launcher.exe |
"{9F8337B3-2C5C-4B76-AFFF-38203B2F9845}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{A2215C36-16AC-4D3C-971E-A9920236F9DA}" = protocol=6 | dir=in | app=g:\origin\battlefield 3\bf3.exe |
"{A28F1DA7-E33F-429D-B5CB-256F6A6F58B1}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\duke nukem 3d\bin\dosbox\dosbox.exe |
"{A2AC23D7-9371-4F17-A77B-F8BB696FEB6D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{A3EEFDB8-ECD3-49D4-B3AE-371790DB3ABE}" = protocol=6 | dir=in | app=g:\origin\burnout paradise\burnoutparadise.exe |
"{A7616D89-9A1F-4B0B-BAA4-0F774009802A}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\shadow warrior classic\bin\dosbox\dosbox.exe |
"{A79A400F-2BB7-4E0A-8F19-1503BDA040AF}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\alien swarm\swarm.exe |
"{AB576568-886C-4CDD-9A15-B145C081BE9E}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |
"{AD5A992E-71F6-45D0-81E3-0602347FD4E7}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\aliens vs predator\avp.exe |
"{AEA7703F-9DA2-4E2B-9563-43522EF6F708}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\serious sam 2\bin\sam2.exe |
"{AEB75F27-FD8A-4ED5-98AB-7CF013891080}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
"{B0AA1524-EF7E-4EB1-A51C-D0D6FF18D14A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{B1ABAEB2-72A9-4B20-A248-EE8720A22F5C}" = protocol=58 | dir=out | [email protected],-28546 |
"{B225BFC1-1A58-42FE-98DB-A322B47F0763}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{B5811C4C-656A-466D-9CC5-61305EF549BB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B7868355-0BCC-4E75-AD21-73CAAE815BB1}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{BB71B060-1A75-451C-B96C-55A07402DDA1}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{C3E87B02-FC2B-48C9-93C1-DCFED7457D0D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\serioussamdoubled\ssgame.exe |
"{C49139A2-50CD-48F0-BFFC-63E25358EBC7}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\serioussamdoubled\ssgame.exe |
"{C6BECC14-E127-49F1-918F-28DB083B8324}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\sonic generations\sonicgenerations.exe |
"{C8052292-A4A3-4490-A48C-DA36332FFF19}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CD368EDD-8AD7-4881-AB84-0BB13A45544D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CE4AD5B7-9869-4BAC-B8FC-85B7C8CDD362}" = protocol=6 | dir=out | app=system |
"{D649CB2D-6873-4D03-A303-2ABFAB6EB328}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DCBB4962-F5A0-41CC-823F-8B4C21732F69}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DDB49439-5DF6-4E83-9847-D1529D4E3555}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\europa universalis iii - complete\eu3game.exe |
"{DF9AA815-E758-4EFA-89A6-02936D621A6D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\i am alive\src\system\iamalive_game.exe |
"{E36D7D9B-976D-4058-93E7-AC064F34C6F1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{E3BBF14B-7996-4733-8D0B-AC79724258A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E549A76C-2DE1-4459-AA53-9122E508C4F3}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{E8B1385B-751A-4E17-9043-6D39F813731F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E8F20CE0-2F8C-4E97-9B8E-B45B06EE081F}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\dungeonland\dungeonland.exe |
"{ECB68655-5A78-4851-8913-6AFA7AEBCD79}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{ED6ABFC7-A6D9-4F5A-9EFB-C8AA1CB964DD}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\chrome\chrome.exe |
"{EEDF42C6-9743-46E0-AA8D-B710D13FEA16}" = protocol=17 | dir=in | app=g:\origin\mirrors edge\binaries\mirrorsedge.exe |
"{EFE71408-D947-4F8C-BBD0-2678257B6F42}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EFF1D60F-7B98-4736-9716-C568835B12A0}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\duke nukem 3d\bin\dosbox\dosbox.exe |
"{F46345C2-D1E2-49F9-B354-79736D527AFA}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{F5B8E6E3-08F6-4A96-8484-BE67681D1376}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\chrome\chrome.exe |
"{FA13E882-58FB-4AAE-A8A0-8775F6E0D565}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA26474F-9B03-4A31-B9D7-CABE2DB8696E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB443958-62D9-4C79-B696-6397183FB0BD}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
"{FCF313EF-7068-4ABA-AD5D-2E9926CEC0DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD6545CA-B077-4B22-AB27-CBE21C4CF0CD}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe |
"{FD720B13-431D-462E-A1FD-75D483E3FA35}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\skyrim\skyrimlauncher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0136AFB8-DA00-30CD-8D3B-8B641065A932}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - FRA
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62BDA98E-352B-5244-FA5C-5C441EF799EB}" = ATI AVIVO64 Codecs
"{704C16B7-13DD-3656-96A0-4E456CCF75E6}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - FRA" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - Français
"Speccy" = Speccy
"WhoCrashed_is1" = WhoCrashed 3.06
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{0214578F-4888-43FB-9E34-C14FCFDEDDEB}" = Razer Nostromo
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{03496F77-5835-D529-1ED8-044FCD372E0F}" = HydraVision
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{15473D70-D791-3B5E-B174-2FD19EC0D017}" = Microsoft Visual C++ 2008 Express Edition - FRA
"{1998BD34-1AAB-4169-ACFF-67342E2AF9B4}" = Gothic III Release Update
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1CDC8E7D-CDFC-4C2B-A080-23D943354625}" = Burnout™ Paradise: The Ultimate Box
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D FurMark 1.11.0
"{2515EAA9-AE9F-4F0A-8301-B40034838B8A}" = Livestream Procaster
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{29484F2D-404A-4EF6-B774-DF5EC5BDF481}_is1" = Corsair M65 Firmware Update Application
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Activision®
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.29f
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{3F7D10AF-E831-11D5-A228-0050BA4AC847}" = Combat
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor ™
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"{47609E69-4C5E-48B1-A889-24C6B82B5C04}" = Vista Shortcut Manager
"{49C5BD36-F5B9-4E6A-9DC1-04818B9D55E3}" = Razer Nostromo Firmware Updater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP 3.90
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{62CC0366-207F-4BC3-97B1-4D4615B5BF0B}_is1" = Corsair M65 Gaming Mouse Driver V1.0
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{63F87731-0A51-458E-8F9C-54A9E1420489}_is1" = Modern Warfare 3 - Correctif + TeknoMW3
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{68E4C751-272B-44E1-94C7-4E1FDC40F7DA}" = Livestream Procaster
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{7A5E940E-017E-47F8-9D0D-62D49C8D18ED}" = [email protected] KillDisk
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine®2 Sandbox™2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A62C8DA-2DB7-4D94-B5BA-1D38FC36E830}" = Manhunt
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B5E66589-11D4-4DE5-90F3-1AD5E98ABD3E}" = Civilization III - Play the World v1.27F
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BE30158C-B5DA-0831-ED0D-EDA0902EFAD8}" = Application Profiles
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D2BBEABB-A8DF-4451-A7C4-63C87B31E325}" = IL-2 Sturmovik: Forgotten Battles AEP
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7969A0C-9FDF-4CAA-8AE7-52DD55C02709}" = Warframe
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.269
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F5F281A8-881B-4A8D-B277-6930F5D662FA}" = Flawless Widescreen
"{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}" = MechWarrior Online
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Afterburner" = MSI Afterburner 3.0.0 Beta 14
"AviSynth" = AviSynth 2.5
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.3.1
"Battlelog Web Plugins" = Battlelog Web Plugins
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DAEMON Tools Pro" = DAEMON Tools Pro
"DD4F47DF-6540-4BDA-BEAD-2B19250B0C48_is1" = FLAC to MP3 Converter 6.1.9
"Dream Aquarium" = Dream Aquarium 1.234
"EasyBCD" = EasyBCD 2.2
"ESN Sonar-0.70.4" = ESN Sonar
"FileASSASSIN" = FileASSASSIN
"FOOK2 v1.0" = FOOK2
"Foxit Reader_is1" = Foxit Reader
"Fraps" = Fraps (remove only)
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"InstallShield_{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Transformers™ - War for Cybertron™
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"InstallShield_{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{D2BBEABB-A8DF-4451-A7C4-63C87B31E325}" = IL-2 Sturmovik: Forgotten Battles AEP
"LinuxLive USB Creator" = LinuxLive USB Creator
"LogMeIn Hamachi" = LogMeIn Hamachi
"Lost Planet 3_is1" = Lost Planet 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft Visual C++ 2008 Express Edition - FRA" = Microsoft Visual C++ 2008 Express - Français
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"pyfa" = pyfa 1.1.9
"Real Lives 2007" = Real Lives 2007
"Rockstar Games Social Club" = Rockstar Games Social Club
"Sins of a Solar Empirev1.15" = Sins of a Solar Empire
"smartmontools" = smartmontools
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = Aurora
"StarCraft II" = StarCraft II
"Steam App 218130" = Dungeonland
"Steam App 225140" = Duke Nukem 3D: Megaton Edition
"Steam App 225160" = Shadow Warrior Classic Redux
"Steam App 25800" = Europa Universalis III
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Haptek Player" = The Haptek Player
"Trillian" = Trillian
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"UltraISO_is1" = UltraISO Premium V8.62
"Uplay" = Uplay
"uTorrent" = µTorrent
"VGhlQnVyZWF1WENPTURlY2xhc3NpZmllZA==_is1" = The Bureau: XCOM Declassified
"VLC media player" = VLC media player 2.0.8
"Wild Metal Country" = Wild Metal Country
"WinLiveSuite" = Windows Live
"Winstep Xtreme_is1" = Nexus 11.6
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.66
"Yacc" = Yacc 0.4.0.3
"Zandronum" = Zandronum

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online
"BeamNG.drive" = BeamNG.drive
"CopyTrans Suite" = CopyTrans Suite désinstallation uniquement
"CVitaeV4" = CVitaeV4
"Google Chrome" = Google Chrome
"PhotoFiltre" = PhotoFiltre
"SOE-PlanetSide 2 PSG" = PlanetSide 2
"UnityWebPlayer" = Unity Web Player
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/2/2013 6:28:58 PM | Computer Name = Arbiter | Source = Windows Search Service | ID = 1006
Description =

Error - 3/2/2013 6:45:50 PM | Computer Name = Arbiter | Source = Windows Search Service | ID = 3030
Description =

Error - 3/2/2013 6:45:50 PM | Computer Name = Arbiter | Source = Windows Search Service | ID = 1006
Description =

Error - 3/2/2013 6:47:42 PM | Computer Name = Arbiter | Source = Windows Search Service | ID = 3030
Description =

Error - 3/2/2013 6:47:42 PM | Computer Name = Arbiter | Source = Windows Search Service | ID = 1006
Description =

Error - 3/2/2013 6:47:49 PM | Computer Name = Arbiter | Source = Windows Search Service | ID = 3030
Description =

Error - 3/2/2013 6:47:49 PM | Computer Name = Arbiter | Source = Windows Search Service | ID = 1006
Description =

Error - 3/2/2013 6:47:55 PM | Computer Name = Arbiter | Source = Windows Search Service | ID = 3030
Description =

Error - 3/2/2013 6:47:55 PM | Computer Name = Arbiter | Source = Windows Search Service | ID = 1006
Description =

Error - 3/2/2013 7:05:17 PM | Computer Name = Arbiter | Source = Windows Search Service | ID = 3030
Description =

[ Media Center Events ]
Error - 3/5/2013 4:32:59 PM | Computer Name = Arbiter | Source = Microsoft-Windows-Media Center Extender | ID = 104
Description =

Error - 3/5/2013 4:39:38 PM | Computer Name = Arbiter | Source = Microsoft-Windows-Media Center Extender | ID = 104
Description =

Error - 3/5/2013 4:46:13 PM | Computer Name = Arbiter | Source = Microsoft-Windows-Media Center Extender | ID = 104
Description =

Error - 3/5/2013 4:53:09 PM | Computer Name = Arbiter | Source = Microsoft-Windows-Media Center Extender | ID = 104
Description =

Error - 3/5/2013 5:04:49 PM | Computer Name = Arbiter | Source = Microsoft-Windows-Media Center Extender | ID = 104
Description =

Error - 3/5/2013 5:26:39 PM | Computer Name = Arbiter | Source = Microsoft-Windows-Media Center Extender | ID = 104
Description =

Error - 3/5/2013 5:31:31 PM | Computer Name = Arbiter | Source = Microsoft-Windows-Media Center Extender | ID = 104
Description =

Error - 3/5/2013 5:36:15 PM | Computer Name = Arbiter | Source = Microsoft-Windows-Media Center Extender | ID = 104
Description =

Error - 3/8/2013 2:47:49 PM | Computer Name = Arbiter | Source = Microsoft-Windows-Media Center Extender | ID = 104
Description =

Error - 4/18/2013 1:27:54 PM | Computer Name = Arbiter | Source = Microsoft-Windows-Media Center Extender | ID = 104
Description =


Error encountered while reading event logs.

< End of report >
  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hi, thanks for your time. Here is the log you requested.


Hello, and you are very welcome. :)


I have some information for you regarding some of the programs on your machine, so let's get started. :thumbsup:

Part 1: Do not use P2P Programs

The Dangers of P2P Programs

I noticed that you have a P2P file sharing (uTorrent) program on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs.




Part 2: Do not use Registry Cleaners


Registry Cleaner Warning

There were signs of multiple programs that are either currently or have been previously installed on your computer that contain registry cleaners.A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable. At Geeks to Go we strongly advise that people stay away from any of the registry cleaners out there. Go here to get more information about why registry cleaners aren't needed. Technet blog also discusses this issue as well as Ed Bott.




I would uninstall the program Wise Registry Cleaner from your machine


Part 3: Installing Anti-Virus Protections

Install a good Anti-Virus Program


Also, I don't see an anti-virus program installed on your computer. Having a good, up to date, anti-virus program on your machine is absolutely critical with all the malware and infections out there.

Here are three good antivirus free for personal use:


I see no signs of malware or infection on your machine currently. However, getting an anti-virus program on your machine quickly is highly advised.



Part 4: Update Internet Explorer

Your Internet Explorer is out of date. The version you are currently running is 8 and the latest version is 10. Keeping IE updated is another defense against infection as the updates are released to eliminate vulnerabilities.

You can update Internet Explorer to Version 10 by clicking here.



Part 5: Update Windows Service Pack

A service pack (SP) is a Windows update, often combining previously released updates, that helps make Windows more reliable. Service packs, which are provided free of charge on this page, can include security and performance improvements and support for new types of hardware. Make sure you install the latest service pack to help keep Windows up to date. Service packs take about 30 minutes to install, and you'll need to restart your computer about halfway through the installation.

The recommended (and easiest) way to get service packs is to turn on Windows Update for Windows 8, Windows 7, and Windows Vista, or Automatic Updates for Windows XP, and let Windows notify you when the service packs you need are ready to install. Turning on Automatic Updating is quick and easy, and it saves you time and disk space.

Please click here to go to Microsoft's website and download the service pack.


That's all that I see on your machine that needs addressing, but if you have any questions, feel free to ask. :)

Pystryker
  • 0

#5
averysadman

averysadman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 179 posts
So there are no obvious keyloggers on my system then?
Should I perhaps boot into safe mode and do another scan to be sure? If there are no keyloggers my password was probably just brute forced then, it wasn't a very sophisticated hijack, in which case there is no more danger as my passwords have all been cycled.

As for your other advice I have no problems related to those things, but thanks.
  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

So there are no obvious keyloggers on my system then?
Should I perhaps boot into safe mode and do another scan to be sure? If there are no keyloggers my password was probably just brute forced then, it wasn't a very sophisticated hijack, in which case there is no more danger as my passwords have all been cycled.

As for your other advice I have no problems related to those things, but thanks.


No signs of a keylogger or any malware in your system, but just to make sure, let's take a look with Dr. Web. :)



Please follow the instructions below:




Step 1


Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop
  • Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
  • Launch drwebliveusb.exe.
  • The program will detect available USB-devices automatically and prompt you to choose the one you?d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).
    Posted Image
  • To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
  • Files will be copied automatically.
  • Once the copying process is completed, press the Exit button to close the application.
  • Reboot the infected computer with the USB in the drive
  • Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Posted Image
  • Use arrow keys to select DrWeb-LiveCD (Default)

    Posted Image
  • Press select objects for scanning

    Posted Image
  • When the system is loaded, check the disks or folders you want to scan, and click on Start.
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
    Posted Image
  • When it has completed

    Posted Image
  • Select Open Report and copy to the USB
  • Once completed reboot to normal windows, and post the report here


Things I need to see in your next post:

Dr Web Log
  • 0

#7
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

I haven't heard from you since I posted the last set of instructions 5 days ago and wanted to check in with you. Do you need further assistance? :)
  • 0

#8
averysadman

averysadman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 179 posts
Hi, sorry for the delay, I'll get right on that.
Thank you for your time.
  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hi, sorry for the delay, I'll get right on that.
Thank you for your time.


No worries, and you are welcome. :)
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements


#11
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
User has returned.
  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello, and welcome back :)

How did the scan with Dr. Web go?
  • 0

#13
averysadman

averysadman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 179 posts
Hi, thank you Essexboy for unlocking the thread.

Hello pystryker, I just wanted to know before I run the scan if the scan deletes objects automatically or if it will prompt me? I have several files and programs that are often erroneously identified as viruses by my anti-virus, and I don't want to accidentally disable any programs.

Thanks.
  • 0

#14
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome back. :)

Look at the graphics in the post that contains the instructions for Dr Web, and uncheck the box that says "Automatically apply actions to threats." This should send any item it deems a threat to quarantine instead of deleting it outright.
  • 0

#15
averysadman

averysadman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 179 posts
Hi, Dr.Web does not seem to be working.
After booting from the live USB the wizard created, it loads up a green GUI with a progress bar, get's too 100%, then produces some rather horrific crashes.
I tried it several times.

Attached Thumbnails

  • IMG_20131025_225959.jpg
  • IMG_20131025_230016.jpg

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP