Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Roguekiller - how can I determine if it is legit? [Solved]


  • This topic is locked This topic is locked

#1
ScooterPA

ScooterPA

    New Member

  • Member
  • Pip
  • 6 posts
Hello everyone. First time poster. I downloaded Roguekiller a little while back and used it a few times with no issues. However, this morning I first ran Malwarebyte and it found 40 suspicious files.

I removed them and figured that I should try Roguekiller as well. When I started it, it loaded up fine and then seemed to be scanning my files and then prompted me saying that thee was a newer version and asked if I wanted to download it from the website. I clicked 'Ok' and it took me to a program that attempted to install 7-zip. I figured that this was just something that allowed the maker of the software to keep it free so I was going to customize the install and not choose the unwanted portions such as Yahoo toolbar and some other things. However, the only add-on program that gave me the option to not install it was Yahoo Toolbar. All the other add-ons seemed to be auto-installed with the update.

After seeing this, I closed down the updater (without updating) and went in search for info on the net. After a while I came across an older (and closed) forum post (in another forum) where an obviously irritated OP was blaming the author for Roguekiller for the 7-Zip thing. Now, I obviously am not doing this but in the post, other posters were telling the OP that it sounded as if he had an infected PC. I tried to find the folder in which Roguekiller was installed to uninstall it (it doesn't show up in my Control Panel>Programs to allow me to uninstall). In fact, when I search for 'Roguekiller' in my search bar, the only thing that comes up is the Desktop icon. It won't allow me to open file location.

Any thoughts?
  • 0

Advertisements


#2
ScooterPA

ScooterPA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Are we allowed to bump? This was off the first page within seconds =(.
  • 0

#3
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,911 posts
Hi ScooterPA, :)

:welcome:

My name is Valinorum and I will be your helper today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Note: Please, bare in mind that I am still a trainee and my replies need to be reviewed by my teachers before I post them to you which requires time as both teachers and helpers are volunteers here. Take it as a good thing because now you have two people examining your problem. I really hope that we will be able to send you home with a smile on your face. :)

 

First of all, the program named RogueKiller by Tigzy search for an updated version in its pre-scan state. I does not install any third party software. Your machine is either infected or you have downloaded a bogus version of the aforementioned software. Can you tell, from where you downloaded your version of RogueKiller?

I tried to find the folder in which Roguekiller was installed to uninstall it (it doesn't show up in my Control Panel>Programs to allow me to uninstall). In fact, when I search for 'Roguekiller' in my search bar, the only thing that comes up is the Desktop icon. It won't allow me to open file location.

Because Roguekiller does not install in your system or modify it in anyway unless you use a fix. It is a standalone program.

Any thoughts?

Let me get a closer look at your system before giving you my final thoughts.

Are we allowed to bump? This was off the first page within seconds =(.

No, you are not encouraged to do that. We are constantly at watch for threads with no replies. If you bump, we may assume that you may have already been taken care of.

 

  • Step #1 Scan with OTL
  • Please download OldTimer's Listit from one of the following locations and save it to your Desktop.
    Download Link 1
    Download Link 2
    Downlaod LInk 3
  • Copy and Paste the following code inside the Custom Scans/Fixes box;
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button;
  • After the scan two logs will be produced;
  • Copy and paste the content of the logs in your next reply

 

  • Required Log(s):
  • OTL.txt;
  • Extras.txt

Regards,
Valinorum
  • 0

#4
ScooterPA

ScooterPA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi there and thank you for your help! I can't remember where I downloaded the program tbh. It was probably one of those big flashy green buttons that I should know better than to click. Anyway, here are the contents of the logs that you requested:

OTL logfile created on: 11/8/2013 12:26:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Scott\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.51 Gb Available Physical Memory | 68.87% Memory free
16.00 Gb Paging File | 13.23 Gb Available in Paging File | 82.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 388.82 Gb Free Space | 41.75% Space Free | Partition Type: NTFS

Computer Name: SCOTT-PC | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/08 12:25:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Downloads\OTL.exe
PRC - [2013/10/23 03:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/22 15:02:18 | 001,533,240 | -H-- | M] () -- C:\Program Files (x86)\CE\CovenantEyesHelper.exe
PRC - [2012/10/22 15:02:16 | 002,433,832 | -H-- | M] () -- C:\Program Files (x86)\CE\CovenantEyes.exe
PRC - [2011/02/22 09:52:12 | 000,182,784 | ---- | M] (Ideazon, Inc.) -- C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
PRC - [2010/05/20 10:04:14 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/19 12:27:27 | 000,112,318 | ---- | M] () -- C:\Users\Scott\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
MOD - [2013/10/10 11:24:09 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 11:23:47 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/08/14 11:48:26 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
MOD - [2013/08/14 11:48:25 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
MOD - [2013/08/14 11:48:25 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.Wrapper.dll
MOD - [2013/08/14 11:48:24 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/08/14 11:47:55 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 11:47:38 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 11:47:28 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/10 11:42:01 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll
MOD - [2013/07/10 11:41:29 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/04/04 00:09:40 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/10/22 15:02:46 | 000,072,992 | -H-- | M] () -- C:\Program Files (x86)\CE\nmsvTree.dll
MOD - [2012/10/22 15:02:44 | 002,021,144 | -H-- | M] () -- C:\Program Files (x86)\CE\nmSvc.dll
MOD - [2012/10/22 15:02:40 | 001,623,320 | ---- | M] () -- C:\Windows\SysWOW64\nmNsp.dll
MOD - [2012/10/22 15:02:24 | 000,177,944 | ---- | M] () -- C:\Windows\SysWOW64\CESpy.dll
MOD - [2012/10/22 15:02:18 | 001,533,240 | -H-- | M] () -- C:\Program Files (x86)\CE\CovenantEyesHelper.exe
MOD - [2012/10/22 15:02:16 | 002,433,832 | -H-- | M] () -- C:\Program Files (x86)\CE\CovenantEyes.exe
MOD - [2012/10/22 14:47:52 | 000,112,128 | -H-- | M] () -- C:\Program Files (x86)\CE\zlib.dll
MOD - [2011/02/18 10:04:04 | 000,196,448 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL
MOD - [2011/02/16 12:38:44 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Ideazon\ZEngine\AxWBOCXLib.dll
MOD - [2010/11/20 22:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/20 22:24:07 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/12 13:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 13:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/10/22 14:59:06 | 002,220,544 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\authServer.exe -- (Auth Service)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/06 19:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/26 12:00:17 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 03:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/09/13 17:24:32 | 000,350,792 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/17 21:24:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/02/17 21:24:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/11/28 14:33:50 | 002,219,520 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\authServer.exe -- (Auth Service)
SRV - [2010/05/20 10:04:14 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/10 01:29:32 | 000,137,400 | ---- | M] (Razer Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2013/06/18 20:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/16 07:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/01/17 14:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/13 18:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/10 21:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/08/12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/11/23 19:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 19:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/31 11:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\XENfiltv.sys -- (XENfiltv)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/14 06:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV:64bit: - [2007/07/23 06:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/03/20 08:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{2EF8E98F-2450-4781-B7EF-10E5B00EE6F0}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{E793C40D-85EE-4F43-960D-484F85C27EDA}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: File not found
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/26 11:59:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/26 11:59:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/26 11:59:55 | 000,000,000 | ---D | M]

[2013/08/14 17:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions
[2013/10/26 12:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\9vbcv316.default\extensions
[2013/10/26 12:06:23 | 001,333,292 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\9vbcv316.default\extensions\[email protected]
[2013/10/26 12:06:24 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\9vbcv316.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/26 11:59:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/26 12:00:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {95B7759C-8C7F-4BF1-B163-73684A933233} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - {95B7759C-8C7F-4BF1-B163-73684A933233} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Fences] C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NMSVC] C:\Program Files (x86)\CE\CovenantEyes.exe ()
O4 - HKLM..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Windows\SysNative\nmNsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - CCESpy.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\nmNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BFF73BD-5D13-4EBB-B956-4CA1EB62DEF5}: DhcpNameServer = 66.174.71.33 66.174.95.44
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAB978E8-84D9-4160-ADAD-44409E5E191F}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - Reg Error: Value error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/07 23:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013/11/04 15:20:28 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\PFRouterDetector
[2013/11/04 15:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PFRouterDetector
[2013/11/04 15:14:00 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\PFStaticIP
[2013/11/04 15:13:38 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
[2013/11/04 15:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PFStaticIP
[2013/11/04 13:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/04 13:43:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/11/04 13:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/03 20:45:39 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\NBOS
[2013/11/03 20:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NBOS RPG Software
[2013/11/03 20:45:31 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Inspiration Pad Pro
[2013/11/03 20:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\nbos
[2013/10/27 14:37:23 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\ArcSoft
[2013/10/27 14:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2013/10/27 14:36:46 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\ArcSoft
[2013/10/27 14:14:19 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{F9174F16-053C-4D4E-9CDA-AE2A31ED24CD}
[2013/10/26 11:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/24 10:28:00 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\American Enterprise
[2013/10/24 10:27:38 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\American Enterprise Group, Inc
[2013/10/23 22:27:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/10/22 22:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/22 22:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/22 22:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/10/20 11:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ideazon Z Engine
[2013/10/20 11:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ideazon
[2013/10/19 12:27:31 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Ideazon
[2013/10/17 18:57:03 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{D6BB694C-0C44-4741-932F-5186EB6E16EC}
[2013/10/09 21:11:34 | 004,697,448 | ---- | C] (Garmin International) -- C:\Users\Scott\Desktop\GarminMapUpdater.exe
[2013/10/09 17:16:07 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Garmin
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/08 07:20:39 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/08 07:20:39 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/08 07:13:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/08 07:13:12 | 2146,275,327 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/07 13:26:47 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\Realm Works.lnk
[2013/11/07 10:32:40 | 000,783,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/07 10:32:40 | 000,663,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/07 10:32:40 | 000,122,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/06 21:42:39 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Hero Lab.lnk
[2013/11/04 16:17:48 | 000,000,991 | ---- | M] () -- C:\Users\Scott\Desktop\d20Pro - Shortcut.lnk
[2013/11/04 15:20:20 | 000,001,070 | ---- | M] () -- C:\Users\Scott\Desktop\PF Router Detector.lnk
[2013/11/04 15:13:38 | 000,001,898 | ---- | M] () -- C:\Users\Scott\Desktop\Portforward Setup Static IP Address.lnk
[2013/11/04 13:30:53 | 023,677,675 | ---- | M] () -- C:\Users\Scott\Desktop\d20ProInstaller_3.3.4.exe
[2013/11/03 20:45:32 | 000,001,193 | ---- | M] () -- C:\Users\Scott\Desktop\Inspiration Pad Pro 3.0.lnk
[2013/10/24 10:27:38 | 000,000,358 | ---- | M] () -- C:\Users\Scott\Desktop\MyEnroller.appref-ms
[2013/10/23 05:30:23 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013/10/23 05:30:23 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013/10/23 05:30:23 | 000,023,287 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/10/23 03:20:03 | 003,426,956 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/10/22 22:06:41 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/21 15:00:25 | 000,006,187 | ---- | M] () -- C:\Users\Scott\Desktop\Coventry WV Directory 2014 - Shortcut.lnk
[2013/10/13 20:19:52 | 000,003,413 | ---- | M] () -- C:\Users\Scott\Desktop\UHC replace list 2013 - Shortcut.lnk
[2013/10/10 11:19:23 | 000,418,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 09:27:05 | 000,777,034 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/10 09:15:37 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/09 21:12:20 | 004,697,448 | ---- | M] (Garmin International) -- C:\Users\Scott\Desktop\GarminMapUpdater.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/04 16:17:48 | 000,000,991 | ---- | C] () -- C:\Users\Scott\Desktop\d20Pro - Shortcut.lnk
[2013/11/04 15:20:20 | 000,001,070 | ---- | C] () -- C:\Users\Scott\Desktop\PF Router Detector.lnk
[2013/11/04 15:13:38 | 000,001,898 | ---- | C] () -- C:\Users\Scott\Desktop\Portforward Setup Static IP Address.lnk
[2013/11/04 13:30:26 | 023,677,675 | ---- | C] () -- C:\Users\Scott\Desktop\d20ProInstaller_3.3.4.exe
[2013/11/03 20:45:32 | 000,001,193 | ---- | C] () -- C:\Users\Scott\Desktop\Inspiration Pad Pro 3.0.lnk
[2013/10/24 10:27:38 | 000,000,358 | ---- | C] () -- C:\Users\Scott\Desktop\MyEnroller.appref-ms
[2013/10/21 15:00:25 | 000,006,187 | ---- | C] () -- C:\Users\Scott\Desktop\Coventry WV Directory 2014 - Shortcut.lnk
[2013/10/13 20:19:52 | 000,003,413 | ---- | C] () -- C:\Users\Scott\Desktop\UHC replace list 2013 - Shortcut.lnk
[2013/08/14 17:15:39 | 000,000,258 | RHS- | C] () -- C:\Users\Scott\ntuser.pol
[2013/03/25 12:11:17 | 000,000,093 | ---- | C] () -- C:\Windows\SysWow64\Transware.ini
[2012/11/01 09:00:31 | 000,060,864 | ---- | C] () -- C:\Users\Scott\g2mdlhlpx.exe
[2012/10/26 23:01:46 | 001,623,320 | ---- | C] () -- C:\Windows\SysWow64\nmNsp.dll
[2012/10/26 23:01:46 | 000,177,944 | ---- | C] () -- C:\Windows\SysWow64\CESpy.dll
[2012/02/17 21:24:54 | 000,186,880 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/02/17 21:24:54 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/02/17 21:24:54 | 000,002,169 | ---- | C] () -- C:\Windows\XENcfg.ini
[2012/02/17 21:24:54 | 000,000,388 | ---- | C] () -- C:\Windows\XENMCcfg.ini
[2012/01/27 17:03:48 | 002,219,520 | ---- | C] () -- C:\Windows\SysWow64\authServer.exe
[2012/01/24 22:49:51 | 000,007,602 | ---- | C] () -- C:\Users\Scott\AppData\Local\Resmon.ResmonCfg
[2012/01/06 23:34:42 | 000,103,720 | ---- | C] () -- C:\Users\Scott\GoToAssistDownloadHelper.exe
[2012/01/06 23:26:26 | 000,777,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/07 14:24:39 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 08:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 08:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 08:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/24 23:04:43 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Bioshock2
[2013/04/02 14:27:06 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Canon
[2012/10/26 23:01:04 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\CE
[2013/02/26 04:28:14 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\com.stoicstudio.TheBannerSagaFactions
[2012/12/26 13:36:33 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2013/06/15 14:57:13 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Curse Advertising
[2013/11/08 07:12:23 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\DefaultTab
[2012/05/25 12:14:18 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Dropbox
[2013/08/14 00:49:10 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Fatshark
[2012/08/17 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\GameFly
[2013/10/09 21:12:26 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Garmin
[2012/10/09 13:45:26 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\ICAClient
[2013/10/19 12:27:31 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Ideazon
[2013/08/20 13:01:16 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Leadertech
[2013/09/06 15:33:32 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Lone Wolf Development, Inc
[2013/09/06 15:34:40 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\LWD Technology, Inc
[2013/02/24 09:29:09 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Might & Magic Heroes VI
[2013/11/03 20:45:39 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\NBOS
[2013/09/20 22:33:35 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Origin
[2013/11/04 15:20:31 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\PFRouterDetector
[2013/11/04 15:15:23 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\PFStaticIP
[2013/06/19 01:30:23 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\RIFT
[2012/03/15 13:55:11 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\RotMG.Production
[2013/08/09 11:26:28 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\SC2MM
[2013/04/19 22:29:14 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Sony Online Entertainment
[2013/05/03 21:26:45 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Stardock
[2013/04/20 22:12:10 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\StarDrive
[2013/07/20 23:12:13 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Sword of the Stars - The Pit
[2013/03/25 11:54:11 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\TeamViewer
[2012/09/29 15:19:04 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\TuneUp Software
[2013/06/14 13:04:49 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\webex
[2012/01/10 15:45:55 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\x3watch

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 22:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 00:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 22:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 22:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 22:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/08/12 13:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/08/12 13:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 22:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 22:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 22:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 22:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 22:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 22:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 22:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 22:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 22:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 22:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 22:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 22:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 22:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 22:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 22:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2012/08/21 08:09:40 | 000,219,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 22:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 22:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2013/09/03 08:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.DOC >
[2010/03/19 09:39:16 | 000,095,744 | ---- | M] () MD5=6C1CA8D3BD5844D7E2057CE40A773655 -- C:\Users\Scott\Documents\LWS Documents For Word\Website info\Services.doc

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< End of report >

Thanks again.
  • 0

#5
ScooterPA

ScooterPA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Forgot to add this:

OTL Extras logfile created on: 11/8/2013 12:26:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Scott\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.51 Gb Available Physical Memory | 68.87% Memory free
16.00 Gb Paging File | 13.23 Gb Available in Paging File | 82.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 388.82 Gb Free Space | 41.75% Space Free | Partition Type: NTFS

Computer Name: SCOTT-PC | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C0F6CE-8D1A-4BD8-A5B9-5B2DDCAF7B56}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{020831E8-DBB0-4DFC-85DA-64BC9178B087}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{097A0ED0-E2A5-438B-92FF-7CC8C229ADEB}" = lport=139 | protocol=6 | dir=in | app=system |
"{2EF90B74-88B0-40DD-A53F-4930DFCFC4DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{342B2EDC-FCC2-4120-93B6-F7E653E8D61A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4546D778-35D5-43AC-A362-BAC7024D5003}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{4B99789C-CC2E-4A95-81C9-D6E600A590FB}" = lport=137 | protocol=17 | dir=in | app=system |
"{59CE9ED5-E4DF-4C01-9F55-B243297E604D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5BCBE92F-39F1-4B81-891A-D19AC5A9B50B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5BE316B0-8F1D-4BBE-9416-366239D47789}" = lport=10243 | protocol=6 | dir=in | app=system |
"{60AF7657-A6EC-4BBD-95BB-A77F14C69505}" = rport=445 | protocol=6 | dir=out | app=system |
"{64984090-E92E-4D88-B7B2-D005B11499DC}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{6503294D-4827-4048-B470-5E0F30DB075F}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{6EE77AE3-97EA-4481-8F08-C8233C6F71E7}" = rport=139 | protocol=6 | dir=out | app=system |
"{6FA54FAF-B758-4617-A701-52F3A1E5484C}" = lport=10 | protocol=6 | dir=in | name=d20pro |
"{7B52608A-6DAF-4B80-9B96-CFD812917959}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{8F02EC4C-527C-48F0-9AC2-FB16B6FE46CA}" = rport=137 | protocol=17 | dir=out | app=system |
"{9061F286-829F-4A15-87B0-4FDF388CDA23}" = lport=138 | protocol=17 | dir=in | app=system |
"{93DF761A-FDC4-48BE-8A06-ACE59B0B07BD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{94F50C25-DA63-40EA-8DC9-8E3544E871C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2413395-0B7D-43AB-8AB0-924033F52B33}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A6EEA5C6-BDE3-450F-99F8-2F4FA82680D8}" = rport=138 | protocol=17 | dir=out | app=system |
"{B44EC144-2B21-418A-85A9-BFFD9C7BA731}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{BEF50357-BD7D-4E65-971C-AD10670851DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF709645-F723-4C09-8BB1-93C2A423CC8B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6782C42-5A92-403E-991E-BC8D83F6CECD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DB39451E-0B54-44B3-85F2-B3713C0C2425}" = lport=445 | protocol=6 | dir=in | app=system |
"{DC8FCDC3-FF54-4DF7-90C3-D194FADB99BB}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{DE175AF2-BA5F-411A-B04B-4F17A629881E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E078B5C5-506C-4041-9256-F6DA489D8E24}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{E7172945-8837-47C1-9DCF-F83021069564}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E742578A-37EC-4279-AA2B-B9E08F718252}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EE09CC5A-73C6-4DE4-8BAC-3F02319D168F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008EB885-4423-40FD-874F-C59F247592D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"{03159A3F-44B6-4B0B-BB8C-3CDCE7436C77}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{0332F240-EAE6-4CC2-8ADF-024CB4A0D6A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{08F9A327-2D5B-4B40-BB86-0F3FE02C2444}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander forged alliance\bin\supremecommander.exe |
"{0A3B1F6F-5988-44A6-82FE-B5FB53C53CCB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{0BAA470F-8F31-45B8-AE2D-7E2E61BBA8BA}" = protocol=6 | dir=in | app=c:\program files (x86)\hero lab\herolab.exe |
"{0C1D7F78-2AAD-433F-B5D1-AE3AB233F938}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{103492EE-5562-4FB9-B73B-AC105B7EA269}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10E41B4B-2CFD-49AE-98A4-1A8F535BE744}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{11CBD1E7-AA8C-4447-A8C3-6FE7ECC76A66}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{12F88E8B-E01F-4E69-BEEC-9241D1023691}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
"{133F8DF1-92C2-44B3-AD10-148F9AA3FCC3}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
"{151FA36A-C679-4542-BF2E-9F31F982E6A8}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\dead space 3\deadspace3.exe |
"{1635D3FD-42BC-45F3-BB95-E3F0948202DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{1B65F0AB-FC72-4ED8-A88F-4769B6DE790E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{1B89CF53-3DE3-4603-922A-972BC18ED5DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\binaries\moh.exe |
"{1FAA7626-FFFC-4C05-8C36-818378943C67}" = protocol=6 | dir=in | app=c:\program files (x86)\realm works\realmworks.exe |
"{23D9409C-2EE4-4D5A-8FF1-DBEBFA19BADF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane\support\ino_co_com.url |
"{244782B4-5AA5-4181-98A7-45F42E4B2703}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
"{245D9DA7-82AE-4564-8E8B-FE570634910A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{25D497ED-FE28-4CCD-AF0F-797855B079E7}" = protocol=58 | dir=in | [email protected],-28545 |
"{261A7754-6780-42A0-9B7E-2A49EE84AFA5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe |
"{281264E2-F0A9-4717-9624-E26063D4AC83}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{2AAC88F5-E7F9-4431-BBDF-E4DA19747DE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"{2B5DBBA4-C7ED-42A6-82C2-13BB240E5FA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 tiberium wars\support\ea help\electronic_arts_technical_support.htm |
"{2DF3ACFB-3613-49AA-AD0D-D6FA18C71AEA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{2FF54862-0DCB-42A8-AB12-3E6234CAC294}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{30AA8BEC-6C9B-4233-A41A-33A374D47255}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{30C2A8C5-1258-4E83-93B3-032903694206}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{334A3495-31F8-4765-B7AE-B12203E943F1}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
"{35ED513C-2741-47D1-9DDC-C5520A1E33E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
"{36F9419A-1344-4CCB-BE93-8B6EE00F8D72}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{3788252D-9C7D-4A19-ACE4-93F2170261F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{37B9B4FF-00E6-4A93-B35D-B15984B98852}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{39FCEAD8-37B4-43F5-8548-54C8BBAC4BB5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{3F290ACB-60C0-4848-B682-39013D100ED8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{400ED1F6-1E52-46D9-A125-6FCCEE60504C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4110F2C6-F3BF-4CFD-B85A-814E8E05E10B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{41949529-6B98-4450-803F-327208A435E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{430C2A84-686D-4BC5-A02C-E8C5D5B1FAF5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe |
"{474748EE-3C41-4EB9-9EF0-116EDFA780AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fe legendary heroes\legendaryheroes.exe |
"{474F3568-53A2-4C04-B23F-8877DBC3799C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{475D35D7-B299-4194-8360-73A3D1FBA4A7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{49A21A78-2958-449F-A8FA-7CB18C9F50D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |
"{4C304A0A-BD52-4BE6-82E9-6A8EA77EFA5C}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivboot.exe |
"{4E1B4812-A4D8-428A-8AB9-677F0E315F86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4EDD12FD-01A4-4256-916F-8C09DDB1156B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{4F6FCC3A-D7B9-4575-AD0A-E468918AADDC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{4FA2D211-55C6-4B0E-A1C3-7DB9CCBB5DCE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{52802EA7-7DF5-4F19-8A95-7EE12F0A1541}" = protocol=1 | dir=in | [email protected],-28543 |
"{55D84835-E789-4A16-B4D9-53D15D283707}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{57E693CE-0ED7-44F7-B4AF-82ACEE48E0A6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{58E1CCE9-53D3-414F-BD86-9689CC6AD1EB}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{5B6D8928-2EBA-4C48-9AA2-572A162642A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander forged alliance\bin\supremecommander.exe |
"{5B846BBB-EC4B-425A-A2C9-671B5587E9A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 tiberium wars\cnc3.exe |
"{5C70F04F-7047-42C0-87A3-10991F2C96CA}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\fallenenchantress\fallenenchantress.exe |
"{6127F764-F5EB-4C66-939F-F2610AA7F349}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane\game.exe |
"{61897E7D-1690-4720-B48C-A93B1DFD4077}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane\support\ino_co_com.url |
"{650C7C3E-906C-4713-8893-EF9AAEC331CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eador. masters of the broken world\launcher.exe |
"{65F6C16A-0646-40CE-B7FB-7AB6DC1247D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 - kane's wrath\cnc3ep1.exe |
"{66EBED23-E0E7-42C1-9102-8DBCBF59919E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{682EE26D-FA6A-42C1-A076-4BEE4979E1E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{6A007291-1116-4E17-BEC9-D7BE2F0276B7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{6E586169-79A0-4CDA-BFDA-F847C6DE4293}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{6FF15198-66DC-45C1-BB32-3D2569DA5F47}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane\support\game.url |
"{717EE988-60D2-4DFF-BF19-7A3CF6C171AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane\game.exe |
"{71EC1ABE-4F6C-4537-83B2-FAC8A41BE803}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane\support\paradox.url |
"{72850E13-A41D-49A1-851C-994A30C2C6CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{73E62CFC-CF5A-46E9-B3C9-FA6E9D33B077}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7498F5F5-3686-40AC-8604-695505CAF516}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{74B11FBA-BA58-43EC-B37E-FC7E58DC961E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 - kane's wrath\support\ea help\electronic_arts_technical_support.htm |
"{77E8A906-DB96-4FF0-A87C-A1052FE0B8DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{7C6B1A57-63F9-4E14-8D3B-3A191DD82723}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
"{7DA983CE-1F59-4561-B6F1-D3D2CA640894}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{82746AF1-F83F-40CE-9C04-B0E0EA7EEE6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
"{84205B47-5D3D-4A78-B147-CBEAF4D919CA}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\fallenenchantress\fallenenchantress.exe |
"{85A6344B-00D4-4F8D-8165-28F5278F6E09}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{8845B5B8-1BD6-4F64-B0A4-563435D0C025}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8BD7F0AC-FBAA-4F79-B20D-CB6B27DEC45C}" = protocol=6 | dir=out | app=system |
"{8C063047-A873-4AF2-B25D-E7DBE12575B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander\bin\supremecommander.exe |
"{8C1BE2B1-C592-47BE-B0CB-E40F9CC8D801}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C4F99A4-FDA0-4459-B3F8-128C87E926AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{8DA80F23-81A1-4F26-8A4B-A9D3EE7C0E06}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\binaries\moh.exe |
"{8EBED611-DD60-4B18-8244-C531D5C52F22}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{93E92959-16B3-4E34-9A14-DA64CDDEDDF2}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivboot.exe |
"{97736311-86D5-41BF-8E30-0B2C95DB9BFA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9B986369-213A-46E2-A935-2F2CD9FF26B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe |
"{9D63D29E-5034-4EBD-A0AD-8DB0DFA84EB4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{9E09003E-D606-4E5F-BBC1-ADBD98DA38AF}" = protocol=17 | dir=in | app=c:\program files (x86)\realm works\realmworks.exe |
"{9F9B59F0-C1D4-4F03-903F-BD545FA2F51B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 - kane's wrath\support\ea help\electronic_arts_technical_support.htm |
"{A2CE2911-1476-4E85-B49F-C2F2919DAE8D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A5FBE370-5CB1-4058-9322-18DDA16ACB54}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 - kane's wrath\cnc3ep1.exe |
"{A7D3D40D-54C7-43D5-A3E2-70F3D1C910E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A96CAB6A-64A8-4BA9-AB1C-225D3775C7B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{AB190588-0CC0-4642-A9AE-2EFEAE6FF058}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{ABD6C29B-8D64-4BCB-A9C6-BC542F13583E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AE1F056E-529E-42B9-A672-5DC2EF167DD1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane\support\game.url |
"{AF89B646-0A0A-40D3-8E4D-F36EED9F085C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{AFCD5874-E0D7-43CA-8EE9-51A4F42D2978}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{B1DE2F17-FD2F-4C0A-8BE3-52498D962C33}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivlauncher.exe |
"{B75493EB-010D-4315-B803-F629AC62A5DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
"{B8FE7B27-D032-4527-9B3B-E95140D83A28}" = protocol=1 | dir=out | [email protected],-28544 |
"{B9BAEA7F-B1B0-4630-9821-D7DC7D85CA36}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE656A58-C8E2-4BB6-ABF7-AD53075EE7FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{C00DC01A-D1D0-464D-BDDC-A40AF0AAC4DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"{C0E9F673-2C6D-4F5B-80AE-DC40287CFD2A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{C2478AC1-3C59-4469-B5EF-FB34415DEC8E}" = protocol=17 | dir=in | app=c:\program files (x86)\hero lab\herolab.exe |
"{C7BF5396-873A-4927-92EF-9517442EFDB7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander\bin\supremecommander.exe |
"{C9D49F6E-06DD-42D2-8821-61A247085ED7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{CA0175B6-907F-4CBE-B806-E39A48BB9E8C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CCCC0CBF-0FEE-4F29-8AEF-A496F85969F1}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{CF3A0038-65F3-4F60-87F9-B42C84AA6E69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF3C90CF-EA21-4D89-8ADF-E35B3CB6291A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{D15906D2-729C-4388-BF47-FD20A8A4A633}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe |
"{D1C5A51F-864B-4234-84F9-CF40D5838A57}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D256999E-CD24-4D0F-8811-47EDE1D2D8E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D39FE071-0719-494F-A776-3DFF163E21C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D5B2EDFE-B23F-494E-9C74-EB494E83C7AD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{D62486E0-2962-4B44-AD6A-95F78695724C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe |
"{D804F8D3-933F-48D8-BD0D-A3E4E1A2CB86}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{D9FB8123-C499-4C3D-B5F3-2D4416879FFB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 tiberium wars\cnc3.exe |
"{DB1A6126-A89A-4C01-A7AB-4441B4C951C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe |
"{DC0C4D24-45E6-4054-8713-238254B84223}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{DF395F07-1416-4657-9648-081AF1882D6B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warlock - master of the arcane\support\paradox.url |
"{DF4A86AE-BE19-4DDA-8A50-8FEFDC9F6CD7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E1AA51D1-1CB1-47BC-B00B-2DC4514C4F31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{E1F5F889-8222-4780-A30E-1F38D42753B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2099AEC-EBC4-461A-AFE2-0C46554756AD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E45A91C4-437D-44F5-A754-FC8DBE9866CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{E72ED941-4FF5-4C9A-BDF5-75288BA935CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 tiberium wars\support\ea help\electronic_arts_technical_support.htm |
"{E8A28732-FC9D-4B19-B20B-D41BC1B21EC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{E9BCB0CC-A212-42C3-A8B7-61FEA9D21BB8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fe legendary heroes\legendaryheroes.exe |
"{E9E56562-490D-43BA-A100-59CA70AF1445}" = protocol=58 | dir=out | [email protected],-28546 |
"{EA2EB252-25CB-4D61-B65D-C687BAA29717}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eador. masters of the broken world\launcher.exe |
"{EBEC5AC9-E971-4C44-AD20-0C4537746626}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F041D265-4215-4BDA-BC0B-B7BB7DC917AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F253BB63-4A62-44DF-8287-3D834F060CAF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{F2A07E77-80A1-4A1E-8C38-3F0E51EBF4EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{F3653FFA-A42A-437C-84B7-2E617EFC740C}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F3FD0F3F-20D5-433C-92F7-73A094E0E50A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{F794ED35-974A-40B6-BEFA-E51F394509EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"{F9069E1F-B45F-4477-A704-DFFDB157544F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe |
"{FA4F96C2-499C-4C47-95E8-FBB0A62E9A38}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{FA6FACDA-ADC9-4957-8DFC-5F90855B0FCE}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivlauncher.exe |
"{FBEB2493-7BA2-480C-992B-00022497DAC5}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\dead space 3\deadspace3.exe |
"{FEE91017-1345-4735-8008-C0555B3E246E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |
"TCP Query User{20912D58-7CED-4A42-A716-89B38203A3D6}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"TCP Query User{26491A76-0A25-4560-9005-EE542ECB6BF6}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"TCP Query User{3CD724EE-ECC4-45C5-A4DD-61A9928042D7}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |
"TCP Query User{4283A7F0-1958-4C73-B7AA-0304316F27B7}C:\program files (x86)\sega\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sega\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"TCP Query User{6DB8D6FC-6669-4FA8-B6BA-FFCCD8AF81B9}C:\users\scott\downloads\nw.1.20130225d.1.exe" = protocol=6 | dir=in | app=c:\users\scott\downloads\nw.1.20130225d.1.exe |
"TCP Query User{6EEFFDDF-655C-47A3-B8A9-B9BD5F94E080}C:\program files (x86)\steam\steamapps\common\dawn of war gold\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40kwa.exe |
"TCP Query User{7B889982-9FB9-4852-9773-71BC822557BE}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"TCP Query User{96447A8A-333A-4AB5-AACE-B2B13F61BCCC}C:\program files (x86)\forged alliance forever\faforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\forged alliance forever\faforever.exe |
"TCP Query User{A723250B-33E8-49FE-8F77-EFC68181F0FD}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"TCP Query User{C5108E66-CBF7-43F9-89FD-45163162B194}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{DD8F95C4-8F39-4BF0-A209-E7B68DB080FD}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{E2DC645C-C1C8-4706-99E2-23294381BF86}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{E478F6EF-AC72-4049-BAB0-D8E61E427CF8}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe |
"TCP Query User{EB6F8EF9-22BC-4A61-92A9-AE3072363EA2}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{001C88DE-DA98-46D6-AC77-87117300DF82}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{0610792B-4CD2-4167-9DC0-FD7C65F78B9B}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"UDP Query User{121E7836-1BFF-4E14-A5C4-7DBED368EC90}C:\program files (x86)\forged alliance forever\faforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\forged alliance forever\faforever.exe |
"UDP Query User{64235200-A2F6-4B72-BEB5-17ABBC6508DF}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{751B94F7-A9DE-48CE-AFDB-316093AECB8E}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe |
"UDP Query User{8404B15C-1FD5-4B4F-AFC7-988530AD9E2C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{8411F756-97E5-49D6-9EF3-09F5AA2D284B}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{92B7F416-B4A3-4551-88E0-62C2F2E03E71}C:\program files (x86)\steam\steamapps\common\dawn of war gold\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40kwa.exe |
"UDP Query User{B4F87738-2E93-4415-87EB-B6DDFA7CCA68}C:\program files (x86)\sega\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sega\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"UDP Query User{B90DAAC0-BDBC-44A8-8252-01E3DA839A1A}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{BCD636C4-4569-42CC-BEF6-4E0A3298E3C1}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"UDP Query User{DC41BA53-8C45-4EE7-8C92-8938C7231191}C:\users\scott\downloads\nw.1.20130225d.1.exe" = protocol=17 | dir=in | app=c:\users\scott\downloads\nw.1.20130225d.1.exe |
"UDP Query User{E868B28D-2E48-4221-AFF3-0F6DE4697A06}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe |
"UDP Query User{F9250C7B-0762-4906-9D2D-A44ED7059203}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX450_series" = Canon MX450 series MP Drivers
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{37D0157F-45C6-4DB2-9AE5-489DD98CE169}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"Logitech Gaming Software" = Logitech Gaming Software 8.46
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{179D2C84-DC54-4215-8E19-5BA4F6C51168}" = Forged Alliance Forever
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2226247D-9846-4370-A1EF-FAA6958F7632}" = Sound Blaster Tactic(3D) Alpha
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}" = FINAL FANTASY XIV - A Realm Reborn
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.5.8
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}" = IHA_MessageCenter
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AC5ED2E-2936-4B54-A429-703F9034938E}" = Covenant Eyes
"{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}" = Z Engine
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73750E8F-0277-4EF7-AD90-7723B5C0A8B8}" = Elemental: Fallen Enchantress
"{760AA190-82DF-4A80-BE05-B9FEEC88946D}_is1" = Hero Lab 4.2d
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B605BCA8-66EE-4C9C-8C19-069EDC073707}" = GameFly
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7467213-F83A-450D-93B1-DBA19B8D98E7}" = CC3
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF8DB5-B45E-4b05-90BE-D02AA6F45354}" = Firefall
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0B6D037-9DBE-4E1A-A17B-AAE0CA2C281C}_is1" = Realm Works 0.9.101.134 Beta
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse®
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3F6C75-D951-4DA1-9473-A802FA6FD8A3}" = Transamerica Life Products Illustration System - TransWare MLSR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battle for Wesnoth 1.10.5" = Battle for Wesnoth 1.10.5
"Belarc Advisor" = Belarc Advisor 8.2
"Canon MX450 series On-screen Manual" = Canon MX450 series On-screen Manual
"Canon MX450 series User Registration" = Canon MX450 series User Registration
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CanonMyPrinter" = Canon My Printer
"Capsule" = Capsule
"CC3" = CC3
"d20Pro" = d20Pro
"Diablo III" = Diablo III
"Elemental: Fallen Enchantress" = Elemental: Fallen Enchantress
"EQ2MAP Updater" = EQ2MAP Updater 1.2.10
"Freemake Audio Converter_is1" = Freemake Audio Converter version 1.1.0
"GameFly" = GameFly
"GOGPACKMM7_is1" = Might and Magic VII - For Blood and Honor
"GOGPACKMM8_is1" = Might and Magic VIII - Day of the Destroyer
"GOGPACKWIZARDRY8_is1" = Wizardry 8
"Guild Wars 2" = Guild Wars 2
"Impulse®" = Impulse®
"Inspiration Pad Pro_is1" = Inspiration Pad Pro 3.01a
"InstallShield_{FF3F6C75-D951-4DA1-9473-A802FA6FD8A3}" = Transamerica Life Products Illustration System - TransWare MLSR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Origin" = Origin
"PDFCanvas V1.5" = PDFCanvas V1.5
"PFRouterDetector" = PFRouterDetector 1.0.10
"Portforward Static IP Address" = Portforward Static IP Address 1.0.47
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Diplomacy" = Sins of a Solar Empire - Diplomacy
"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment
"Sorian AI Mod_is1" = Sorian AI Mod 2.1.2
"Speed Dial Utility" = Canon Speed Dial Utility
"StarCraft II" = StarCraft II
"Stardock Fences 2" = Stardock Fences 2
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 17410" = Mirror's Edge
"Steam App 17470" = Dead Space
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 200710" = Torchlight II
"Steam App 201790" = Orcs Must Die! 2
"Steam App 203630" = Warlock - Master of the Arcane
"Steam App 204880" = Sins of a Solar Empire: Rebellion
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II - Chaos Rising™
"Steam App 22380" = Fallout: New Vegas
"Steam App 228260" = Fallen Enchantress: Legendary Heroes
"Steam App 232050" = Eador. Masters of the Broken World
"Steam App 24790" = Command and Conquer 3: Tiberium Wars
"Steam App 24810" = Command and Conquer 3: Kane's Wrath
"Steam App 42170" = Krater
"Steam App 4570" = Warhammer 40,000: Dawn of War Gold Edition
"Steam App 4580" = Warhammer 40,000: Dawn of War – Dark Crusade
"Steam App 47790" = Medal of Honor™ Single Player
"Steam App 47830" = Medal of Honor™ Multiplayer
"Steam App 550" = Left 4 Dead 2
"Steam App 56400" = Warhammer® 40,000™: Dawn of War® II – Retribution™
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8870" = BioShock Infinite
"Steam App 9310" = Warhammer 40,000: Dawn of War – Winter Assault
"Steam App 9350" = Supreme Commander
"Steam App 9420" = Supreme Commander: Forged Alliance
"SysInfo" = Creative System Information
"The Secret World_is1" = The Secret World
"VzInHomeAgent" = Vz In-Home Agent
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"World of Warcraft" = World of Warcraft
"XiphQT" = Xiph QuickTime Components

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Amazon Amazon Cloud Player" = Amazon Cloud Player
"e101228d1cec143a" = MyEnroller
"GoToMeeting" = GoToMeeting 5.9.0.1216
"RIFT" = RIFT
"SOE-" = gamelauncher-ps2-live
"SOE-C:/Users/Scott/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-EverQuest" = EverQuest
"SOE-EverQuest II" = EverQuest II
"SOE-LegendsOfNorrath" = Legends of Norrath
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/9/2013 8:04:53 AM | Computer Name = Scott-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 7/9/2013 8:06:18 AM | Computer Name = Scott-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

Error - 7/10/2013 12:41:29 PM | Computer Name = Scott-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

Error - 7/10/2013 4:57:08 PM | Computer Name = Scott-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

Error - 7/11/2013 10:45:31 AM | Computer Name = Scott-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

Error - 7/12/2013 9:24:42 AM | Computer Name = Scott-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

Error - 7/13/2013 10:19:16 AM | Computer Name = Scott-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

Error - 7/14/2013 12:12:37 PM | Computer Name = Scott-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

Error - 7/15/2013 11:40:36 AM | Computer Name = Scott-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

Error - 7/16/2013 12:20:40 PM | Computer Name = Scott-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

[ System Events ]
Error - 11/2/2013 11:21:37 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.0.1 service failed to start due to the following
error: %%3

Error - 11/3/2013 10:59:03 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.0.1 service failed to start due to the following
error: %%3

Error - 11/4/2013 10:33:14 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.0.1 service failed to start due to the following
error: %%3

Error - 11/5/2013 10:34:13 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.0.1 service failed to start due to the following
error: %%3

Error - 11/6/2013 11:51:13 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.0.1 service failed to start due to the following
error: %%3

Error - 11/7/2013 11:28:31 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.0.1 service failed to start due to the following
error: %%3

Error - 11/8/2013 8:13:32 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.0.1 service failed to start due to the following
error: %%3

Error - 11/8/2013 8:13:47 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 11/8/2013 8:13:47 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 11/8/2013 8:14:17 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Search service, but
this action failed with the following error: %%1056


< End of report >
  • 0

#6
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,911 posts
Hi ScooterPA, :)

Did you installed the software called Covenant Eyes?

I can't remember where I downloaded the program tbh. It was probably one of those big flashy green buttons that I should know better than to click.

In future try to always download from the official site. :)

  • Step #1 Fix with AdwCleaner
    Download : ADWCleaner to your desktop.

    NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

    Close all programs and click on the AdwCleaner icon.

    Posted Image

    Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

    The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

 

  • Step #2 Scan with RogueKiller
    Delete the RogueKiller icon from your Desktop.
    • Download Rogue Killer from one of the suitable links below to your Desktop. Since you are running a 64bit system, choose the second link. :)Download link for 32 bit system
    Download link for 64 bit system
  • Let the pre-scan finish. After that click on Scan;
  • The scan won't take long;
  • A log has been created on your Desktop;
  • Copy and paste the content of the log in your next reply.

 

  • Step #3 Scan with Security Check
    • Download Security Check by screen317 to your Desktop from any of the following location;
    • Link 1
    • Link 2
  • Right click on the program and choose Run as Administrator;
  • After the checking a log will appear;
  • Copy and Paste the content of the log in your next reply.

 

  • Required Log(s):
  • AdwCleaner log;
  • RogueKiller log;
  • Security Check log.

Regards,
Valinorum

Edited by Valinorum, 09 November 2013 - 12:36 PM.

  • 0

#7
ScooterPA

ScooterPA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
1. Yes I installed Coventry Eyes. Great program!
2. Here is the Adwcleaner log:

# AdwCleaner v3.011 - Report created 09/11/2013 at 15:22:37
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Scott - SCOTT-PC
# Running from : C:\Users\Scott\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Scott\AppData\Local\apn
Folder Deleted : C:\Users\Scott\AppData\Local\PackageAware
Folder Deleted : C:\Users\Scott\AppData\Roaming\DefaultTab

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKLM\Software\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\9vbcv316.default\prefs.js ]

Line Deleted : user_pref("lightweightThemes.usedThemes", "[{\"id\":\"356664\",\"name\":\"ANIMATED WATERFALL IN AN EMERALD GREEN R\",\"headerURL\":\"hxxps://addons.mozilla.org/_files/356664/PNG_H_AnimatedWaterfall_2.[...]

[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\x875vnyk.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [5371 octets] - [09/11/2013 15:20:44]
AdwCleaner[S0].txt - [5336 octets] - [09/11/2013 15:22:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5396 octets] ##########

3. I downloaded and installed RogueKiller but the pre-scan didn't place a file on the desktop so I ran another Scan and this is the report/file that was placed on the desktop:

RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Scott [Admin rights]
Mode : Scan -- Date : 11/09/2013 15:38:01
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST310005 24AS SCSI Disk Device +++++
--- User ---
[MBR] b0611b95c6b37b66f93c7e287db86c21
[BSP] 45131bc3d47a528a3d14eb6cc2caa29f : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_11092013_153801.txt >>


4. Here is the Security Check log:

Results of screen317's Security Check version 0.99.76
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Adobe Flash Player 11.9.900.117
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox 24.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Thanks again for all your help.
  • 0

#8
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,911 posts
Hi ScooterPA, :)

1. Yes I installed Coventry Eyes. Great program!

I think the program (Coventry Eyes) has been partially un-installed somehow as I have seen broken LSP chains which may warrant internet breakdown issue. I'd suggest you to completely un-install the program from the Uninstall list and re-install it if necessary after I declare your machine clean. Also, a note for you, while installing softwares from internet you may be asked to install additional third-party software. Most of the time they are bundled with adwares. If you are prompted to do this, simply opt-out. :)

Proceed through the steps after you have uninstalled the aforementioned software.

  • Step #4 Fix with OTL
  • Re-run OTL by right clicking and choosing Run as administrator;
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

    :Commands
    [createrestorepoint]
    :OTL
    O4 - HKLM..\Run: [NMSVC] C:\Program Files (x86)\CE\CovenantEyes.exe ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - CCESpy.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - CCESpy.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - CCESpy.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - CCESpy.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - CCESpy.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - CCESpy.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - CCESpy.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - CCESpy.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - CCESpy.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - CCESpy.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - CCESpy.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\nmNsp.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
    [2012/10/26 23:01:46 | 001,623,320 | ---- | C] () -- C:\Windows\SysWow64\nmNsp.dll
    [2012/10/26 23:01:46 | 000,177,944 | ---- | C] () -- C:\Windows\SysWow64\CESpy.dll
    [2012/10/26 23:01:04 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\CE

    :Files
    C:\Program Files (x86)\CE
    netsh advfirewall reset /c

    :Commands
    [CreateRestorePoint]
    [Emptytemp]

  • Click on "Run Fix" and let the program run unhindered;
  • Your PC will reboot automatically and a log will be opened;
  • Please post it in your next reply.
  • Re-run OTL and click on Quick Scan and post the log after the scan.

 

  • Step #5 Run ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista / 7 users: You will need to to right-click on the either the Internet Explorer or Firefox icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
    • Please go here then click on: Posted Image

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

    • Select the option YES, I accept the Terms of Use then click on:Posted Image
    • When prompted allow the Add-On/Active X to install.
    • Uncheck the box beside Remove Found Threats
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.


When The Scan is Complete:

  • If No Threats Were Found:

    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here


Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 

How is your system running?

  • Required Log(s):
  • OTL fix log;
  • OTL.txt
  • ESET scan log.

Regards,
Valinorum
  • 0

#9
ScooterPA

ScooterPA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I tried to complete the first step but copy/pasting the quoted part (minus the word quote =)) but when it re-started, I wasn't able to connect to the internet at all. My computer also popped up an error report saying that the Notification Service was disabled or something. Nothing seemed to be working so I restored it to a point prior to anything that we did this morning.

Thank you for everything that you have done up to this point but this has made me a bit nervous about proceeding as this computer is the lifeblood of my business and so I will simply take my computer to someone local here if I continue to have issues.

Again, thank you for your help.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP