Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Cant install internet explorer 10 Code 9c59 tryed a few things already

Started by nytmare , Nov 10 2013 11:34 AM

Please log in to reply

#1
nytmare

Posted 10 November 2013 - 11:34 AM

Member

Member
14 posts

Ive tryed installing it manually and through updates, it gives me error code 9C59.
Ive ran roguekiller, adwcleaner, and using eset online scanner atm, it hasnt finished but its picked up 8 threats so far. So hopefully i wont need this thread *crosses fingers* with a bit of luck. But doubt it lol.
Ive had this problem for a while now, and just never been bothered with it. But IE 9 has been running badly, so thought i should upgrade to 10..
Got told to run otl and post the resport so theres that.

OTL Extras logfile created on: 11/11/2013 3:35:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zer0\Downloads\Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

5.99 Gb Total Physical Memory | 3.83 Gb Available Physical Memory | 63.91% Memory free
11.98 Gb Paging File | 9.71 Gb Available in Paging File | 81.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 679.55 Gb Free Space | 48.64% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1002.08 Gb Free Space | 53.79% Space Free | Partition Type: NTFS

Computer Name: ZER0-PC | User Name: Zer0 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C0B5F7-51E5-4277-90E3-A9FD7F6DFED8}" = rport=45566 | protocol=6 | dir=out | app=%programfiles% (x86)\logmein hamachi\hamachi-2.exe |
"{0947967E-99BE-4494-A287-45E68FBE5508}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0AAAEE10-CE21-4DD1-B3F9-EE075E453156}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{11BD1FC8-5523-4DA4-A049-E1D5B7ABABB6}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{1BE9C614-8C13-4EE9-8CAF-692203FA7F56}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{246D692E-A975-494F-8F05-BADA2C80CFED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D2E53CE-D4F2-44FC-A610-25B8614F57C0}" = lport=445 | protocol=6 | dir=in | app=system |
"{2E63A9BB-2B5D-4E33-88E1-C9EACCBA31D2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E6AE712-809D-4932-8DC9-68431A318B69}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3160AEFD-25BC-42A8-9D33-A2B217BA64E6}" = lport=443 | protocol=6 | dir=in | name=hamachi |
"{38019C3F-2EDB-405C-8216-912CD5EB8935}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{3A4DDB81-CB4F-4D85-9D9F-5590EABB5077}" = rport=443 | protocol=17 | dir=out | name=hamachi udp |
"{3E39E225-6784-4176-A02E-57DEF96E9214}" = rport=45565 | protocol=17 | dir=in | app=%programfiles% (x86)\logmein hamachi\hamachi-2.exe |
"{40E0FC50-BFB4-44B3-B9F2-C80FD302EEA8}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{41150660-3F42-4872-A77B-BECFC783C8CE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{47AE2110-6BDE-4101-833A-0FFFB502A191}" = lport=137 | protocol=17 | dir=in | app=system |
"{4B82D219-8D2F-4C7B-8F38-EA16B43C56FA}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{4DBAFB4F-3488-4034-8617-B03C95DC95EF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{50A12341-7273-4C38-A2C6-B2AE7B86B60F}" = lport=6907 | protocol=17 | dir=in | name=league of legends launcher |
"{5331C356-FA28-4641-BF3C-E36AEAB8B1E6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56C0BB75-DC4F-43BD-904F-7C9B1C8909A8}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher |
"{587DF980-7D08-4FAE-AF28-0DF1A044265D}" = rport=45566 | protocol=6 | dir=in | app=%programfiles% (x86)\logmein hamachi\hamachi-2.exe |
"{66CFA3F1-7A12-43EA-A1F2-D4C27054D81B}" = lport=6907 | protocol=6 | dir=in | name=league of legends launcher |
"{6C769A8C-5747-4936-B053-5255649AA3FE}" = lport=6920 | protocol=17 | dir=in | name=league of legends launcher |
"{754E97DA-A2B1-400B-BB68-DF052A8154BF}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{78123970-9812-475C-9426-1F67796A5B87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7A3D918C-AB4B-467D-BF50-E4ECE851A156}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{7C753739-3A84-4500-80CE-3C47C1AEA462}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{7CD2A917-62D4-4D7C-B888-704F296001A9}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{7F0EE8E2-0EA4-401F-BD8D-6DE19C6B2F94}" = rport=139 | protocol=6 | dir=out | app=system |
"{8261F36B-D399-4809-AB8E-6EC667EA8D1C}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{84943745-3029-4CD2-9FEE-4712DD37FEAF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{88C5772D-7805-4A31-890A-DAFFD92D8777}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8F58CBB9-272A-4EE9-A04A-3149DF904BFF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9341694D-E58F-42DC-B9B8-B02D02C950D9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{94C9E538-2505-4558-8126-06692CCF4F92}" = lport=2869 | protocol=6 | dir=in | app=system |
"{951A3F5D-DCC3-4540-820C-EC0C68748D93}" = lport=6920 | protocol=6 | dir=in | name=league of legends launcher |
"{979FA352-E348-4A80-890D-362515229715}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{99761CA8-F3C4-461E-A0EA-7435CB62B098}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{9C63320D-8A5B-4CEC-8663-7DDD26AC4CEF}" = rport=445 | protocol=6 | dir=out | app=system |
"{9CEF0D15-E55C-47CE-85B4-872055CA914C}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{9DB7F271-86ED-4548-92DA-24AD40309D5C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F1FC913-A1C1-46A2-AF99-AB6E867E8501}" = rport=137 | protocol=17 | dir=out | app=system |
"{A5D2F15B-1A6C-4AFF-8359-E89CB6B10EE3}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |
"{A5E27C14-B871-466B-93E9-F4E1B943AEFA}" = lport=138 | protocol=17 | dir=in | app=system |
"{ADF2F8AE-DD6F-47D0-9CCA-5D2EDB5E40EA}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{B00D4482-5452-40C5-B346-48491F3467FF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B05C06D0-C311-41D6-B2DB-445376A185F7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BE1E82CE-830C-4F5E-96CC-C0F810B2D2F4}" = rport=45565 | protocol=17 | dir=out | app=%programfiles% (x86)\logmein hamachi\hamachi-2.exe |
"{C036EEC3-52AD-442D-8FAF-7D189F1FF0A2}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{C1F3EEB1-2700-4872-80CD-09A1A9E2D622}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{C48E499E-68C2-4944-8614-CB99EE7A5249}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D10849E9-99A9-44B7-8E7C-4BAE3B5AA077}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{D1F66421-DEAB-4534-BFBC-CED9EED5FF37}" = lport=443 | protocol=17 | dir=in | name=hamachi udp |
"{D68FCEE4-B170-42DB-8748-769302A39C19}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe |
"{D958D578-E4D2-4559-8FC0-D6CF6276CFA6}" = rport=443 | protocol=6 | dir=out | name=hamachi tcp |
"{DA4971CF-FAEA-46CB-9770-874A897035F4}" = lport=49201 | protocol=6 | dir=in | name=akamai netsession interface |
"{DD34090D-5A2C-442B-9744-023D3C1C3A58}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{E5C1034F-E3E7-40EF-91AD-4FCD99AC07DD}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{E5CA7B0D-C4B6-4274-BDF2-830C14E17713}" = rport=138 | protocol=17 | dir=out | app=system |
"{ED38294A-386C-4AA2-A9C3-3ED73CD09E3D}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{F736A0FD-1D42-40C0-9C6D-2A0EFA60A0B7}" = lport=139 | protocol=6 | dir=in | app=system |
"{F8C91331-5AAA-45CB-B9C7-97543C5EF313}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01629A38-9306-4E47-A899-E1F7808D9783}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{01729B7E-DD52-4747-9C06-C6CB9591D7F3}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2.exe |
"{02C8F397-DF7E-4202-B87E-E108E0B2C96B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
"{073B167A-A8D2-4578-92DE-D7103D1D7ECD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{07EE0C55-E039-40D7-AEE6-97054451A2F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{08928DC3-BC9C-43EC-BFDD-96C5ABE0FCC8}" = dir=in | app=%programfiles% (x86)\raidcall\raidcall.exe |
"{0A021298-8FC1-4D21-85CE-B5C7E0EF35E9}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{0AC54D71-8EFB-4EAC-BF40-76D06217C4F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{0D795ABF-7368-48BC-9618-BF500FE5FE4B}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{10117D0B-1D00-4081-8945-0AA6FA818612}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{10541624-BE5E-4B79-9EB6-79F73E71FAD4}" = protocol=6 | dir=in | app=c:\users\zer0\appdata\local\apps\2.0\l25bhjw6.gjw\3w9vyj8k.dnh\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\curseclient.exe |
"{10DC5615-EF54-4231-8318-EF730553076F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{11039964-B3F9-4692-8BCE-3ED0C68695F6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{12EB0B06-3383-46C2-83F9-0AF00E663EE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{161F624B-D4FD-42CD-9F9E-B930375405E1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{169E7E8F-1BA8-40F1-8781-BCF7CA895086}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 4\bf4.exe |
"{16D6FE99-0573-430B-AD17-D84448D4A72D}" = protocol=17 | dir=in | app=c:\users\zer0\appdata\roaming\spotify\spotify.exe |
"{18285A5F-631F-4CC7-B37E-DA13C2B7CF89}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{199B6ED5-7DE3-4475-93BF-86D6A3EB0BE3}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{1C69152D-BDB7-4FD7-B398-3E140076502B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1E07C016-3A0D-41BE-96C4-DADC4EB1E153}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{1E8F3445-CB56-4611-B76F-D8916B0202BA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{1EBBAA5C-31F6-4FDC-A2AB-C19F9D797E15}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{21B3899F-76A1-4D74-B7C6-DEF453357569}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{22EE129C-275B-4AA3-93DF-5A4243A9EC1A}" = protocol=6 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"{2D373841-A55D-48D6-8558-860C6A8EEA29}" = protocol=17 | dir=in | app=c:\hlserver\css\srcds.exe |
"{32BA5D52-8A85-480B-9B66-D800FDA017FD}" = protocol=58 | dir=out | [email protected],-28546 |
"{333A51F6-69CB-4A2B-943F-532548A9320A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forced\forced.exe |
"{36025BFB-7B4C-482A-9F1F-1B6CCDDA1515}" = protocol=17 | dir=in | app=c:\users\zer0\appdata\local\apps\2.0\l25bhjw6.gjw\3w9vyj8k.dnh\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\curseclient.exe |
"{3698A66E-C465-4258-866A-511BF1967DED}" = protocol=1 | dir=in | [email protected],-28543 |
"{387F0563-2E90-444D-B053-1FC4060D203A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{38A93D7D-D154-4A56-AEFA-A7DF8CC2CB58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{39F670D3-1E06-4392-8F87-A82D47B51D3E}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{3A782CCF-4EC8-4222-9A51-CF308A7CFD2C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{3E0EB66B-824A-4401-8E2E-7B55805BF632}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{41E6DFC8-8104-4BA8-909A-DD76F3ED87E5}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{423896BD-81DC-4BA7-B5AF-FFC8D60289EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{42566AFD-AE56-4689-B12D-3C0291E6A74E}" = protocol=1 | dir=out | [email protected],-28544 |
"{42E5B6B2-DCAC-4859-A68A-E078FB84BB5D}" = dir=in | app=%programfiles% (x86)\steam\steam.exe |
"{4424353B-5B39-41E3-9B93-F4642424DB70}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{444E4772-2449-43D4-BCF4-5E9098BAD5FE}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{44BE948C-9F0F-45AC-9CC7-628CC2577939}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{4A1FE4D5-A5AA-4017-9EE9-074A0627955C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E69FDDD-E7B1-47CB-877F-2AC06F2C83AA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4FBC27D0-A02C-4AA4-AA04-C779EB2606BC}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{50911FDA-5C4F-4B9A-9C96-CC857D7294B9}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{50CFEF23-B0CE-49A6-808F-4482BA7037B3}" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe |
"{5136D0F2-3849-4172-AB0E-20A29FD132D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52141175-C21E-4345-AEA9-47D3D3EA7235}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{570BAB43-4803-4B8C-B04A-7560C3DC20F9}" = protocol=58 | dir=in | [email protected],-28545 |
"{573ACABE-AECE-4ED5-80EE-2E62861B205D}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{59D09F87-599F-4679-8DE9-10D13E615C04}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5D686E28-B063-4E0C-AF75-2DA8CA630459}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forced\forced.exe |
"{62F22B10-41E5-4C1D-B9D6-9693AA8BBD00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{6547967D-6527-48E6-AF6F-F3EB32F40A14}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{66DA6EF4-5372-463E-848A-B382EE1380F4}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{671FFF68-93BA-46F1-995B-CC9E10F09B52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{67CCD15E-F380-402A-98DD-4E4343DECE4C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{68FBD092-8E35-4094-AFA8-8979817F2B03}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6A45577D-2995-482F-9184-C629092BD93F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{6AE42918-849D-427B-BBB2-BBDDE46BBFB8}" = dir=in | app=%programfiles% (x86)\raidcall\wizard.exe |
"{6AFFFF16-62C5-4FF2-9409-6BA5919FD62A}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2.exe |
"{6B2BEB14-509F-47C6-B42D-20B8C20C1A8F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6B6391BD-DA2F-469D-8D22-28E483346907}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{70113105-2C6E-4ACA-9424-2C0805202631}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{70617D1B-F45E-47F6-A090-B32597634143}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{7177AC59-F5F5-43C5-A3E8-ED39153A51BF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{73CC3FDC-B084-4825-9429-70BD4BFB5BC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77437A89-A199-407C-8822-A7FC41BE504B}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{7B086951-6DC9-4709-9CC6-3661745EE4A1}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{7E675CAB-F74B-46A0-8E48-08F878A74983}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{801E4538-1FDB-4A91-AD56-D4075565CA66}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{8096949A-8893-45E1-A8F5-81B473314711}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\simcity\simcity\simcity.exe |
"{82AB70CE-CF90-457C-9AC6-23168A9E1238}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
"{85B66029-3293-496F-B4CE-C3EB094AA884}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{8604B43F-F5B6-4E1E-8730-19FA6E7E098D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe |
"{8613CAE8-6B01-40E3-B276-BB8657869177}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe |
"{87DC8B26-23F6-494E-94BA-A9A93B5327D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{88F7DBFE-7F61-45DA-B349-EA5D3DD8D913}" = protocol=17 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"{891D6894-DF83-4371-9E45-32F0B26EDEB5}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{895597D8-0F2B-4BD7-B8DE-4CCC43E4FCDA}" = protocol=17 | dir=in | app=c:\users\zer0\appdata\local\akamai\netsession_win.exe |
"{8B54A242-C950-4FF1-834D-AF6CD93763FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{8DE852F2-1DAE-4D76-A4F3-2F6CB403154D}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{8F68D9D1-E35C-4553-B0EB-D9578637173E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{8FEAD48D-2C32-4EB0-B3AE-D05AAC2DEC35}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90290388-A9FD-4309-B551-364AF8ED2AE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{9035F202-56BB-47DC-AFC6-29699AE276D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{91E4BCB5-BCF4-4316-BBA5-A249D5B51C2C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{94477D1C-342C-4819-BDDE-AE4762974F6C}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{9614A188-2B4A-44A7-A3F9-51FD4FD81FD2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{96D84CBB-1EDA-4A59-8063-589789616A9F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
"{97B50117-E2D9-4FAA-B4D1-15AF71A06878}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{98C43030-7282-4627-944D-F4B164997537}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{998B08DC-D35F-465E-A463-3BC80B542301}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{9B0DEC27-0E47-4B78-B0B7-D331F33CFF4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{9C3D47BF-6ABF-43F2-AF39-FD763FF45572}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A82230F4-7ACA-479F-B5CA-C6CC26E67407}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A9073697-B185-4D24-903E-20605A0DF50D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe |
"{ACDB2D6D-F185-479F-8E54-EE97B7EE6DC2}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{ACECDAE5-731A-409D-95C0-C308BE11D8C0}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{AD8DC4D6-F1F3-46D2-A5D9-C204CA363C19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE27A2D9-AACA-408B-B911-25CFE7ACBD9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{AEC1743D-A408-485E-8237-8056DC4F64F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{AF374D0F-F58C-4100-8703-D2C348323261}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B1B8C85E-B19B-48AB-8740-2C8B957AA775}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{B1CCEBCC-C676-4D3C-A411-6E74BEE28535}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{B22C16F3-1B8D-449E-B258-74203A67E996}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 4\bf4_x86.exe |
"{B23CA21E-AE84-4C72-B3C1-603C7356E0AF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B249B475-727F-41CA-899B-F6B05B97DF24}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{B5A756B0-2C7C-445D-9FA1-00F6D1002E29}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{BB0A7186-B84B-4B09-82F4-4BB24C1A4201}" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe |
"{BCDBD28D-E19A-4D2F-AB3F-D273C22DAF2A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BD7C267D-3857-416E-BFB4-629FCF9C02C6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C92F2649-F4F5-4739-BFAD-30B8892F2072}" = protocol=1 | dir=in | name=hlsw icmp |
"{C9F52197-63BA-43D1-9554-E8112ED80B0C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CA55B349-F7D9-4FAB-B078-E69D8164A53A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CAD539B2-0661-43AB-BF06-EF41BBA94F52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{CDC7F50B-4C6B-4D96-9E64-E1A43EB9F42D}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{D06E3235-7739-4372-BDE8-DC7B9FF80103}" = protocol=6 | dir=in | app=c:\hlserver\css\srcds.exe |
"{D173276C-23C7-4C30-A29B-9286E4C90141}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D278DCF5-8F40-4EE9-AF33-062EE2FDA356}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D2FBEA4E-4648-4DCB-9D32-A432A70F6864}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
"{DCDE3264-7B42-4A8A-9C07-22E1836636D3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DDE3BD61-5B59-44D1-8F17-95668C09BC0C}" = dir=in | app=c:\users\zer0\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{DE0548C1-386C-48CF-BF93-FE23C3E16458}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DE7680A8-C2E7-4DB4-8DF2-761A45EB3B72}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{DEB6EED2-4639-4CA6-BF11-8DC96E0C4513}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DF7930B1-2A80-4848-A8D3-57EF80597DF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe |
"{E100B473-B1F1-4B9A-A01E-36F5FA92CF17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{E131511A-0F48-44D8-A1F0-1562B05A2580}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{E163368C-3F22-4BC5-84B7-59DD56337684}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{E29CF4E9-DC01-46C8-A49C-271B66B45180}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{E2E6C984-0A0F-4D28-930D-6197F2FBF3C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{E4107B9C-3162-4A12-B5A0-EEAC75BA020D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\simcity\simcity\simcity.exe |
"{E46B3E56-0918-4132-8CF1-EAB4C1BF99CA}" = protocol=6 | dir=in | app=c:\users\zer0\appdata\local\akamai\netsession_win.exe |
"{E816B07B-68AA-402B-9F5A-DF4336B69167}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{EA81D0DB-1E2A-4FA3-A3A1-9E3DE43AF611}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{EA970DD5-4799-4AD1-A0DC-0B57EEB9D7F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EAC327EF-D8E7-4353-96E9-145E85312468}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{EB1EDB11-87EC-497A-A8E0-A5201E4970E5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 4\bf4.exe |
"{EC642946-A86E-466A-830C-66E31740DFE5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{EDB73647-2B6B-4AE1-8B3F-68471E7B2DE7}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{EE508158-02F0-4CCF-94FB-0E645DC6C4FF}" = protocol=6 | dir=in | app=c:\users\zer0\appdata\roaming\spotify\spotify.exe |
"{EF53253F-DE6C-4F10-B187-721CF2EB3E16}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{EF6D801B-A83B-4818-BB11-C701DDD3AC7C}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{F108F846-716C-4DFC-A745-E1E45FEB517F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{F42A145D-6A9E-4D0D-9161-05BB397AD46A}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2.exe |
"{F49E4DE1-89B8-4756-AC8B-E510DC8CA048}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{F4E3102B-E92C-40EF-8806-14F8C79B36C7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{F4E7FBB5-A124-4C7B-8367-9837A2B91A88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{F5237D56-12AA-45FD-AEFB-8399149CBDE5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 4\bf4_x86.exe |
"{F6BC8A77-8599-4BBD-9361-8D2507A1D562}" = protocol=6 | dir=out | app=system |
"{F884B144-7A36-4624-BFE9-2155A5A07B81}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{F9E477C2-6877-4B2E-A164-5E2340C924DB}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{F9FB2EE0-D461-45A4-9F5C-19032DE17FA3}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{FA5A3FE3-6E5B-4077-8BFB-EA69FB80AA46}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{FD984C31-9BA2-4D34-94A8-AC9BAC2ACE8D}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2.exe |
"{FEB3C515-70C8-4459-8819-6D813724087E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"TCP Query User{33EB4DE3-6AF6-40EE-8C9F-18E317EAFFE6}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{37FD4D8B-5583-4B7A-8C78-EE6178E6F5B8}D:\easysetupassistant\td-w8950nd\fscommand\easysetupassistant.exe" = protocol=6 | dir=in | app=d:\easysetupassistant\td-w8950nd\fscommand\easysetupassistant.exe |
"TCP Query User{3959A9D0-3420-4961-9F0C-6D1D230CA5AD}E:\crysis2(5620)_01_13\bin32\crysis2.exe" = protocol=6 | dir=in | app=e:\crysis2(5620)_01_13\bin32\crysis2.exe |
"TCP Query User{4E9DE2B7-9FA2-4C7D-B650-02E99D848635}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{6FD033B5-41CA-4F09-A4B4-285A7BFB0DC8}C:\program files (x86)\warthunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
"TCP Query User{7CFA0FC3-1714-4F35-B7AE-6ED511D5E985}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{B81B177E-25E3-4F4D-9A6C-D8CD4AF15B09}C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"TCP Query User{C55666F6-3B7B-45DA-9408-AB12CC66E0F3}D:\alcatel\speedtouch 530\setup\setupst.exe" = protocol=6 | dir=in | app=d:\alcatel\speedtouch 530\setup\setupst.exe |
"TCP Query User{CF062E53-6299-4498-839E-0FF9054ACA52}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{D2CACEFD-575B-429E-8D5D-FB57DD236979}C:\users\zer0\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\zer0\appdata\local\akamai\netsession_win.exe |
"TCP Query User{E832F229-C72B-4F4D-A250-415BC5D0BC9D}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"TCP Query User{FA564AB8-0B61-4CED-A3F7-3597F4DEC854}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{2186ABA4-3975-4BA8-97C2-9DE0253131EA}C:\program files (x86)\warthunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
"UDP Query User{25501994-EC5B-46BF-A3CC-0085038A1005}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{32FB0878-0455-46FD-9183-D65745EB57CB}C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"UDP Query User{33468986-F884-4A89-95B8-1DFE8FB99927}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{38306632-6804-4165-93F3-E80623566BA8}E:\crysis2(5620)_01_13\bin32\crysis2.exe" = protocol=17 | dir=in | app=e:\crysis2(5620)_01_13\bin32\crysis2.exe |
"UDP Query User{43516AF7-C1FB-4343-89E7-BA214F04A8DF}C:\users\zer0\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\zer0\appdata\local\akamai\netsession_win.exe |
"UDP Query User{54FFE46B-EC0C-4B53-B674-236D2243B6CA}D:\alcatel\speedtouch 530\setup\setupst.exe" = protocol=17 | dir=in | app=d:\alcatel\speedtouch 530\setup\setupst.exe |
"UDP Query User{586C5EB3-8AE4-4D03-9561-3128C91AB673}D:\easysetupassistant\td-w8950nd\fscommand\easysetupassistant.exe" = protocol=17 | dir=in | app=d:\easysetupassistant\td-w8950nd\fscommand\easysetupassistant.exe |
"UDP Query User{5F8D536F-078E-4E3C-92FC-16B4310D0C47}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{60DA4F0A-B604-4B3E-9244-1CE29ED9BB20}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{89A1D47B-5975-4615-A4A0-8B6B4F30D551}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{C20C3B8B-21BB-4292-846F-4A186604602E}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2A9D89B8-D07E-48F5-9A4C-0972D6FA5475}" = Smart Technology Programming Software 7.0.23.0
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A528BDDE-9C9F-11E2-9F0C-F04DA23A5C58}" = MSVCRT Redists
"{A7500970-FE98-11E1-B560-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.65
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D4761C4F-5ED9-11E1-9202-F04DA23A5C58}" = MSVCRT Redists
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2CA3B8348CD526E9B8928840AC68738C5B5A4F8F" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0)
"5AF8BE22A56B38B1816F36BAC6A71F1277E45440" = Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006)
"B090418E214D6BD6EE18A512A8EE609225AC9279" = Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101)
"CCleaner" = CCleaner
"HashTab" = HashTab 4.0.0.2
"LockHunter_is1" = LockHunter 2.0 beta 2, 64 bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Sandboxie" = Sandboxie 3.68 (64-bit)
"SecurityKISS Certificate_is1" = v0.2.2
"SecurityKISS Tunnel_is1" = SecurityKISS Tunnel v0.2.2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"VTFEdit_is1" = VTFEdit 1.3.3
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.5.2
"{0DB44859-4112-4946-BE5E-A4275B3FFB5E}" = Furry Voices for Second Life
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{29C042AB-059B-414C-840E-94775E3F24A8}" = Personality Voices
"{2A36014E-DF1D-4840-A209-3185B17BFC71}" = BigPond Broadband ADSL
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30349EFD-29C6-471B-B720-10D805B2D9F3}" = NCsoft Launcher
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37E9AFC0-BE43-470A-8903-318DFA9B4B72}_is1" = ScreenSnapr version 4.0.0.2
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018302}" = Fable III
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{5695D908-F97F-499D-91AF-F7D6BFA08575}" = Smoothping Elite
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B616A3F-43D9-4F0B-9F49-D39342A98592}" = Creatures of Darkness
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{639159C2-B27B-4208-8965-D8A0AEDBDED2}" = Microsoft .NET Framework 2.0 SDK - ENU
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{67CEC218-B250-4B4C-B23F-A597EC8DB153}" = Deep Space Voices
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7254274D-3F70-4EDD-9BEE-EA6BAD5636B4}" = Joystix Pro
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{8061C2C9-C2A3-4550-A3FC-585B646840CB}" = Fantasy Voice Pack
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8BD89760-6B5D-4A3C-8B0D-CDB93BEFC0F6}" = XSplit
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A1DD0268-4069-4D39-B6D2-E00DB50CA9C4}" = League of Legends
"{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}" = Tom Clancy's Splinter Cell® Blacklist™
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BC038C91-D3C6-4E43-8439-B65976FE7937}" = Sci-Fi Voice Pack
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C39768C1-82E7-4466-8526-2D8AC44B768F}" = Translator Fun Voice Pack
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = Alcatel SpeedTouch USB Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7870B1A-EECF-45B1-99BD-D1906928A8EC}" = SolarWinds Real-time NetFlow Analyzer
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D947A225-8C23-4E52-866E-CF3967476BFC}" = Female Voice Pack
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.2.336
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF3FE308-58F2-45E2-9BB0-6A993794AD5C}" = Galactic Voices
"{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1" = MSI GamingApp
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.278
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Afterburner" = MSI Afterburner 3.0.0 Beta 14
"Akamai" = Akamai NetSession Interface Service
"AMIP_foobar2000" = AMIP for foobar2000 (remove only)
"Any Video Converter_is1" = Any Video Converter 3.5.8
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"AV Voice Changer Software DIAMOND 7.0" = AV Voice Changer Software DIAMOND 7.0
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Battlelog Web Plugins" = Battlelog Web Plugins
"Bejeweled 31.0.8.6128" = Bejeweled 3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DivX Setup" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.6.0.2
"foobar2000" = foobar2000 v1.1.14a
"Fraps" = Fraps (remove only)
"GoldWave v5.58" = GoldWave v5.58
"Google Chrome" = Google Chrome
"Google Maps Radar - Made by OVPD Badge 169" = Google Maps Radar - Made by OVPD Badge 169
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"HLSW_is1" = HLSW v1.4.0.2
"ImgBurn" = ImgBurn
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare™ 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty® 4 - Modern Warfare™ 1.1 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare™ 1.2 Patch
"Internet Download Manager" = Internet Download Manager
"Internet Explorer" = Internet Explorer
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 2.0 SDK - ENU" = Microsoft .NET Framework 2.0 SDK - ENU
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"MKVToolNix" = MKVToolNix 5.9.0
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Nero 9 Lite_is1" = Nero 9.0.9.4 Lite
"NoIPDUC" = No-IP DUC
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Open Broadcaster Software" = Open Broadcaster Software
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OpenAL" = OpenAL
"Origin" = Origin
"PFConfig" = PFConfig 1.0.296
"PFPortChecker" = PFPortChecker 1.0.39
"Portforward Static IP Address" = Portforward Static IP Address 1.0.47
"PrecisionX" = EVGA Precision X 4.1.0
"PunkBusterSvc" = PunkBuster Services
"RaidCall" = RaidCall
"RealAlt_is1" = Real Alternative 2.0.2
"Rockstar Games Social Club" = Rockstar Games Social Club
"RTSS" = RivaTuner Statistics Server 5.3.0
"Steam App 107410" = Arma 3
"Steam App 113200" = The Binding of Isaac
"Steam App 113400" = APB Reloaded
"Steam App 12210" = Grand Theft Auto IV
"Steam App 200710" = Torchlight II
"Steam App 202170" = Sleeping Dogs™
"Steam App 204100" = Max Payne 3
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base 2006
"Steam App 218620" = PAYDAY 2
"Steam App 220240" = Far Cry® 3
"Steam App 238960" = Path of Exile
"Steam App 240" = Counter-Strike: Source
"Steam App 249990" = FORCED
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 4000" = Garry's Mod
"Steam App 4920" = Natural Selection 2
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"Tom Clancy`s Splinter Cell® Blacklist™_is1" = Tom Clancy`s Splinter Cell® Blacklist™
"Tunngle beta_is1" = Tunngle beta
"Uplay" = Uplay
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"VTFEdit_is1" = VTFEdit 1.2.5
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo!7 Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo!7 Messenger" = Yahoo!7 Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Akamai" = Akamai NetSession Interface
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"InstallShield_{D7870B1A-EECF-45B1-99BD-D1906928A8EC}" = SolarWinds Real-time NetFlow Analyzer
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2013 11:15:30 AM | Computer Name = Zer0-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\Prefetch\AgAppLaunch.db
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Host Process for Windows Services
because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\AgAppLaunch.db

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 10/11/2013 11:16:39 AM | Computer Name = Zer0-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c9db Exception code: 0xc0000006 Fault offset: 0x000000000002277f
Faulting
process id: 0x1644 Faulting application start time: 0x01cede27d8319dc1 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll
Report
Id: 188bb4f0-4a1b-11e3-9040-001fbc028851

Error - 10/11/2013 11:16:39 AM | Computer Name = Zer0-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\Prefetch\AgAppLaunch.db
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Host Process for Windows Services
because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\AgAppLaunch.db

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 10/11/2013 11:24:38 AM | Computer Name = Zer0-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c9db Exception code: 0xc0000006 Fault offset: 0x000000000002277f
Faulting
process id: 0x10b8 Faulting application start time: 0x01cede28e8f369c0 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll
Report
Id: 35ce6497-4a1c-11e3-94c3-001fbc028851

Error - 10/11/2013 11:24:38 AM | Computer Name = Zer0-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\Prefetch\AgAppLaunch.db
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Host Process for Windows Services
because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\AgAppLaunch.db

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 10/11/2013 11:25:53 AM | Computer Name = Zer0-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c9db Exception code: 0xc0000006 Fault offset: 0x000000000002277f
Faulting
process id: 0x1a0c Faulting application start time: 0x01cede2922343422 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll
Report
Id: 6273b831-4a1c-11e3-94c3-001fbc028851

Error - 10/11/2013 11:25:53 AM | Computer Name = Zer0-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\Prefetch\AgAppLaunch.db
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Host Process for Windows Services
because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\AgAppLaunch.db

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 10/11/2013 11:26:57 AM | Computer Name = Zer0-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c9db Exception code: 0xc0000006 Fault offset: 0x000000000002277f
Faulting
process id: 0x193c Faulting application start time: 0x01cede294923b638 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll
Report
Id: 88f26d9a-4a1c-11e3-94c3-001fbc028851

Error - 10/11/2013 11:26:57 AM | Computer Name = Zer0-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\Prefetch\AgAppLaunch.db
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Host Process for Windows Services
because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\AgAppLaunch.db

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 10/11/2013 11:57:39 AM | Computer Name = Zer0-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Zer0\Downloads\Programs\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 10/11/2013 11:22:04 AM | Computer Name = Zer0-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 5 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 10/11/2013 11:22:04 AM | Computer Name = Zer0-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Performance power management features on processor 1 in group 0 are
disabled due to a firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 10/11/2013 11:24:18 AM | Computer Name = Zer0-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 10/11/2013 11:24:48 AM | Computer Name = Zer0-PC | Source = Service Control Manager | ID = 7031
Description = The Superfetch service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/11/2013 11:25:52 AM | Computer Name = Zer0-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 10/11/2013 11:25:53 AM | Computer Name = Zer0-PC | Source = Service Control Manager | ID = 7031
Description = The Superfetch service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/11/2013 11:26:21 AM | Computer Name = Zer0-PC | Source = Service Control Manager | ID = 7031
Description = The TeamViewer 8 service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 2000 milliseconds:
Restart the service.

Error - 10/11/2013 11:26:57 AM | Computer Name = Zer0-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 10/11/2013 11:26:58 AM | Computer Name = Zer0-PC | Source = Service Control Manager | ID = 7034
Description = The Superfetch service terminated unexpectedly. It has done this
3 time(s).

Error - 10/11/2013 11:51:54 AM | Computer Name = Zer0-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

< End of report >

#2
RKinner

Posted 11 November 2013 - 11:49 AM

Malware Expert

Expert
24,624 posts

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply. Close nOtepad. Close the Command Window.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron

#3
nytmare

Posted 11 November 2013 - 08:37 PM

Member

Topic Starter
Member
14 posts

Thanks Ron. Ive done everything you asked, here are the logs.

# AdwCleaner v3.012 - Report created 12/11/2013 at 10:22:03
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Zer0 - ZER0-PC
# Running from : C:\Users\Zer0\Desktop\AdwCleaner_2.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Users\Zer0\AppData\Roaming\NCH Software

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\Zer0\AppData\Roaming\Mozilla\Firefox\Profiles\yuohtlfh.default-1379735746604\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShopHelp&co=AU&userid=d20292fa-4ac8-f278-fd6c-8fc793c0dc4a&searchtype=nt&installDate=22/10/2013");
Line Deleted : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShopHelp&co=AU&userid=d20292fa-4ac8-f278-fd6c-8fc793c0dc4a&searchtype=ds&installDate=22/10/2013&q=");

[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\s7wgemff.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShopHelp&co=AU&userid=d20292fa-4ac8-f278-fd6c-8fc793c0dc4a&searchtype=hp&installDate=22/10/2013");
Line Deleted : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShopHelp&co=AU&userid=d20292fa-4ac8-f278-fd6c-8fc793c0dc4a&searchtype=ds&installDate=22/10/2013&q=");
Line Deleted : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShopHelp&co=AU&userid=d20292fa-4ac8-f278-fd6c-8fc793c0dc4a&searchtype=nt&installDate=22/10/2013");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Zer0\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R3].txt - [2670 octets] - [12/11/2013 09:39:12]
AdwCleaner[R4].txt - [2778 octets] - [12/11/2013 10:21:15]
AdwCleaner[S3].txt - [345 octets] - [12/11/2013 09:57:17]
AdwCleaner[S4].txt - [2391 octets] - [12/11/2013 10:22:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2451 octets] ##########

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 12/11/2013 10:30:06 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/11/2013 11:29:26 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Superfetch service terminated unexpectedly. It has done this 3 time(s).

Log: 'System' Date/Time: 11/11/2013 11:29:25 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 11/11/2013 11:28:22 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 11/11/2013 11:28:21 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 11/11/2013 11:27:17 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 11/11/2013 11:26:38 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 11/11/2013 11:23:44 PM
Type: Error Category: 2
Event: 35 Source: Microsoft-Windows-Kernel-Processor-Power
Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Log: 'System' Date/Time: 11/11/2013 11:23:44 PM
Type: Error Category: 2
Event: 35 Source: Microsoft-Windows-Kernel-Processor-Power
Performance power management features on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Log: 'System' Date/Time: 11/11/2013 11:23:44 PM
Type: Error Category: 2
Event: 35 Source: Microsoft-Windows-Kernel-Processor-Power
Performance power management features on processor 5 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Log: 'System' Date/Time: 11/11/2013 11:23:44 PM
Type: Error Category: 2
Event: 35 Source: Microsoft-Windows-Kernel-Processor-Power
Performance power management features on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Log: 'System' Date/Time: 11/11/2013 11:23:44 PM
Type: Error Category: 2
Event: 35 Source: Microsoft-Windows-Kernel-Processor-Power
Performance power management features on processor 2 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Log: 'System' Date/Time: 11/11/2013 11:23:44 PM
Type: Error Category: 2
Event: 35 Source: Microsoft-Windows-Kernel-Processor-Power
Performance power management features on processor 4 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Log: 'System' Date/Time: 11/11/2013 11:23:44 PM
Type: Error Category: 2
Event: 35 Source: Microsoft-Windows-Kernel-Processor-Power
Performance power management features on processor 6 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Log: 'System' Date/Time: 11/11/2013 11:23:44 PM
Type: Error Category: 2
Event: 35 Source: Microsoft-Windows-Kernel-Processor-Power
Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Log: 'System' Date/Time: 11/11/2013 8:33:53 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Superfetch service terminated unexpectedly. It has done this 3 time(s).

Log: 'System' Date/Time: 11/11/2013 8:33:52 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 11/11/2013 8:33:49 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 11/11/2013 8:32:46 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 11/11/2013 8:32:45 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 11/11/2013 8:31:41 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/11/2013 11:23:44 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0001.

Log: 'System' Date/Time: 11/11/2013 11:23:44 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0000.

Log: 'System' Date/Time: 11/11/2013 8:26:12 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\usbccgp failed to load for the device USB\VID_046D&PID_C22D\5&2ae1af5b&0&2.

Log: 'System' Date/Time: 11/11/2013 8:26:04 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0001.

Log: 'System' Date/Time: 11/11/2013 8:26:04 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\SIDESHOW\0000.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 12/11/2013 10:30:41 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/11/2013 11:29:26 PM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\Windows\Prefetch\AgAppLaunch.db for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\AgAppLaunch.db The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C000009C Disk type: 3

Log: 'Application' Date/Time: 11/11/2013 11:29:26 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db Exception code: 0xc0000006 Fault offset: 0x000000000002277f Faulting process id: 0x13a4 Faulting application start time: 0x01cedf35da1cb52b Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report Id: 19d4eec7-4b29-11e3-a116-001fbc028851

Log: 'Application' Date/Time: 11/11/2013 11:28:21 PM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\Windows\Prefetch\AgAppLaunch.db for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\AgAppLaunch.db The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C000009C Disk type: 3

Log: 'Application' Date/Time: 11/11/2013 11:28:21 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db Exception code: 0xc0000006 Fault offset: 0x000000000002277f Faulting process id: 0x1e0c Faulting application start time: 0x01cedf35b3379911 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report Id: f398d461-4b28-11e3-a116-001fbc028851

Log: 'Application' Date/Time: 11/11/2013 11:26:57 PM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\Windows\Prefetch\AgAppLaunch.db for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\AgAppLaunch.db The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C000009C Disk type: 3

Log: 'Application' Date/Time: 11/11/2013 11:26:57 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db Exception code: 0xc0000006 Fault offset: 0x000000000002277f Faulting process id: 0x1014 Faulting application start time: 0x01cedf355cbb1df4 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report Id: c134f72c-4b28-11e3-a116-001fbc028851

Log: 'Application' Date/Time: 11/11/2013 11:21:12 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program AdwCleaner_2.exe version 3.0.1.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 318 Start Time: 01cedf29c74ba3b5 Termination Time: 0 Application Path: C:\Users\Zer0\Downloads\Programs\AdwCleaner_2.exe Report Id: de7f201a-4b27-11e3-8324-001fbc028851

Log: 'Application' Date/Time: 11/11/2013 8:33:49 PM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\Windows\Prefetch\AgAppLaunch.db for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\AgAppLaunch.db The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C000009C Disk type: 3

Log: 'Application' Date/Time: 11/11/2013 8:33:49 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db Exception code: 0xc0000006 Fault offset: 0x000000000002277f Faulting process id: 0x1cf8 Faulting application start time: 0x01cedf1d51fa2d9a Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report Id: 91c03a21-4b10-11e3-8324-001fbc028851

Log: 'Application' Date/Time: 11/11/2013 8:32:45 PM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\Windows\Prefetch\AgAppLaunch.db for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\AgAppLaunch.db The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C000009C Disk type: 3

Log: 'Application' Date/Time: 11/11/2013 8:32:45 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db Exception code: 0xc0000006 Fault offset: 0x000000000002277f Faulting process id: 0x17e0 Faulting application start time: 0x01cedf1d2b75b098 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report Id: 6b4fba9b-4b10-11e3-8324-001fbc028851

Log: 'Application' Date/Time: 11/11/2013 8:29:37 PM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\Windows\Prefetch\AgAppLaunch.db for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\AgAppLaunch.db The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C000009C Disk type: 3

Log: 'Application' Date/Time: 11/11/2013 8:29:37 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db Exception code: 0xc0000006 Fault offset: 0x000000000002277f Faulting process id: 0xf20 Faulting application start time: 0x01cedf1c923ac5ea Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report Id: fb258a14-4b0f-11e3-8324-001fbc028851

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/11/2013 11:22:15 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3687147164-1298252514-2334443246-1000:
Process 1936 (\Device\HarddiskVolume2\Windows\SysWOW64\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3687147164-1298252514-2334443246-1000

Log: 'Application' Date/Time: 11/11/2013 8:24:27 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3687147164-1298252514-2334443246-1000:
Process 2136 (\Device\HarddiskVolume2\Windows\SysWOW64\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3687147164-1298252514-2334443246-1000

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Zer0 on Tue 12/11/2013 at 12:55:27.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealPlyUpdateVer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealPlyUpdateVer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DealPlyUpdateVer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DealPlyUpdateVer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_1_RASMANCS

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Zer0\AppData\Roaming\mozilla\firefox\profiles\yuohtlfh.default-1379735746604\minidumps [37 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/11/2013 at 13:01:56.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by Zer0 (administrator) on ZER0-PC on 12-11-2013 13:05:45
Running from C:\Users\Zer0\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Akamai Technologies, Inc.) C:\Users\Zer0\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Akamai Technologies, Inc.) C:\Users\Zer0\AppData\Local\Akamai\netsession_win.exe
(SmoothPing) C:\Program Files (x86)\Smoothping Elite\SmoothPingProxy.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.191\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.56\deploy\LolClient.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SaiMfd] - C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2012-10-15] (Saitek)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-31] (Valve Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17706088 2013-02-07] (Skype Technologies S.A.)
HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [668944 2012-04-10] (SANDBOXIE L.T.D)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Zer0\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3825232 2013-11-09] (Tonec Inc.)
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: {fe28be3b-318c-11e0-8da5-001fbc028851} - G:\setup_vmc_lite.exe /checkApplicationPresence
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-02] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKU\Administrator\...\Run: [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3825232 2013-11-09] (Tonec Inc.)
HKU\Administrator\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-31] (Valve Corporation)
HKU\Administrator\...\Run: [Akamai NetSession Interface] - C:\Users\Zer0\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\Administrator\...\Run: [Facebook Update] - C:\Users\Zer0\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-16] (Facebook Inc.)
HKU\Administrator\...\Run: [Spotify Web Helper] - C:\Users\Zer0\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576 2012-12-21] (Spotify Ltd)
HKU\Administrator\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\Administrator\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17706088 2013-02-07] (Skype Technologies S.A.)
HKU\Administrator\...\Run: [Doxeoqbuyh] - C:\Users\Administrator\AppData\Roaming\Uxeb\azro.exe
HKU\Administrator\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE413385B6EAFCE01
StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\SmoothPingProxy.dll [315392] (SmoothPing)
Winsock: Catalog9 02 C:\Windows\SysWOW64\SmoothPingProxy.dll [315392] (SmoothPing)
Winsock: Catalog9 03 C:\Windows\SysWOW64\SmoothPingProxy.dll [315392] (SmoothPing)
Winsock: Catalog9 04 C:\Windows\SysWOW64\SmoothPingProxy.dll [315392] (SmoothPing)
Winsock: Catalog9 15 C:\Windows\SysWOW64\SmoothPingProxy.dll [315392] (SmoothPing)
Winsock: Catalog9-x64 01 C:\Windows\system32\SmoothPingProxy64.dll [430592] (SmoothPing)
Winsock: Catalog9-x64 02 C:\Windows\system32\SmoothPingProxy64.dll [430592] (SmoothPing)
Winsock: Catalog9-x64 03 C:\Windows\system32\SmoothPingProxy64.dll [430592] (SmoothPing)
Winsock: Catalog9-x64 04 C:\Windows\system32\SmoothPingProxy64.dll [430592] (SmoothPing)
Winsock: Catalog9-x64 15 C:\Windows\system32\SmoothPingProxy64.dll [430592] (SmoothPing)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{09422DDC-6800-45E3-9216-B5095F00AEB7}: [NameServer]8.8.8.8,8.8.8.4

FireFox:
========
FF ProfilePath: C:\Users\Zer0\AppData\Roaming\Mozilla\Firefox\Profiles\yuohtlfh.default-1379735746604
FF Homepage: https://www.google.com.au/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.96.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Zer0\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Zer0\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Users\Zer0\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Zer0\AppData\Roaming\IDM\idmmzcc5
FF HKCU\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Zer0\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Zer0\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-09-14] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4266480 2011-01-13] (INCA Internet Co., Ltd.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-11-01] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [97552 2012-04-10] (SANDBOXIE L.T.D)
R2 SmoothPingProxy; C:\Program Files (x86)\Smoothping Elite\SmoothPingProxy.exe [2297856 2013-05-09] (SmoothPing)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [757144 2013-08-16] (Tunngle.net GmbH)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()

==================== Drivers (Whitelisted) ====================

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-08-16] ()
S3 SaiK0ccf; C:\Windows\System32\DRIVERS\SaiK0ccf.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24680 2012-10-15] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52200 2012-10-15] (Saitek)
S3 SaiU0CCF; C:\Windows\System32\DRIVERS\SaiU0CCF.sys [47168 2012-09-20] (Saitek)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [164528 2012-04-10] (SANDBOXIE L.T.D)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-09-17] ()
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
U3 ah9wk9ro; C:\Windows\System32\Drivers\ah9wk9ro.sys [0 ] (Microsoft Corporation)
S3 dump_wmimmc; \??\C:\Program Files (x86)\gPotato\IrisOnline\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [x]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-12 13:05 - 2013-11-12 13:05 - 00000000 ____D C:\FRST
2013-11-12 13:01 - 2013-11-12 13:01 - 00002049 _____ C:\Users\Zer0\Desktop\JRT.txt
2013-11-12 12:56 - 2013-11-12 12:56 - 01957590 _____ (Farbar) C:\Users\Zer0\Desktop\FRST64.exe
2013-11-12 12:55 - 2013-11-12 12:55 - 00000000 ____D C:\Windows\ERUNT
2013-11-12 12:54 - 2013-11-12 12:54 - 01034531 _____ (Thisisu) C:\Users\Zer0\Desktop\JRT.exe
2013-11-12 12:01 - 2013-11-09 14:31 - 388544932 _____ C:\Users\Zer0\Desktop\Atlantis.2013.S01E07.HDTV.XviD-AFG.avi
2013-11-12 12:00 - 2013-11-02 19:56 - 312958111 _____ C:\Users\Zer0\Desktop\atlantis.2013.s01e06.hdtv.x264-tla.mp4
2013-11-12 10:29 - 2013-11-12 13:04 - 00026169 _____ C:\Users\Zer0\Desktop\AdwCleaner[S4].txt
2013-11-12 09:02 - 2013-11-12 10:22 - 00000000 ____D C:\AdwCleaner
2013-11-12 09:02 - 2013-11-12 09:02 - 01085542 _____ C:\Users\Zer0\Desktop\AdwCleaner_2.exe
2013-11-12 08:29 - 2013-11-12 10:30 - 00015212 _____ C:\VEW.txt
2013-11-12 08:03 - 2013-11-12 08:03 - 00061440 _____ ( ) C:\Users\Zer0\Desktop\VEW.exe
2013-11-12 07:26 - 2013-11-12 07:26 - 00006678 _____ C:\Windows\PFRO.log
2013-11-12 07:19 - 2013-11-12 10:25 - 00000336 _____ C:\Windows\setupact.log
2013-11-12 07:19 - 2013-11-12 07:19 - 00000000 _____ C:\Windows\setuperr.log
2013-11-11 11:26 - 2013-10-26 16:29 - 380193538 _____ C:\Users\Zer0\Desktop\Atlantis.2013.S01E05.HDTV.XviD-AFG.avi
2013-11-11 11:25 - 2013-10-19 15:38 - 379118552 _____ C:\Users\Zer0\Desktop\Atlantis.2013.1x04.Twist.Of.Fate.HDTV.XviD-AFG.avi
2013-11-11 11:25 - 2013-10-14 17:32 - 388571140 _____ C:\Users\Zer0\Desktop\Atlantis.2013.1x03.The.Boy.Must.Die.HDTV.XviD-AFG.avi
2013-11-11 11:25 - 2013-10-05 21:46 - 379392696 _____ C:\Users\Zer0\Desktop\Atlantis.2013.1x02.A.Girl.By.Any.Other.Name.HDTV.XviD-AFG.avi
2013-11-11 09:03 - 2013-09-28 20:46 - 397472086 _____ C:\Users\Zer0\Desktop\Atlantis.2013.1x01.The.Earth.Bull.HDTV.XviD-AFG.avi
2013-11-11 05:03 - 2013-11-11 05:19 - 423572207 _____ C:\Users\Zer0\Downloads\Windows6.1-KB947821-v28-x64.msu
2013-11-11 02:57 - 2013-11-11 02:57 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-11 02:36 - 2013-11-11 02:57 - 00000000 ____D C:\Users\Zer0\AppData\Roaming\IDM
2013-11-11 02:36 - 2013-11-11 02:37 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2013-11-11 02:36 - 2013-11-11 02:36 - 00000000 ____D C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2013-11-11 02:36 - 2013-11-11 02:36 - 00000000 ____D C:\ProgramData\IDM
2013-11-11 01:36 - 2013-11-11 22:26 - 00000000 ____D C:\Users\Zer0\AppData\Local\CrashDumps
2013-11-11 01:22 - 2013-09-23 01:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-11 01:22 - 2013-09-23 01:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-11 01:22 - 2013-09-23 01:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-11 01:22 - 2013-09-23 01:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-11 01:22 - 2013-09-23 01:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-11 01:22 - 2013-09-22 21:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-11 01:22 - 2013-09-22 21:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-11 01:22 - 2013-09-22 21:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-11 01:22 - 2013-09-22 21:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-11 01:22 - 2013-09-22 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-11 01:22 - 2013-09-22 21:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-11 01:22 - 2013-09-22 20:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-11 01:21 - 2013-09-23 02:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-11 01:21 - 2013-09-23 02:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-11 01:21 - 2013-09-23 01:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-11 01:21 - 2013-09-23 01:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-11 01:21 - 2013-09-23 01:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-11 01:21 - 2013-09-23 01:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-11 01:21 - 2013-09-23 01:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-11 01:21 - 2013-09-23 01:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-11 01:21 - 2013-09-23 01:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-11 01:21 - 2013-09-23 01:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-11 01:21 - 2013-09-23 01:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-11 01:21 - 2013-09-22 21:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-11 01:21 - 2013-09-22 21:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-11 01:21 - 2013-09-22 21:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-11 01:21 - 2013-09-22 21:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-11 01:21 - 2013-09-22 21:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-11 01:21 - 2013-09-22 21:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-11 01:21 - 2013-09-22 21:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-11 01:21 - 2013-09-22 21:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-11 01:21 - 2013-09-22 21:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-10 22:29 - 2013-11-10 22:12 - 00000683 ___SH C:\ProgramData\62f33931-3f95-403b-bd84-bc136fa2417d
2013-11-10 22:12 - 2013-11-10 22:12 - 00000000 ____D C:\ProgramData\c8865564-28bf-4d35-8039-1f4e8b199063
2013-11-10 22:11 - 2013-11-10 22:14 - 00000000 ____D C:\MyBootCD
2013-11-10 20:25 - 2013-11-02 06:26 - 786553176 _____ C:\Users\Zer0\Desktop\The.To.Do.List.2013.720p.BluRay.750MB.HPHD.mkv
2013-11-10 20:16 - 2013-11-10 20:17 - 05941185 _____ C:\Users\Zer0\Downloads\Hirens.BootCD.15.2.zip.part
2013-11-10 03:00 - 2013-08-29 13:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-11-10 03:00 - 2013-08-29 13:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-11-10 03:00 - 2013-08-29 13:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-11-10 03:00 - 2013-08-29 13:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-11-10 03:00 - 2013-08-29 13:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-11-10 03:00 - 2013-08-29 12:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-11-10 03:00 - 2013-08-29 12:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-11-10 03:00 - 2013-08-29 12:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-11-10 03:00 - 2013-08-29 12:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-11-10 03:00 - 2013-08-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-11-10 03:00 - 2013-08-29 12:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-11-10 03:00 - 2013-08-29 11:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-11-10 03:00 - 2013-08-29 11:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-11-10 03:00 - 2013-08-29 11:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-11-10 03:00 - 2013-08-29 11:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-11-10 03:00 - 2013-08-28 12:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-11-10 03:00 - 2013-07-20 21:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-10 03:00 - 2013-07-20 21:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-11-10 03:00 - 2013-07-04 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-11-10 03:00 - 2013-07-04 23:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-11-10 03:00 - 2013-07-04 22:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-11-10 03:00 - 2013-07-04 22:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-11-10 03:00 - 2013-07-04 21:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-11-10 03:00 - 2013-06-06 16:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-11-10 03:00 - 2013-06-06 16:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-11-10 03:00 - 2013-06-06 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-11-10 03:00 - 2013-06-06 16:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-11-10 03:00 - 2013-06-06 15:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-11-10 03:00 - 2013-06-06 15:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-11-10 03:00 - 2013-06-06 15:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-11-10 03:00 - 2013-06-06 14:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-11-10 03:00 - 2013-06-06 14:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-11-10 03:00 - 2013-06-06 14:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-11-10 02:59 - 2013-09-14 12:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-10 02:59 - 2013-09-08 13:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-11-10 02:59 - 2013-09-08 13:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-11-10 02:59 - 2013-09-08 13:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-11-10 02:59 - 2013-07-12 21:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-11-10 02:59 - 2013-07-12 21:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-11-10 02:59 - 2013-07-04 23:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-11-10 02:59 - 2013-07-04 22:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-11-10 02:59 - 2013-07-03 15:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-11-10 02:59 - 2013-07-03 15:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-11-10 02:59 - 2013-07-03 15:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-11-10 02:59 - 2013-06-26 09:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-11-10 02:57 - 2013-08-28 12:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-11-10 02:56 - 2013-09-04 23:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-10 02:56 - 2013-09-04 23:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-10 02:56 - 2013-09-04 23:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-10 02:56 - 2013-09-04 23:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-10 02:56 - 2013-09-04 23:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-10 02:56 - 2013-09-04 23:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-10 02:56 - 2013-09-04 23:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-10 02:56 - 2013-08-01 23:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-09 16:08 - 2013-11-08 10:41 - 00174968 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2013-11-08 05:24 - 2013-11-08 05:56 - 279399490 _____ C:\Users\Zer0\Downloads\The.Tomorrow.People.US.S01E05.HDTV.x264-LOL.mp4
2013-11-08 05:24 - 2013-11-08 05:49 - 259246346 _____ C:\Users\Zer0\Downloads\The.Tomorrow.People.US.S01E04.HDTV.x264-LOL.mp4
2013-11-08 05:11 - 2013-11-08 05:48 - 282521080 _____ C:\Users\Zer0\Downloads\The.Tomorrow.People.US.S01E03.HDTV.x264-LOL.mp4
2013-11-08 04:59 - 2013-11-08 05:18 - 271163068 _____ C:\Users\Zer0\Downloads\The.Tomorrow.People.US.S01E02.HDTV.x264-LOL.mp4
2013-11-08 04:24 - 2013-11-08 04:47 - 301646643 _____ C:\Users\Zer0\Downloads\The.Tomorrow.People.US.S01E01.HDTV.x264-LOL.mp4
2013-11-08 04:20 - 2013-11-08 04:20 - 11032296 _____ C:\Users\Zer0\Downloads\TTDL.2013.720p.BR.750MB-HPHD.rar.part
2013-11-02 20:47 - 2013-11-02 20:47 - 00001157 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-01 17:23 - 2013-10-23 21:30 - 30344480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-11-01 17:23 - 2013-10-23 21:30 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 01241376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-11-01 17:23 - 2013-10-23 21:30 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-11-01 17:23 - 2013-01-29 19:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2013-11-01 15:28 - 2013-11-01 15:55 - 00001205 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2013-10-30 19:50 - 2013-10-18 12:36 - 01063200 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-30 19:50 - 2013-10-18 12:36 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-30 19:49 - 2013-09-28 10:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-10-30 19:49 - 2013-09-28 10:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-10-29 21:20 - 2013-10-29 21:20 - 00000000 ____D C:\Users\Zer0\AppData\Local\UWebKit
2013-10-23 15:50 - 2013-10-16 11:48 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll
2013-10-23 15:50 - 2013-10-16 11:48 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll
2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-10-23 00:11 - 2013-10-23 00:11 - 00000000 ____D C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AC3Filter
2013-10-23 00:11 - 2013-10-23 00:11 - 00000000 ____D C:\Program Files (x86)\AC3Filter
2013-10-23 00:11 - 2008-07-09 19:05 - 00421888 _____ C:\Windows\system32\ac3filter.acm
2013-10-19 00:06 - 2013-10-19 00:28 - 569983472 _____ C:\Users\Zer0\Downloads\Strike.Back.S03E03.HDTV.x264-LOL.mp4
2013-10-18 17:21 - 2013-10-19 16:30 - 00000000 ____D C:\Users\Zer0\Downloads\Toto - Falling In Between(2006)Remastered 2013
2013-10-18 16:11 - 2013-10-18 16:37 - 576908296 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E10.HDTV.XviD-FQM.avi
2013-10-18 16:10 - 2013-10-18 16:32 - 576898268 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E09.HDTV.XviD-FQM.avi
2013-10-18 15:33 - 2013-10-18 15:36 - 00000000 ____D C:\Users\Zer0\Downloads\iwin-MahJong Quest III -by ozgurd
2013-10-16 17:58 - 2013-10-16 18:16 - 366955670 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E08.HDTV.XviD-ASAP.avi
2013-10-15 20:06 - 2013-10-23 15:47 - 00000000 ____D C:\ProgramData\WarThunder
2013-10-15 20:06 - 2013-10-23 15:04 - 00000000 ____D C:\Program Files (x86)\WarThunder
2013-10-15 20:06 - 2013-10-15 20:06 - 00001107 _____ C:\Users\Public\Desktop\WarThunder.lnk
2013-10-15 20:06 - 2013-10-15 20:06 - 00000000 ____D C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2013-10-15 20:06 - 2013-10-15 20:06 - 00000000 ____D C:\Users\Zer0\AppData\Local\WarThunder
2013-10-14 22:18 - 2013-10-14 22:57 - 576323696 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E03.HDTV.XviD-LOL.avi
2013-10-14 22:17 - 2013-10-16 18:51 - 576899134 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E07.HDTV.XviD-FQM.avi
2013-10-14 22:17 - 2013-10-15 21:35 - 575172218 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E06.HDTV.XviD-LOL.avi
2013-10-14 22:17 - 2013-10-15 19:12 - 577246604 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E05.HDTV.XviD-FQM.avi
2013-10-14 22:17 - 2013-10-15 18:30 - 576246262 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E04.HDTV.XviD-LOL.avi
2013-10-14 18:47 - 2013-10-14 19:47 - 576089160 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E02.HDTV.XviD-LOL.avi
2013-10-14 18:47 - 2013-10-14 19:19 - 576338328 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E01.HDTV.XviD-LOL.avi
2013-10-14 13:46 - 2013-10-14 14:01 - 364892160 _____ C:\Users\Zer0\Downloads\Strike.Back.S01E06.HDTV.XviD-BiA.avi
2013-10-14 00:03 - 2013-10-14 11:27 - 00000000 ____D C:\Users\Zer0\Downloads\CODE HUNTER [2002][AC3][DVDRip]-FLAWL3SS

==================== One Month Modified Files and Folders =======

2013-11-12 13:05 - 2013-11-12 13:05 - 00000000 ____D C:\FRST
2013-11-12 13:04 - 2013-11-12 10:29 - 00026169 _____ C:\Users\Zer0\Desktop\AdwCleaner[S4].txt
2013-11-12 13:01 - 2013-11-12 13:01 - 00002049 _____ C:\Users\Zer0\Desktop\JRT.txt
2013-11-12 13:01 - 2013-04-28 17:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-12 12:56 - 2013-11-12 12:56 - 01957590 _____ (Farbar) C:\Users\Zer0\Desktop\FRST64.exe
2013-11-12 12:55 - 2013-11-12 12:55 - 00000000 ____D C:\Windows\ERUNT
2013-11-12 12:54 - 2013-11-12 12:54 - 01034531 _____ (Thisisu) C:\Users\Zer0\Desktop\JRT.exe
2013-11-12 12:51 - 2010-11-08 16:27 - 00000000 ____D C:\Users\Zer0\AppData\Roaming\Skype
2013-11-12 12:36 - 2013-09-17 17:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-12 12:30 - 2012-08-16 01:25 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3687147164-1298252514-2334443246-1000UA.job
2013-11-12 12:00 - 2010-09-05 00:19 - 00000000 ____D C:\Users\Zer0\AppData\Roaming\DMCache
2013-11-12 11:00 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\rescache
2013-11-12 10:35 - 2009-07-14 15:45 - 00015040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-12 10:35 - 2009-07-14 15:45 - 00015040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 10:31 - 2012-03-08 14:09 - 01427302 _____ C:\Windows\WindowsUpdate.log
2013-11-12 10:30 - 2013-11-12 08:29 - 00015212 _____ C:\VEW.txt
2013-11-12 10:26 - 2010-09-04 18:44 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-12 10:25 - 2013-11-12 07:19 - 00000336 _____ C:\Windows\setupact.log
2013-11-12 10:25 - 2013-04-28 17:02 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-12 10:24 - 2010-09-04 16:48 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-12 10:24 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 10:22 - 2013-11-12 09:02 - 00000000 ____D C:\AdwCleaner
2013-11-12 09:02 - 2013-11-12 09:02 - 01085542 _____ C:\Users\Zer0\Desktop\AdwCleaner_2.exe
2013-11-12 08:03 - 2013-11-12 08:03 - 00061440 _____ ( ) C:\Users\Zer0\Desktop\VEW.exe
2013-11-12 07:26 - 2013-11-12 07:26 - 00006678 _____ C:\Windows\PFRO.log
2013-11-12 07:26 - 2012-06-12 21:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-12 07:26 - 2012-06-12 21:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-12 07:19 - 2013-11-12 07:19 - 00000000 _____ C:\Windows\setuperr.log
2013-11-12 07:18 - 2012-08-16 01:25 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3687147164-1298252514-2334443246-1000Core.job
2013-11-11 22:26 - 2013-11-11 01:36 - 00000000 ____D C:\Users\Zer0\AppData\Local\CrashDumps
2013-11-11 22:13 - 2012-12-01 00:02 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-11 22:01 - 2012-12-01 00:02 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-11-11 20:51 - 2011-07-01 13:37 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-11 19:26 - 2010-09-05 00:31 - 00000000 ____D C:\Windows\Minidump
2013-11-11 11:36 - 2013-09-10 17:49 - 00000000 ____D C:\Users\Zer0\Downloads\Compressed
2013-11-11 05:19 - 2013-11-11 05:03 - 423572207 _____ C:\Users\Zer0\Downloads\Windows6.1-KB947821-v28-x64.msu
2013-11-11 05:01 - 2012-01-18 17:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-11 02:57 - 2013-11-11 02:57 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-11 02:57 - 2013-11-11 02:36 - 00000000 ____D C:\Users\Zer0\AppData\Roaming\IDM
2013-11-11 02:37 - 2013-11-11 02:36 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2013-11-11 02:36 - 2013-11-11 02:36 - 00000000 ____D C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2013-11-11 02:36 - 2013-11-11 02:36 - 00000000 ____D C:\ProgramData\IDM
2013-11-11 02:04 - 2009-07-14 15:45 - 04972352 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-11 01:10 - 2013-09-01 18:29 - 00235143 ___SH C:\ProgramData\8d9221f8-e7a0-45a5-9c38-fd27fa08bbc7
2013-11-10 23:17 - 2012-10-11 16:37 - 00000000 ____D C:\Users\Zer0\AppData\Roaming\IMVU
2013-11-10 22:14 - 2013-11-10 22:11 - 00000000 ____D C:\MyBootCD
2013-11-10 22:12 - 2013-11-10 22:29 - 00000683 ___SH C:\ProgramData\62f33931-3f95-403b-bd84-bc136fa2417d
2013-11-10 22:12 - 2013-11-10 22:12 - 00000000 ____D C:\ProgramData\c8865564-28bf-4d35-8039-1f4e8b199063
2013-11-10 20:52 - 2009-07-14 16:13 - 00006884 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-10 20:17 - 2013-11-10 20:16 - 05941185 _____ C:\Users\Zer0\Downloads\Hirens.BootCD.15.2.zip.part
2013-11-10 16:44 - 2013-09-01 18:11 - 00000000 ____D C:\ProgramData\c68dac03-3d23-4f11-a555-bcd5fdf56017
2013-11-10 04:26 - 2011-02-26 12:29 - 00002064 _____ C:\Windows\Sandboxie.ini
2013-11-10 03:46 - 2013-09-26 04:43 - 00000594 _____ C:\Users\Zer0\Desktop\anime.txt
2013-11-10 03:32 - 2013-08-22 20:40 - 00000000 ____D C:\Windows\system32\MRT
2013-11-10 03:19 - 2010-09-04 17:40 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-10 03:11 - 2011-01-26 13:45 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-10 03:10 - 2012-05-02 02:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-10 03:10 - 2011-01-26 13:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-09 19:18 - 2010-12-18 02:16 - 00000000 ____D C:\Users\Zer0\AppData\Roaming\TS3Client
2013-11-09 14:31 - 2013-11-12 12:01 - 388544932 _____ C:\Users\Zer0\Desktop\Atlantis.2013.S01E07.HDTV.XviD-AFG.avi
2013-11-08 21:56 - 2010-09-23 15:13 - 00000000 ____D C:\Users\Zer0\AppData\Roaming\uTorrent
2013-11-08 21:54 - 2012-12-21 06:46 - 00000000 ____D C:\Users\Zer0\AppData\Local\Spotify
2013-11-08 21:54 - 2012-12-21 06:45 - 00000000 ____D C:\Users\Zer0\AppData\Roaming\Spotify
2013-11-08 17:46 - 2011-05-18 19:51 - 00000000 ____D C:\Users\DefaultAppPool
2013-11-08 10:41 - 2013-11-09 16:08 - 00174968 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2013-11-08 05:56 - 2013-11-08 05:24 - 279399490 _____ C:\Users\Zer0\Downloads\The.Tomorrow.People.US.S01E05.HDTV.x264-LOL.mp4
2013-11-08 05:49 - 2013-11-08 05:24 - 259246346 _____ C:\Users\Zer0\Downloads\The.Tomorrow.People.US.S01E04.HDTV.x264-LOL.mp4
2013-11-08 05:48 - 2013-11-08 05:11 - 282521080 _____ C:\Users\Zer0\Downloads\The.Tomorrow.People.US.S01E03.HDTV.x264-LOL.mp4
2013-11-08 05:18 - 2013-11-08 04:59 - 271163068 _____ C:\Users\Zer0\Downloads\The.Tomorrow.People.US.S01E02.HDTV.x264-LOL.mp4
2013-11-08 04:47 - 2013-11-08 04:24 - 301646643 _____ C:\Users\Zer0\Downloads\The.Tomorrow.People.US.S01E01.HDTV.x264-LOL.mp4
2013-11-08 04:20 - 2013-11-08 04:20 - 11032296 _____ C:\Users\Zer0\Downloads\TTDL.2013.720p.BR.750MB-HPHD.rar.part
2013-11-05 14:54 - 2010-09-04 16:39 - 00000000 ____D C:\Users\Zer0
2013-11-02 20:47 - 2013-11-02 20:47 - 00001157 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-02 20:47 - 2013-10-01 08:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-02 19:56 - 2013-11-12 12:00 - 312958111 _____ C:\Users\Zer0\Desktop\atlantis.2013.s01e06.hdtv.x264-tla.mp4
2013-11-02 06:26 - 2013-11-10 20:25 - 786553176 _____ C:\Users\Zer0\Desktop\The.To.Do.List.2013.720p.BluRay.750MB.HPHD.mkv
2013-11-02 04:06 - 2013-03-13 18:20 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-11-01 17:28 - 2010-09-04 16:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-01 15:55 - 2013-11-01 15:28 - 00001205 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2013-11-01 15:28 - 2011-09-29 16:36 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-11-01 15:27 - 2012-12-01 00:02 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-11-01 14:40 - 2012-09-14 21:10 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-10-30 19:51 - 2010-09-04 17:48 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-30 19:50 - 2010-09-04 16:46 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-29 21:20 - 2013-10-29 21:20 - 00000000 ____D C:\Users\Zer0\AppData\Local\UWebKit
2013-10-26 16:29 - 2013-11-11 11:26 - 380193538 _____ C:\Users\Zer0\Desktop\Atlantis.2013.S01E05.HDTV.XviD-AFG.avi
2013-10-23 21:30 - 2013-11-01 17:23 - 30344480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-23 21:30 - 2013-11-01 17:23 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 01241376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-10-23 21:30 - 2013-11-01 17:23 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-10-23 21:30 - 2013-03-15 20:53 - 00023287 _____ C:\Windows\system32\nvinfo.pb
2013-10-23 21:30 - 2012-10-15 16:19 - 15212336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-10-23 21:30 - 2012-10-15 16:19 - 02695200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-10-23 21:30 - 2012-02-22 12:57 - 01435504 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-10-23 21:30 - 2010-07-10 06:38 - 18286416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-10-23 21:30 - 2010-03-17 12:07 - 03067560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-10-23 19:20 - 2012-02-22 12:59 - 03426956 _____ C:\Windows\system32\nvcoproc.bin
2013-10-23 19:20 - 2011-02-23 02:39 - 06669600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-10-23 19:20 - 2011-02-23 02:39 - 03489568 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-10-23 19:20 - 2011-02-23 02:38 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-10-23 19:20 - 2011-02-23 02:38 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-10-23 19:20 - 2010-03-16 22:50 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-10-23 15:47 - 2013-10-15 20:06 - 00000000 ____D C:\ProgramData\WarThunder
2013-10-23 15:26 - 2013-09-15 18:41 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2013-10-23 15:04 - 2013-10-15 20:06 - 00000000 ____D C:\Program Files (x86)\WarThunder
2013-10-23 13:24 - 2013-08-10 20:49 - 00000000 ____D C:\TERA
2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-10-23 00:11 - 2013-10-23 00:11 - 00000000 ____D C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AC3Filter
2013-10-23 00:11 - 2013-10-23 00:11 - 00000000 ____D C:\Program Files (x86)\AC3Filter
2013-10-23 00:00 - 2010-09-04 16:39 - 00000000 ___RD C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-22 21:29 - 2013-09-15 18:41 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-10-19 16:30 - 2013-10-18 17:21 - 00000000 ____D C:\Users\Zer0\Downloads\Toto - Falling In Between(2006)Remastered 2013
2013-10-19 15:38 - 2013-11-11 11:25 - 379118552 _____ C:\Users\Zer0\Desktop\Atlantis.2013.1x04.Twist.Of.Fate.HDTV.XviD-AFG.avi
2013-10-19 00:28 - 2013-10-19 00:06 - 569983472 _____ C:\Users\Zer0\Downloads\Strike.Back.S03E03.HDTV.x264-LOL.mp4
2013-10-18 16:37 - 2013-10-18 16:11 - 576908296 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E10.HDTV.XviD-FQM.avi
2013-10-18 16:32 - 2013-10-18 16:10 - 576898268 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E09.HDTV.XviD-FQM.avi
2013-10-18 15:36 - 2013-10-18 15:33 - 00000000 ____D C:\Users\Zer0\Downloads\iwin-MahJong Quest III -by ozgurd
2013-10-18 12:36 - 2013-10-30 19:50 - 01063200 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-18 12:36 - 2013-10-30 19:50 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-16 18:51 - 2013-10-14 22:17 - 576899134 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E07.HDTV.XviD-FQM.avi
2013-10-16 18:16 - 2013-10-16 17:58 - 366955670 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E08.HDTV.XviD-ASAP.avi
2013-10-16 16:30 - 2011-11-22 06:08 - 00000000 ____D C:\Users\Zer0\AppData\Roaming\Windows Live Writer
2013-10-16 11:48 - 2013-10-23 15:50 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll
2013-10-16 11:48 - 2013-10-23 15:50 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll
2013-10-15 21:35 - 2013-10-14 22:17 - 575172218 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E06.HDTV.XviD-LOL.avi
2013-10-15 20:06 - 2013-10-15 20:06 - 00001107 _____ C:\Users\Public\Desktop\WarThunder.lnk
2013-10-15 20:06 - 2013-10-15 20:06 - 00000000 ____D C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2013-10-15 20:06 - 2013-10-15 20:06 - 00000000 ____D C:\Users\Zer0\AppData\Local\WarThunder
2013-10-15 20:06 - 2010-09-23 21:53 - 00000000 ____D C:\Users\Zer0\Documents\My Games
2013-10-15 19:12 - 2013-10-14 22:17 - 577246604 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E05.HDTV.XviD-FQM.avi
2013-10-15 18:30 - 2013-10-14 22:17 - 576246262 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E04.HDTV.XviD-LOL.avi
2013-10-14 22:57 - 2013-10-14 22:18 - 576323696 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E03.HDTV.XviD-LOL.avi
2013-10-14 19:47 - 2013-10-14 18:47 - 576089160 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E02.HDTV.XviD-LOL.avi
2013-10-14 19:19 - 2013-10-14 18:47 - 576338328 _____ C:\Users\Zer0\Downloads\Strike.Back.S02E01.HDTV.XviD-LOL.avi
2013-10-14 17:32 - 2013-11-11 11:25 - 388571140 _____ C:\Users\Zer0\Desktop\Atlantis.2013.1x03.The.Boy.Must.Die.HDTV.XviD-AFG.avi
2013-10-14 14:01 - 2013-10-14 13:46 - 364892160 _____ C:\Users\Zer0\Downloads\Strike.Back.S01E06.HDTV.XviD-BiA.avi
2013-10-14 11:27 - 2013-10-14 00:03 - 00000000 ____D C:\Users\Zer0\Downloads\CODE HUNTER [2002][AC3][DVDRip]-FLAWL3SS

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Zer0\jagex_cl_runescape_LIVE.dat
C:\Users\Zer0\random.dat

Some content of TEMP:
====================
C:\Users\Zer0\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Zer0\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-11 08:57

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01
Ran by Zer0 at 2013-11-12 13:06:41
Running from C:\Users\Zer0\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (x32 Version: 2.0.4)
AC3Filter (remove only) (x32)
Adobe AIR (x32 Version: 3.2.0.2070)
Adobe Community Help (x32 Version: 3.4.980)
Adobe Download Assistant (x32 Version: 1.0.6)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
Alcatel SpeedTouch USB Software (x32)
AMIP for foobar2000 (remove only) (x32)
Any Video Converter 3.5.8 (x32)
APB Reloaded (x32)
Apple Application Support (x32 Version: 2.3)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (x32 Version: 2.1.3.127)
Arma 3 (x32)
Audacity 1.2.6 (x32)
Audacity 1.3.12 (Unicode) (x32)
AV Voice Changer Software DIAMOND 7.0 (x32 Version: 7.0.29)
AVS Screen Capture version 2.0.1 (x32)
AVS Update Manager 1.0 (x32)
AVS Video Editor 6 (x32)
AVS Video Recorder 2.4 (x32)
AVS4YOU Software Navigator 1.4 (x32)
Battlefield 3™ (x32 Version: 1.6.0.0)
Battlefield 4™ (x32 Version: 1.0.0.0)
Battlelog Web Plugins (x32 Version: 2.3.0)
Bejeweled 3 (x32 Version: 1.0.8.6128)
BigPond Broadband ADSL (x32 Version: 11.0)
Bonjour (Version: 3.0.0.10)
Call of Duty® 4 - Modern Warfare™ 1.1 Patch (x32)
Call of Duty® 4 - Modern Warfare™ 1.2 Patch (x32)
Call of Duty® 4 - Modern Warfare™ 1.3 Patch (x32)
Call of Duty® 4 - Modern Warfare™ 1.4 Patch (x32)
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch (x32)
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (x32)
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (x32)
CameraHelperMsi (x32 Version: 13.25.1010.0)
CCleaner (Version: 3.16)
ConvertXtoDVD 4.1.2.336 (x32 Version: 4.1.2.336)
Counter-Strike: Source (x32)
Counter-Strike: Source Beta (x32)
Creatures of Darkness (x32 Version: 3.3.0)
Curse Client (HKCU Version: 4.0.1.260)
D3DX10 (x32 Version: 15.4.2368.0902)
Deep Space Voices (x32 Version: 3.3.1)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DivX Setup (x32 Version: 2.6.1.41)
erLT (x32 Version: 1.20.138.34)
ESET Online Scanner v3 (x32)
EVGA Precision X 4.1.0 (x32 Version: 4.1.0)
Fable III (x32 Version: 1.0.0001.131)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Fantasy Voice Pack (x32 Version: 1.3.0)
Far Cry® 3 (x32)
Female Voice Pack (x32 Version: 3.3.2)
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2)
FlashFXP v4.2 (x32 Version: 4.2.3.1771)
foobar2000 v1.1.14a (x32 Version: 1.1.14a)
FORCED (x32)
Fraps (remove only) (x32)
Furry Voices for Second Life (x32 Version: 1.3.0)
Galactic Voices (x32 Version: 1.3.0)
Garry's Mod (x32)
GeForce Experience NvStream Client Components (Version: 1.6.28)
GoldWave v5.58 (x32)
Google Chrome (x32 Version: 30.0.1599.101)
Google Maps Radar - Made by OVPD Badge 169 (x32)
Google Update Helper (x32 Version: 1.3.21.165)
Grand Theft Auto IV (x32)
Half-Life Dedicated Server Update Tool (x32)
HashTab 4.0.0.2 (Version: 4.0.0.2)
HLSW v1.4.0.2 (x32)
ImgBurn (x32 Version: 2.5.5.0)
IMVU Avatar Chat Software (HKCU)
Internet Download Manager (x32)
Internet Explorer (x32)
iTunes (Version: 10.6.1.7)
Joystix Pro (x32 Version: 2.0.0.0)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LAME v3.98.3 for Audacity (x32)
League of Legends (x32 Version: 1.3)
LockHunter 2.0 beta 2, 64 bit
Logitech GamePanel Software 3.06.109 (Version: 3.06.109)
Logitech Webcam Software (x32 Version: 2.0)
LOLReplay (x32 Version: 0.8.1.4)
LWS Facebook (x32 Version: 13.20.1166.0)
LWS Gallery (x32 Version: 13.20.1166.0)
LWS Help_main (x32 Version: 13.25.1016.0)
LWS Launcher (x32 Version: 13.20.1166.0)
LWS Motion Detection (x32 Version: 13.20.1176.0)
LWS Pictures And Video (x32 Version: 13.25.1010.0)
LWS Twitter (x32 Version: 13.20.1166.0)
LWS Video Mask Maker (x32 Version: 13.10.1216.0)
LWS VideoEffects (Version: 13.25.1005.0)
LWS Webcam Software (x32 Version: 13.20.1168.0)
LWS WLM Plugin (x32 Version: 1.20.1166.0)
LWS YouTube Plugin (x32 Version: 13.20.1166.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Max Payne 3 (x32)
Microsoft .NET Framework 2.0 SDK - ENU (x32 Version: 2.0.50727)
Microsoft .NET Framework 2.0 SDK - ENU (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Text-to-Speech Engine 4.0 (English) (x32)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010 Express - ENU (x32 Version: 10.0.30319)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.30319)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
MKVToolNix 5.9.0 (x32 Version: 5.9.0)
Mozilla Firefox 25.0 (x86 en-US) (x32 Version: 25.0)
MSI Afterburner 3.0.0 Beta 14 (x32 Version: 3.0.0 Beta 14)
MSI GamingApp (x32 Version: 1.0.0.5)
MSI Kombustor 2.5.2 (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSVCRT Redists (x32 Version: 1.0)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Mumble 1.2.3 (x32 Version: 1.2.3)
Natural Selection 2 (x32)
NCsoft Launcher (x32 Version: 1.5.6001)
Nero 9.0.9.4 Lite (x32 Version: 9.0.9.4)
NETGEAR WNA3100 wireless USB 2.0 adapter (x32 Version: 1.01.206)
Nexon Game Manager (x32)
No-IP DUC (x32 Version: 3.0.4)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19)
NVIDIA 3D Vision Controller Driver 331.65 (Version: 331.65)
NVIDIA 3D Vision Driver 331.65 (Version: 331.65)
NVIDIA Control Panel 331.65 (Version: 331.65)
NVIDIA GeForce Experience 1.7 (Version: 1.7)
NVIDIA Graphics Driver 331.65 (Version: 331.65)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.140.952)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA ShadowPlay 9.3.16 (Version: 9.3.16)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165)
NVIDIA Update 9.3.16 (Version: 9.3.16)
NVIDIA Update Components (Version: 9.3.16)
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9)
Open Broadcaster Software (x32)
OpenAL (x32)
Origin (x32 Version: 9.1.11.2678)
Paint.NET v3.5.10 (Version: 3.60.0)
Path of Exile (x32)
PAYDAY 2 (x32)
Personality Voices (x32 Version: 1.0.0)
PFConfig 1.0.296 (x32 Version: 1.0.296)
PFPortChecker 1.0.39 (x32 Version: 1.0.39)
Portforward Static IP Address 1.0.47 (x32 Version: 1.0.47)
PunkBuster Services (x32 Version: 0.993)
PVSonyDll (Version: 1.00.0001)
QuickTime (x32 Version: 7.73.80.64)
RaidCall (x32 Version: 7.2.4-1.0.7299.14)
Real Alternative 2.0.2 (x32 Version: 2.0.2)
Realtek Ethernet Controller Driver (x32 Version: 1.00.0008)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5919)
RivaTuner Statistics Server 5.3.0 (x32 Version: 5.3.0)
Rockstar Games Social Club (x32 Version: 1.1.0.6)
Sandboxie 3.68 (64-bit) (Version: 3.68)
Sci-Fi Voice Pack (x32 Version: 1.3.1)
ScreenSnapr version 4.0.0.2 (x32 Version: 4.0.0.2)
SecurityKISS Tunnel v0.2.2
SHIELD Streaming (Version: 1.6.34)
SimCity™ (x32 Version: 1.0.0.0)
Skype™ 6.2 (x32 Version: 6.2.106)
Sleeping Dogs™ (x32)
Smart Technology Programming Software 7.0.23.0 (Version: 7.0.23.0)
Smoothping Elite (x32 Version: 2.2.0.1)
SolarWinds Real-time NetFlow Analyzer (HKCU Version: 10.6.1)
SolarWinds Real-time NetFlow Analyzer (x32 Version: 10.6.1)
Source SDK (x32)
Source SDK Base 2006 (x32)
Spotify (HKCU Version: 0.8.5.1333.g822e0de8)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
System Requirements Lab (x32)
System Requirements Lab CYRI (x32 Version: 4.4.21.0)
TeamSpeak 3 Client (Version: 3.0.13.1)
TeamSpeak 3 Client (x32 Version: 3.0.9.2)
TeamViewer 8 (x32 Version: 8.0.19045)
The Binding of Isaac (x32)
Tom Clancy`s Splinter Cell® Blacklist™ (x32 Version: 1.01)
Tom Clancy's Splinter Cell® Blacklist™ (x32 Version: 1.01)
Torchlight II (x32)
Translator Fun Voice Pack (x32 Version: 1.5.1)
Tunngle beta (x32)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
Uplay (x32 Version: 2.0)
v0.2.2
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Vegas Pro 12.0 (64-bit) (Version: 12.0.367)
Ventrilo Client for Windows x64 (Version: 3.0.5.0)
Virtual Audio Cable 4.10
VLC media player 1.1.4 (x32 Version: 1.1.4)
VTFEdit 1.2.5 (x32)
VTFEdit 1.3.3
War Thunder Launcher 1.0.1.278 (x32)
Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101) (Version: 09/25/2008 3.1.0.101)
Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006) (Version: 12/01/2006 6.1258.1201.2006)
Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0) (Version: 02/15/2007 2.0.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR archiver
World of Warcraft (x32 Version: 4.3.4.15595)
Xiph.Org Open Codecs 0.85.17777 (x32 Version: 0.85.17777)
XSplit (x32 Version: 1.2.1303.0101)
Yahoo! Software Update (x32)
Yahoo!7 Messenger (x32)
Yahoo!7 Toolbar (x32)

==================== Restore Points =========================

07-11-2013 11:18:36 Removed LogMeIn Hamachi
08-11-2013 06:28:23 Windows Update
09-11-2013 16:08:09 Windows Update
10-11-2013 14:12:51 Windows Modules Installer
10-11-2013 14:19:25 Software Distribution Service 3.0
10-11-2013 15:49:23 Software Distribution Service 3.0
10-11-2013 17:49:41 Software Distribution Service 3.0
10-11-2013 18:19:55 Software Distribution Service 3.0
10-11-2013 19:04:08 Software Distribution Service 3.0
10-11-2013 21:15:07 Software Distribution Service 3.0

==================== Hosts content: ==========================

2009-07-14 13:34 - 2012-10-20 23:26 - 00000325 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 novirusthanks.org
127.0.0.1 94.23.68.174
127.0.0.1 vscan.novirusthanks.org
127.0.0.1 www.vscan.novirusthanks.org
127.0.0.1 188.165.234.50
127.0.0.1 38.101.213.249
119.42.146.34 www.warez-bb.org
119.42.146.34 warez-bb.org
119.42.146.36 www.warez-bb.org
119.42.146.36 warez-bb.org

==================== Scheduled Tasks (whitelisted) =============

Task: {3797B773-2167-4988-8F7B-32F21B0D15F4} - System32\Tasks\{E95F1984-E9F4-46ED-93B4-5818A4018D16} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {3D7CBBC4-1E1F-43A5-A94D-86E77D7C4772} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3687147164-1298252514-2334443246-1000Core => C:\Users\Zer0\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-16] (Facebook Inc.)
Task: {6488510B-FD1D-4149-BD37-7BEA27AC2072} - System32\Tasks\{ED8C019C-6F9D-4B69-8714-6A726D5F34EA} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {69CC9C0D-7708-452D-B211-DF3AB0654EC3} - System32\Tasks\{3B36327A-2EF7-2E0A-3E55-08186775483F} => C:\Users\Zer0\AppData\Roaming\.minecraft\bin\backup\xmzzdgi.exe
Task: {793C6C67-2AF1-48DD-9801-66FFE1CA548D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {796053B4-9AAD-485F-879D-EC74DB80A61A} - System32\Tasks\{5DDADFFF-9BA7-48E2-A2B6-4BC021FDC6C5} => Iexplore.exe http://ui.skype.com/...led;madedefault
Task: {79AA5B3E-B26D-43CD-BD68-2A043E2C4273} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8270840D-A130-4F00-9A08-BDB4152D6D08} - System32\Tasks\{B108F9AB-5529-4306-BA53-59BA00A81726} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-02-07] (Skype Technologies S.A.)
Task: {8D087215-7BEF-4794-BB61-B8AD5137351E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3687147164-1298252514-2334443246-1000UA => C:\Users\Zer0\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-16] (Facebook Inc.)
Task: {C76BBB95-D78A-4700-9AE6-65EE71BD72E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28] (Google Inc.)
Task: {E2488AD6-8BB7-42DE-9E11-0158646B39C9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E56EE6BB-DD7B-42BA-A310-4876E002E12F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-28] (Google Inc.)
Task: {E94D857F-B158-47A2-A297-47DECA5ABFD9} - System32\Tasks\{CA86B1F2-2FF6-4D8F-BF32-57EFE0D4AF84} => C:\Program Files (x86)\RaidCall\raidcall.exe [2013-08-27] (RAIDCALL.COM)
Task: {EFC05F52-4206-412E-9770-6B5B1CCA2E93} - System32\Tasks\{9D8E66A5-6286-4E40-B336-BAAB2D4343DF} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {F5A023C1-3799-44A1-AD68-136CF6E5946E} - System32\Tasks\{84867A06-259D-4637-9811-AE71B32E7642} => C:\Program Files (x86)\RaidCall\raidcall.exe [2013-08-27] (RAIDCALL.COM)
Task: {FDB40931-8E47-449B-9C81-133C5C39A39D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3687147164-1298252514-2334443246-1000Core.job => C:\Users\Zer0\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3687147164-1298252514-2334443246-1000UA.job => C:\Users\Zer0\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-03 01:42 - 2010-01-03 01:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-07 18:35 - 2010-05-07 18:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 18:35 - 2010-05-07 18:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 18:36 - 2010-05-07 18:36 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 18:37 - 2010-05-07 18:37 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 18:37 - 2010-05-07 18:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-07-31 17:54 - 2010-10-28 12:37 - 00368640 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2013-09-10 11:30 - 2013-11-09 15:31 - 00124928 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.191\deploy\RiotLauncher.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-10-09 15:13 - 2013-07-12 01:50 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.56\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2012-04-30 18:55 - 2012-04-30 18:55 - 08358400 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
2012-04-30 18:55 - 2012-04-30 18:55 - 00151040 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
2012-04-30 18:55 - 2012-04-30 18:55 - 01152512 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
2012-04-30 18:55 - 2012-04-30 18:55 - 00333824 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
2012-04-30 18:55 - 2012-04-30 18:55 - 00026112 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00101376 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 02263552 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00047104 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00067072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirectx_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00210944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 02153984 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00046592 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00033792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00090112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00231424 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00039424 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libfilesystem_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00034304 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00078848 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00031232 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00108032 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libplaylist_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 01199104 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libtaglib_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00336384 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\liblua_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 01141248 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libxml_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00046592 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00033792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00194048 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libmp4_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 11043840 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00037376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00034304 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00237568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00768512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00265216 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libflac_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 01711616 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00130048 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 01761280 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibass_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00045568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00033280 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00039424 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00309760 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libfaad_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00367616 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00037888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00035840 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00036352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00258048 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 07124992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libavcodec_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 01760256 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libfreetype_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00048640 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00039936 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00243200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libswscale_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00046080 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00135680 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00037888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00073728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00036352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00040448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00052224 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00032768 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00038400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00032768 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_i420_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00031744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libscale_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00031232 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuvp_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00038912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00061440 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirect3d_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00031232 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdrawable_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00128000 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00178176 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00065536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00047104 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00032768 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00032256 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00033792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00030720 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00032256 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00031232 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00038912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libmono_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00032256 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libtrivial_channel_mixer_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00041472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudio_format_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00031744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll
2010-08-27 10:34 - 2010-08-27 10:34 - 00057344 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\libblend_plugin.dll
2013-11-02 20:47 - 2013-10-26 12:53 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:073341D1
AlternateDataStreams: C:\ProgramData\TEMP:F2096E4C

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmoothPingProxy => ""="service"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2012-04-14 23:51:19.236
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Zer0\Desktop\Rhc1\53e102a4.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-04-14 23:51:19.195
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Zer0\Desktop\Rhc1\53e102a4.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-04-14 23:51:18.152
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Zer0\Desktop\Rhc1\53e102a4.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-04-14 23:51:18.111
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Zer0\Desktop\Rhc1\53e102a4.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-04-14 23:51:17.067
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Zer0\Desktop\Rhc1\53e102a4.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-04-14 23:51:17.026
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Zer0\Desktop\Rhc1\53e102a4.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-04-14 23:51:15.983
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Zer0\Desktop\Rhc1\53e102a4.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-04-14 23:51:15.943
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Zer0\Desktop\Rhc1\53e102a4.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-04-14 23:51:14.900
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Zer0\Desktop\Rhc1\53e102a4.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-04-14 23:51:14.858
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Zer0\Desktop\Rhc1\53e102a4.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 6135.18 MB
Available physical RAM: 3245.19 MB
Total Pagefile: 12268.54 MB
Available Pagefile: 9247.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1397.17 GB) (Free:673.53 GB) NTFS
Drive f: (Elements) (Fixed) (Total:1863.01 GB) (Free:1002.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: BD85911E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-698828718080) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000C15B5)
Partition 1: (Not Active) - (Size=-198627557376) - (Type=07 NTFS)

==================== End Of Log ============================

OTL logfile created on: 12/11/2013 1:10:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zer0\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

5.99 Gb Total Physical Memory | 3.17 Gb Available Physical Memory | 52.90% Memory free
11.98 Gb Paging File | 9.02 Gb Available in Paging File | 75.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 673.53 Gb Free Space | 48.21% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1002.08 Gb Free Space | 53.79% Space Free | Partition Type: NTFS

Computer Name: ZER0-PC | User Name: Zer0 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/12 13:09:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zer0\Desktop\OTL.exe
PRC - [2013/11/09 17:52:21 | 003,825,232 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2013/11/09 15:31:37 | 004,089,696 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.191\deploy\LoLLauncher.exe
PRC - [2013/11/07 22:17:30 | 000,269,848 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2013/11/01 15:27:41 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/10/26 12:53:21 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/23 03:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/10/18 12:35:01 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/10/18 12:34:28 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/10/09 15:21:39 | 000,074,752 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.56\deploy\LolClient.exe
PRC - [2013/06/13 20:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/06/05 02:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Zer0\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/05/10 18:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 03:15:37 | 002,297,856 | ---- | M] (SmoothPing) -- C:\Program Files (x86)\Smoothping Elite\SmoothPingProxy.exe
PRC - [2012/08/15 17:32:55 | 001,302,528 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2011/04/01 16:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/02 00:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/11/20 23:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/08/27 10:34:22 | 000,107,008 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
PRC - [2010/08/26 18:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2008/11/10 07:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2013/11/09 15:31:38 | 000,124,928 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.191\deploy\RiotLauncher.dll
MOD - [2013/11/09 15:31:37 | 004,089,696 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.191\deploy\LoLLauncher.exe
MOD - [2013/10/26 12:53:40 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/09 15:21:39 | 000,074,752 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.56\deploy\LolClient.exe
MOD - [2013/07/12 01:50:17 | 004,774,248 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.56\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2012/08/15 17:32:55 | 001,302,528 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2012/04/30 18:55:48 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
MOD - [2012/04/30 18:55:45 | 008,358,400 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
MOD - [2012/04/30 18:55:45 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
MOD - [2012/04/30 18:55:45 | 000,333,824 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
MOD - [2012/04/30 18:55:45 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/08/27 10:34:36 | 001,711,616 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll
MOD - [2010/08/27 10:34:36 | 001,141,248 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libxml_plugin.dll
MOD - [2010/08/27 10:34:36 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll
MOD - [2010/08/27 10:34:36 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll
MOD - [2010/08/27 10:34:36 | 000,040,448 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll
MOD - [2010/08/27 10:34:36 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll
MOD - [2010/08/27 10:34:36 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll
MOD - [2010/08/27 10:34:36 | 000,031,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuvp_plugin.dll
MOD - [2010/08/27 10:34:36 | 000,031,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
MOD - [2010/08/27 10:34:34 | 001,199,104 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libtaglib_plugin.dll
MOD - [2010/08/27 10:34:34 | 000,367,616 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll
MOD - [2010/08/27 10:34:34 | 000,243,200 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libswscale_plugin.dll
MOD - [2010/08/27 10:34:34 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libtrivial_channel_mixer_plugin.dll
MOD - [2010/08/27 10:34:32 | 011,043,840 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll
MOD - [2010/08/27 10:34:32 | 002,153,984 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll
MOD - [2010/08/27 10:34:32 | 000,768,512 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
MOD - [2010/08/27 10:34:32 | 000,130,048 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll
MOD - [2010/08/27 10:34:32 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll
MOD - [2010/08/27 10:34:32 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
MOD - [2010/08/27 10:34:32 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
MOD - [2010/08/27 10:34:32 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libscale_plugin.dll
MOD - [2010/08/27 10:34:32 | 000,031,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
MOD - [2010/08/27 10:34:30 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll
MOD - [2010/08/27 10:34:30 | 000,194,048 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmp4_plugin.dll
MOD - [2010/08/27 10:34:30 | 000,128,000 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
MOD - [2010/08/27 10:34:30 | 000,108,032 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libplaylist_plugin.dll
MOD - [2010/08/27 10:34:30 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmono_plugin.dll
MOD - [2010/08/27 10:34:30 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
MOD - [2010/08/27 10:34:28 | 001,761,280 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibass_plugin.dll
MOD - [2010/08/27 10:34:28 | 001,760,256 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfreetype_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,336,384 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblua_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,265,216 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libflac_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,135,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfilesystem_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_i420_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll
MOD - [2010/08/27 10:34:28 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
MOD - [2010/08/27 10:34:26 | 000,309,760 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfaad_plugin.dll
MOD - [2010/08/27 10:34:26 | 000,037,376 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll
MOD - [2010/08/27 10:34:24 | 000,231,424 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
MOD - [2010/08/27 10:34:24 | 000,210,944 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll
MOD - [2010/08/27 10:34:24 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
MOD - [2010/08/27 10:34:24 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirectx_plugin.dll
MOD - [2010/08/27 10:34:24 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirect3d_plugin.dll
MOD - [2010/08/27 10:34:24 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libblend_plugin.dll
MOD - [2010/08/27 10:34:24 | 000,047,104 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll
MOD - [2010/08/27 10:34:24 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll
MOD - [2010/08/27 10:34:24 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll
MOD - [2010/08/27 10:34:24 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll
MOD - [2010/08/27 10:34:24 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
MOD - [2010/08/27 10:34:24 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
MOD - [2010/08/27 10:34:24 | 000,031,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdrawable_plugin.dll
MOD - [2010/08/27 10:34:22 | 007,124,992 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libavcodec_plugin.dll
MOD - [2010/08/27 10:34:22 | 002,263,552 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
MOD - [2010/08/27 10:34:22 | 000,107,008 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
MOD - [2010/08/27 10:34:22 | 000,101,376 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
MOD - [2010/08/27 10:34:22 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
MOD - [2010/08/27 10:34:22 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
MOD - [2010/08/27 10:34:22 | 000,047,104 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
MOD - [2010/08/27 10:34:22 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll
MOD - [2010/08/27 10:34:22 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudio_format_plugin.dll
MOD - [2010/08/27 10:34:22 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52_plugin.dll
MOD - [2010/08/27 10:34:22 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll
MOD - [2010/08/27 10:34:22 | 000,030,720 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/10/18 12:35:51 | 015,122,208 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 16:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/10 21:17:16 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2009/07/14 12:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV - [2013/11/01 15:27:41 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/10/31 06:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/23 03:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/10/18 12:34:28 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/09 08:36:53 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/14 23:23:55 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/08/16 18:37:02 | 000,757,144 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013/07/02 10:14:56 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013/06/13 20:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/05/10 18:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 03:15:37 | 002,297,856 | ---- | M] (SmoothPing) [Auto | Running] -- C:\Program Files (x86)\Smoothping Elite\SmoothPingProxy.exe -- (SmoothPingProxy)
SRV - [2013/02/07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/04/01 16:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/01/13 04:15:37 | 004,266,480 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/11/20 23:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 23:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 23:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/08/26 18:48:00 | 000,285,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/10 07:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/08 10:41:38 | 000,174,968 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2013/09/28 10:01:44 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/08/13 10:10:26 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/06/18 22:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/16 23:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/10/15 14:31:32 | 000,052,200 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2012/10/15 14:31:32 | 000,024,680 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2012/09/20 14:45:36 | 000,047,168 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiU0CCF.sys -- (SaiU0CCF)
DRV:64bit: - [2012/09/20 14:45:34 | 000,180,544 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0ccf.sys -- (SaiK0ccf)
DRV:64bit: - [2012/08/24 01:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/24 01:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/10 21:17:14 | 000,164,528 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/03/01 17:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/03 13:24:08 | 000,077,352 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2011/07/01 10:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/01 16:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2011/04/01 16:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/03/11 17:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 17:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 00:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/17 16:49:45 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/01 16:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 18:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/09 13:38:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/03/18 19:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/12/26 13:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV:64bit: - [2007/01/19 19:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2013/08/16 14:51:52 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 13 38 5B 6E AF CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com.au/"
FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.64
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Zer0\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Zer0\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/17 01:39:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/01 08:38:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/01 08:38:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Zer0\AppData\Roaming\IDM\idmmzcc5 [2013/11/11 02:37:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Zer0\AppData\Roaming\IDM\idmmzcc5 [2013/11/11 02:37:05 | 000,000,000 | ---D | M]

[2010/09/11 13:36:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zer0\AppData\Roaming\Mozilla\Extensions
[2010/09/11 13:36:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zer0\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/10/26 18:41:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zer0\AppData\Roaming\Mozilla\Firefox\Profiles\yuohtlfh.default-1379735746604\extensions
[2013/11/02 20:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/01 08:38:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/02 20:47:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/02 20:47:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/11 02:37:05 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\ZER0\APPDATA\ROAMING\IDM\IDMMZCC5

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com

O1 HOSTS File: ([2012/10/20 23:26:19 | 000,000,325 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 novirusthanks.org
O1 - Hosts: 127.0.0.1 94.23.68.174
O1 - Hosts: 127.0.0.1 vscan.novirusthanks.org
O1 - Hosts: 127.0.0.1 www.vscan.novirusthanks.org
O1 - Hosts: 127.0.0.1 188.165.234.50
O1 - Hosts: 127.0.0.1 38.101.213.249
O1 - Hosts: 119.42.146.34 www.warez-bb.org
O1 - Hosts: 119.42.146.34 warez-bb.org
O1 - Hosts: 119.42.146.36 www.warez-bb.org
O1 - Hosts: 119.42.146.36 warez-bb.org
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Zer0\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\SmoothPingProxy64.dll (SmoothPing)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\SmoothPingProxy64.dll (SmoothPing)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\SmoothPingProxy64.dll (SmoothPing)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\SmoothPingProxy64.dll (SmoothPing)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\SmoothPingProxy64.dll (SmoothPing)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\SmoothPingProxy.dll (SmoothPing)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\SmoothPingProxy.dll (SmoothPing)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\SmoothPingProxy.dll (SmoothPing)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\SmoothPingProxy.dll (SmoothPing)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\SmoothPingProxy.dll (SmoothPing)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: battlefield.com ([battlelog] https in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: cumshotsurprise.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: safelinking.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09422DDC-6800-45E3-9216-B5095F00AEB7}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09422DDC-6800-45E3-9216-B5095F00AEB7}: NameServer = 8.8.8.8,8.8.8.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/15 20:48:58 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O33 - MountPoints2\{fe28be3b-318c-11e0-8da5-001fbc028851}\Shell - "" = AutoRun
O33 - MountPoints2\{fe28be3b-318c-11e0-8da5-001fbc028851}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe - (LOL Replay)
MsConfig:64bit - StartUpReg: Adobe CSS5.1 Manager - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - C:\Users\Zer0\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig:64bit - StartUpReg: FileServe Manager Task - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: HTV Agent - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: librtexec - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: OfficeSyncProcess - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
MsConfig:64bit - StartUpReg: ooVoo.exe - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: ProfilerU - hkey= - key= - C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SpeedTouch USB Diagnostics - hkey= - key= - C:\Program Files (x86)\Alcatel\SpeedTouch USB\Dragdiag.exe (THOMSON multimedia)
MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Zer0\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmoothPingProxy - C:\Program Files (x86)\Smoothping Elite\SmoothPingProxy.exe (SmoothPing)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: VIDC.RTV1 - rtvcvfw64.dll ()
Drivers32: msacm.ac3filter - ac3filter.acm File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\LVCodec2.dll (Logitech Inc.)
Drivers32: VIDC.RTV1 - C:\Windows\SysWow64\rtvcvfw32.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

#4
nytmare

Posted 11 November 2013 - 08:39 PM

Member

Topic Starter
Member
14 posts

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/12 13:09:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zer0\Desktop\OTL.exe
[2013/11/12 13:05:02 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/12 12:56:11 | 001,957,590 | ---- | C] (Farbar) -- C:\Users\Zer0\Desktop\FRST64.exe
[2013/11/12 12:55:21 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/12 12:54:12 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Zer0\Desktop\JRT.exe
[2013/11/12 09:02:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/11 02:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/11/11 02:36:35 | 000,000,000 | ---D | C] -- C:\Users\Zer0\AppData\Roaming\IDM
[2013/11/11 02:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
[2013/11/11 02:36:24 | 000,000,000 | ---D | C] -- C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/11/11 02:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/11/11 02:36:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2013/11/11 01:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/11/11 01:36:41 | 000,000,000 | ---D | C] -- C:\Users\Zer0\AppData\Local\CrashDumps
[2013/11/11 01:22:04 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/11 01:22:04 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/11 01:22:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/11 01:22:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/11 01:22:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/11 01:22:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/11 01:22:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/11 01:21:59 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/11 01:21:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/11 01:21:57 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/11 01:21:57 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/11 01:21:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/11 01:21:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/11 01:21:56 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/11 01:21:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/10 22:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\c8865564-28bf-4d35-8039-1f4e8b199063
[2013/11/10 22:11:09 | 000,000,000 | ---D | C] -- C:\MyBootCD
[2013/11/10 03:00:28 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/11/10 03:00:27 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/11/10 03:00:27 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/11/10 03:00:26 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/11/10 03:00:26 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/11/10 03:00:25 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/11/10 03:00:23 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/11/10 03:00:23 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/11/10 03:00:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/11/10 03:00:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/11/10 03:00:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/11/10 03:00:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/11/10 03:00:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/11/10 03:00:11 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/11/10 03:00:10 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/11/10 03:00:10 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/11/10 03:00:08 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/11/10 03:00:08 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/11/10 03:00:08 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/11/10 03:00:08 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/11/10 03:00:08 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/11/10 03:00:08 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/11/10 03:00:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/11/10 03:00:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/11/10 02:59:55 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/11/10 02:59:55 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/11/10 02:59:48 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/11/10 02:57:53 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/11/10 02:56:23 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/11/10 02:56:23 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/11/09 16:08:40 | 000,174,968 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2013/11/01 17:23:27 | 030,344,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/11/01 17:23:27 | 022,933,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/11/01 17:23:27 | 018,199,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/11/01 17:23:27 | 015,855,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/11/01 17:23:27 | 011,374,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/11/01 17:23:27 | 009,480,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/11/01 17:23:27 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433165.dll
[2013/11/01 17:23:27 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433165.dll
[2013/11/01 17:23:27 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco64.dll
[2013/11/01 17:23:27 | 001,241,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013/11/01 17:23:27 | 000,696,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013/11/01 17:23:27 | 000,655,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013/11/01 17:23:27 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013/11/01 17:23:27 | 000,560,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013/11/01 17:23:27 | 000,479,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2013/11/01 17:23:27 | 000,405,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2013/11/01 17:23:27 | 000,317,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013/11/01 17:23:27 | 000,266,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013/11/01 17:23:27 | 000,168,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013/11/01 17:23:27 | 000,141,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013/11/01 17:23:26 | 025,257,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/11/01 17:23:26 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/11/01 17:23:26 | 011,426,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/11/01 17:23:26 | 009,524,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/11/01 17:23:26 | 003,131,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/11/01 17:23:26 | 003,124,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/11/01 17:23:26 | 002,946,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/11/01 17:23:26 | 002,747,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/11/01 15:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
[2013/10/30 19:50:59 | 001,063,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2013/10/30 19:50:59 | 000,955,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2013/10/30 19:49:26 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2013/10/30 19:49:26 | 000,028,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2013/10/29 21:20:35 | 000,000,000 | ---D | C] -- C:\Users\Zer0\AppData\Local\UWebKit
[2013/10/23 15:50:41 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433158.dll
[2013/10/23 15:50:41 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433158.dll
[2013/10/23 03:02:36 | 000,589,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013/10/23 00:11:41 | 000,000,000 | ---D | C] -- C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AC3Filter
[2013/10/23 00:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
[2013/10/23 00:11:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
[2013/10/15 20:06:55 | 000,000,000 | ---D | C] -- C:\Users\Zer0\AppData\Local\WarThunder
[2013/10/15 20:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder
[2013/10/15 20:06:46 | 000,000,000 | ---D | C] -- C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
[2013/10/15 20:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WarThunder
[2010/10/04 22:38:40 | 000,730,480 | ---- | C] (Electronic Arts) -- C:\Program Files (x86)\Setup.exe
[2010/10/04 22:38:38 | 000,726,384 | ---- | C] (Electronic Arts) -- C:\Program Files (x86)\AutoRun.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[11 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/12 13:09:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zer0\Desktop\OTL.exe
[2013/11/12 13:01:41 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/12 12:56:23 | 001,957,590 | ---- | M] (Farbar) -- C:\Users\Zer0\Desktop\FRST64.exe
[2013/11/12 12:54:19 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Zer0\Desktop\JRT.exe
[2013/11/12 12:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/12 12:30:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3687147164-1298252514-2334443246-1000UA.job
[2013/11/12 10:35:58 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/12 10:35:58 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/12 10:25:40 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/12 10:24:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/12 10:23:38 | 529,932,287 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/12 09:02:55 | 001,085,542 | ---- | M] () -- C:\Users\Zer0\Desktop\AdwCleaner_2.exe
[2013/11/12 08:03:40 | 000,061,440 | ---- | M] ( ) -- C:\Users\Zer0\Desktop\VEW.exe
[2013/11/12 07:18:23 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3687147164-1298252514-2334443246-1000Core.job
[2013/11/11 22:13:57 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/11/11 22:01:54 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/11/11 02:04:04 | 004,972,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/11 01:10:20 | 000,235,143 | -HS- | M] () -- C:\ProgramData\8d9221f8-e7a0-45a5-9c38-fd27fa08bbc7
[2013/11/10 22:12:28 | 000,000,683 | -HS- | M] () -- C:\ProgramData\62f33931-3f95-403b-bd84-bc136fa2417d
[2013/11/10 20:52:17 | 000,830,554 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/10 20:52:17 | 000,200,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/10 20:52:17 | 000,006,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/10 04:26:30 | 000,002,064 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/11/10 03:11:07 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/09 14:31:10 | 388,544,932 | ---- | M] () -- C:\Users\Zer0\Desktop\Atlantis.2013.S01E07.HDTV.XviD-AFG.avi
[2013/11/08 10:41:38 | 000,174,968 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2013/11/02 20:47:55 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/02 19:56:10 | 312,958,111 | ---- | M] () -- C:\Users\Zer0\Desktop\atlantis.2013.s01e06.hdtv.x264-tla.mp4
[2013/11/02 06:26:01 | 786,553,176 | ---- | M] () -- C:\Users\Zer0\Desktop\The.To.Do.List.2013.720p.BluRay.750MB.HPHD.mkv
[2013/11/01 15:55:58 | 000,001,205 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[2013/11/01 15:27:41 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/10/26 16:29:03 | 380,193,538 | ---- | M] () -- C:\Users\Zer0\Desktop\Atlantis.2013.S01E05.HDTV.XviD-AFG.avi
[2013/10/23 21:30:23 | 030,344,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/10/23 21:30:23 | 025,257,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/10/23 21:30:23 | 022,933,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/10/23 21:30:23 | 018,286,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013/10/23 21:30:23 | 018,199,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/10/23 21:30:23 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/10/23 21:30:23 | 015,855,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/10/23 21:30:23 | 015,212,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013/10/23 21:30:23 | 011,426,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/10/23 21:30:23 | 011,374,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/10/23 21:30:23 | 009,524,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/10/23 21:30:23 | 009,480,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/10/23 21:30:23 | 003,131,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/10/23 21:30:23 | 003,124,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/10/23 21:30:23 | 003,067,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013/10/23 21:30:23 | 002,946,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/10/23 21:30:23 | 002,747,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/10/23 21:30:23 | 002,695,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013/10/23 21:30:23 | 001,884,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433165.dll
[2013/10/23 21:30:23 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433165.dll
[2013/10/23 21:30:23 | 001,435,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013/10/23 21:30:23 | 001,241,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013/10/23 21:30:23 | 000,696,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013/10/23 21:30:23 | 000,655,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013/10/23 21:30:23 | 000,599,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013/10/23 21:30:23 | 000,560,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013/10/23 21:30:23 | 000,479,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2013/10/23 21:30:23 | 000,405,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2013/10/23 21:30:23 | 000,317,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013/10/23 21:30:23 | 000,266,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013/10/23 21:30:23 | 000,168,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013/10/23 21:30:23 | 000,141,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013/10/23 21:30:23 | 000,023,287 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/10/23 19:20:08 | 006,669,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013/10/23 19:20:07 | 003,489,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013/10/23 19:20:05 | 000,219,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013/10/23 19:20:05 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013/10/23 19:20:03 | 003,426,956 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/10/23 03:02:36 | 000,589,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013/10/19 15:38:04 | 379,118,552 | ---- | M] () -- C:\Users\Zer0\Desktop\Atlantis.2013.1x04.Twist.Of.Fate.HDTV.XviD-AFG.avi
[2013/10/18 12:36:09 | 001,063,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2013/10/18 12:36:08 | 000,955,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2013/10/16 11:48:05 | 001,884,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433158.dll
[2013/10/16 11:48:05 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433158.dll
[2013/10/15 20:06:46 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\WarThunder.lnk
[2013/10/14 17:32:11 | 388,571,140 | ---- | M] () -- C:\Users\Zer0\Desktop\Atlantis.2013.1x03.The.Boy.Must.Die.HDTV.XviD-AFG.avi
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[11 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/12 12:01:02 | 388,544,932 | ---- | C] () -- C:\Users\Zer0\Desktop\Atlantis.2013.S01E07.HDTV.XviD-AFG.avi
[2013/11/12 12:00:41 | 312,958,111 | ---- | C] () -- C:\Users\Zer0\Desktop\atlantis.2013.s01e06.hdtv.x264-tla.mp4
[2013/11/12 09:02:49 | 001,085,542 | ---- | C] () -- C:\Users\Zer0\Desktop\AdwCleaner_2.exe
[2013/11/12 08:03:39 | 000,061,440 | ---- | C] ( ) -- C:\Users\Zer0\Desktop\VEW.exe
[2013/11/11 11:26:26 | 380,193,538 | ---- | C] () -- C:\Users\Zer0\Desktop\Atlantis.2013.S01E05.HDTV.XviD-AFG.avi
[2013/11/11 11:25:49 | 379,118,552 | ---- | C] () -- C:\Users\Zer0\Desktop\Atlantis.2013.1x04.Twist.Of.Fate.HDTV.XviD-AFG.avi
[2013/11/11 11:25:43 | 379,392,696 | ---- | C] () -- C:\Users\Zer0\Desktop\Atlantis.2013.1x02.A.Girl.By.Any.Other.Name.HDTV.XviD-AFG.avi
[2013/11/11 11:25:15 | 388,571,140 | ---- | C] () -- C:\Users\Zer0\Desktop\Atlantis.2013.1x03.The.Boy.Must.Die.HDTV.XviD-AFG.avi
[2013/11/11 09:03:09 | 397,472,086 | ---- | C] () -- C:\Users\Zer0\Desktop\Atlantis.2013.1x01.The.Earth.Bull.HDTV.XviD-AFG.avi
[2013/11/10 22:29:14 | 000,000,683 | -HS- | C] () -- C:\ProgramData\62f33931-3f95-403b-bd84-bc136fa2417d
[2013/11/10 20:25:55 | 786,553,176 | ---- | C] () -- C:\Users\Zer0\Desktop\The.To.Do.List.2013.720p.BluRay.750MB.HPHD.mkv
[2013/11/02 20:47:55 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/01 15:28:53 | 000,001,205 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[2013/10/23 00:11:43 | 000,421,888 | ---- | C] () -- C:\Windows\SysNative\ac3filter.acm
[2013/10/15 20:06:46 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\WarThunder.lnk
[2013/09/10 18:43:05 | 000,070,656 | ---- | C] () -- C:\ProgramData\ipmucpbanvtciix
[2013/09/10 18:33:03 | 000,052,736 | ---- | C] () -- C:\ProgramData\xwsechssebkyypu
[2013/09/10 18:33:03 | 000,000,215 | ---- | C] () -- C:\ProgramData\aecfdacfbafbefc.cfg
[2013/09/01 18:29:14 | 000,235,143 | -HS- | C] () -- C:\ProgramData\8d9221f8-e7a0-45a5-9c38-fd27fa08bbc7
[2013/05/24 11:11:11 | 000,000,037 | -HS- | C] () -- C:\Users\Zer0\AppData\Local\1754111884ee9ab5277ca00.95260103
[2013/05/18 19:41:53 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/12/01 00:02:52 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/01 00:02:41 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/11/20 07:00:00 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/09/29 06:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012/04/27 04:36:15 | 000,000,301 | ---- | C] () -- C:\Users\Zer0\SecurityKISSTunnel.config
[2012/04/24 20:53:12 | 000,000,043 | ---- | C] () -- C:\Users\Zer0\jagex_cl_runescape_LIVE.dat
[2012/04/24 20:53:12 | 000,000,024 | ---- | C] () -- C:\Users\Zer0\random.dat
[2012/04/19 18:14:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
[2012/04/19 18:11:20 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2012/04/01 16:18:51 | 000,000,835 | ---- | C] () -- C:\Users\Zer0\.recently-used.xbel
[2012/02/10 23:08:31 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/01/14 22:18:43 | 000,013,030 | ---- | C] () -- C:\ProgramData\PDOXUSRS.NET
[2011/10/15 02:53:57 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/09/18 15:02:30 | 000,003,584 | ---- | C] () -- C:\Users\Zer0\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/24 14:43:26 | 000,000,600 | ---- | C] () -- C:\Users\Zer0\AppData\Local\PUTTY.RND
[2011/01/25 14:14:02 | 000,001,770 | ---- | C] () -- C:\Users\Zer0\AppData\Roaming\Profile0.dat
[2010/10/17 21:59:07 | 000,001,057 | ---- | C] () -- C:\Users\Zer0\AppData\Roaming\vso_ts_preview.xml
[2010/10/06 21:22:34 | 000,007,597 | ---- | C] () -- C:\Users\Zer0\AppData\Local\Resmon.ResmonCfg
[2010/10/04 22:38:39 | 000,000,157 | ---- | C] () -- C:\Program Files (x86)\autorun.inf
[2010/10/04 22:38:38 | 009,822,208 | ---- | C] () -- C:\Program Files (x86)\autorun.dat
[2010/10/04 22:38:38 | 000,000,185 | ---- | C] () -- C:\Program Files (x86)\p0.cab
[2010/10/04 22:38:36 | 063,013,682 | ---- | C] () -- C:\Program Files (x86)\o0.cab
[2010/10/04 22:37:32 | 1508,976,877 | ---- | C] () -- C:\Program Files (x86)\d0.cab
[2010/10/04 22:37:29 | 006,866,468 | ---- | C] () -- C:\Program Files (x86)\c0.cab

========== ZeroAccess Check ==========

[2009/07/14 15:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 13:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 12:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD15EARS-00Z5B1 ATA Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: WD Ext HDD 1021 USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,397.00GB
Starting Offset: 105906176
Hidden sectors: 0

DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 1048576
Hidden sectors: 0

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/03/27 16:04:36 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\AccurateRip
[2012/05/08 16:04:35 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Adobe
[2013/01/06 04:37:43 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\AnvSoft
[2012/07/04 18:08:27 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Apple
[2011/10/18 06:04:48 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Apple Computer
[2012/06/29 18:39:00 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Avnex
[2012/06/30 00:43:42 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\AVS4YOU
[2012/08/11 22:08:54 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\BANDISOFT
[2010/09/04 22:21:49 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\bizarre creations
[2012/10/27 17:35:22 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Blue Orb
[2012/04/29 13:43:50 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/02/10 22:09:00 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\CoreClient
[2012/05/04 22:01:39 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\DAEMON Tools Lite
[2013/05/26 22:15:56 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Darkfall
[2012/02/18 17:25:52 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\dBpoweramp
[2012/08/26 22:21:22 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\dclogs
[2011/10/22 10:28:14 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\DivX
[2013/11/12 13:09:42 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\DMCache
[2012/04/28 13:16:25 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Dropbox
[2012/04/11 19:18:01 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\dvdcss
[2013/04/28 09:51:08 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Eqdige
[2012/09/06 20:20:22 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\FFsplit
[2013/02/22 18:32:45 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\FileZilla
[2011/02/06 15:47:59 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\FLEXnet
[2012/12/28 23:12:19 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\foobar2000
[2013/05/25 23:54:29 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\FreeCap
[2011/11/20 19:51:29 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\GetRightToGo
[2012/04/01 16:27:16 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\gtk-2.0
[2013/04/28 17:34:20 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Gyype
[2012/07/04 18:13:15 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Help
[2012/04/12 16:02:36 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\HLSW
[2012/04/19 18:14:04 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\HTML Help
[2012/07/04 18:13:16 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Identities
[2013/11/11 02:57:31 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\IDM
[2011/06/25 13:10:31 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\ImgBurn
[2013/11/10 23:17:18 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\IMVU
[2013/08/02 23:17:50 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\IMVUClient
[2012/07/31 17:54:04 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\InstallShield
[2011/02/19 14:51:12 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\ITB
[2011/02/24 09:12:43 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Leadertech
[2011/05/19 15:07:48 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Lionhead Studios
[2012/02/18 17:37:21 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\LockHunter
[2011/01/24 18:44:32 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\LolClient
[2012/05/28 16:53:40 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\LolClient2
[2010/09/04 19:07:35 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Macromedia
[2011/06/04 02:14:24 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Malwarebytes
[2009/07/14 18:44:38 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Media Center Programs
[2012/03/31 17:50:16 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Media Player Classic
[2013/03/28 21:08:33 | 000,000,000 | --SD | M] -- C:\Users\Zer0\AppData\Roaming\Microsoft
[2012/04/19 18:14:06 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Mozilla
[2013/06/05 19:04:54 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Mumble
[2013/04/02 23:10:29 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Natural Selection 2
[2010/12/19 17:44:12 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Nero
[2011/10/09 17:26:35 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\NVIDIA
[2013/04/04 00:27:01 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\OBS
[2012/09/13 18:27:31 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\ooVoo Details
[2013/10/01 19:20:11 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Origin
[2012/09/30 18:38:12 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\PFStaticIP
[2011/07/14 17:10:38 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Pogo
[2012/03/28 12:36:53 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Publish Providers
[2011/07/18 16:49:41 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\PunkBuster
[2013/03/09 23:31:29 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\raidcall
[2012/03/31 17:50:16 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Real
[2012/06/29 18:43:40 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Screaming Bee
[2010/09/24 14:45:56 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\SecuROM
[2013/11/12 12:51:21 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Skype
[2011/07/10 01:01:16 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\skypePM
[2012/01/14 22:03:58 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\SolarWinds
[2013/05/19 13:16:01 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Sony
[2012/06/23 19:47:35 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Sony Creative Software Inc
[2012/09/06 21:43:19 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\SplitMediaLabs
[2013/11/08 21:54:58 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Spotify
[2011/03/30 22:53:19 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Subversion
[2011/12/03 17:13:41 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\SynthMaker
[2013/01/10 23:45:36 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\TeamViewer
[2010/12/01 16:33:07 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\TeamViewer Manager
[2013/07/17 22:12:15 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Theta
[2011/04/24 13:11:22 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\thriXXX
[2013/11/09 19:18:08 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\TS3Client
[2013/08/31 20:52:25 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Tunngle
[2010/12/03 13:32:24 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Ubisoft
[2013/11/08 21:56:37 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\uTorrent
[2012/03/19 15:44:13 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Ventrilo
[2013/06/23 11:08:00 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\vlc
[2011/02/06 15:41:58 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Vodafone
[2012/02/29 23:42:33 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Vso
[2013/10/16 16:30:04 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Windows Live Writer
[2010/09/04 22:16:00 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\WinRAR
[2013/09/14 14:38:20 | 000,000,000 | -HSD | M] -- C:\Users\Zer0\AppData\Roaming\wvadbaja
[2013/05/25 23:06:21 | 000,000,000 | -HSD | M] -- C:\Users\Zer0\AppData\Roaming\wyUpdate AU
[2012/08/15 21:48:41 | 000,000,000 | ---D | M] -- C:\Users\Zer0\AppData\Roaming\Yahoo!

< MD5 for: ATAPI.SYS >
[2009/07/14 12:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 12:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/14 12:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 12:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 12:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/14 12:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/14 12:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/14 12:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/14 12:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 17:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 16:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 12:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 16:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 16:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 16:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 17:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 17:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 17:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 17:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 17:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 16:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/21 00:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 17:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 16:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 12:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 17:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 17:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 17:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/14 12:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/21 00:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2013/09/07 13:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
[2010/11/20 23:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2013/09/08 13:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\SysNative\mswsock.dll
[2013/09/08 13:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
[2013/09/07 13:24:39 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
[2013/09/08 13:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll
[2013/09/08 13:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll
[2009/07/14 12:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/14 12:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/14 12:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/14 12:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/14 12:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/14 12:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
[2012/01/13 18:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 18:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/20 23:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/04 03:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/21 00:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/04 04:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
[2012/10/04 04:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2009/07/14 12:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll
[2012/10/04 04:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/14 12:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/14 12:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/14 12:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/14 12:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/14 12:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/14 12:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 12:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 12:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 12:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 12:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 12:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 12:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USER32.DLL >
[2010/11/20 23:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 23:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 12:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 12:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/21 00:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/21 00:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 23:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 12:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 12:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/21 00:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 00:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 00:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 00:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 12:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 18:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012/04/19 18:14:04 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\winlogon.exe
[2009/10/28 17:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/14 12:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/14 12:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/14 12:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/14 12:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/14 12:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/14 12:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/14 12:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/14 12:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 1868-A592
Directory of C:\
14/07/2009 04:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 04:08 PM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 04:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 04:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 04:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 04:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 04:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 04:08 PM <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 04:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\Administrator
08/03/2012 01:08 PM <JUNCTION> Application Data [C:\Users\Administrator\AppData\Roaming]
08/03/2012 01:08 PM <JUNCTION> Cookies [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies]
08/03/2012 01:08 PM <JUNCTION> Local Settings [C:\Users\Administrator\AppData\Local]
08/03/2012 01:08 PM <JUNCTION> My Documents [C:\Users\Administrator\Documents]
08/03/2012 01:08 PM <JUNCTION> NetHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/03/2012 01:08 PM <JUNCTION> PrintHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/03/2012 01:08 PM <JUNCTION> Recent [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent]
08/03/2012 01:08 PM <JUNCTION> SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
08/03/2012 01:08 PM <JUNCTION> Start Menu [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
08/03/2012 01:08 PM <JUNCTION> Templates [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Administrator\AppData\Local
08/03/2012 01:08 PM <JUNCTION> Application Data [C:\Users\Administrator\AppData\Local]
08/03/2012 01:08 PM <JUNCTION> History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
08/03/2012 01:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Administrator\Documents
08/03/2012 01:08 PM <JUNCTION> My Music [C:\Users\Administrator\Music]
08/03/2012 01:08 PM <JUNCTION> My Pictures [C:\Users\Administrator\Pictures]
08/03/2012 01:08 PM <JUNCTION> My Videos [C:\Users\Administrator\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 04:08 PM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 04:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 04:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 04:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 04:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 04:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 04:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 04:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 04:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 04:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 04:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 04:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 04:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 04:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 04:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 04:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 04:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 04:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 04:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 04:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 04:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 04:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool
18/05/2011 07:51 PM <JUNCTION> Application Data [C:\Users\DefaultAppPool\AppData\Roaming]
18/05/2011 07:51 PM <JUNCTION> Cookies [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Cookies]
18/05/2011 07:51 PM <JUNCTION> Local Settings [C:\Users\DefaultAppPool\AppData\Local]
18/05/2011 07:51 PM <JUNCTION> My Documents [C:\Users\DefaultAppPool\Documents]
18/05/2011 07:51 PM <JUNCTION> NetHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
18/05/2011 07:51 PM <JUNCTION> PrintHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
18/05/2011 07:51 PM <JUNCTION> Recent [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Recent]
18/05/2011 07:51 PM <JUNCTION> SendTo [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo]
18/05/2011 07:51 PM <JUNCTION> Start Menu [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu]
18/05/2011 07:51 PM <JUNCTION> Templates [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool\AppData\Local
18/05/2011 07:51 PM <JUNCTION> Application Data [C:\Users\DefaultAppPool\AppData\Local]
18/05/2011 07:51 PM <JUNCTION> History [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\History]
18/05/2011 07:51 PM <JUNCTION> Temporary Internet Files [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\DefaultAppPool\Documents
18/05/2011 07:51 PM <JUNCTION> My Music [C:\Users\DefaultAppPool\Music]
18/05/2011 07:51 PM <JUNCTION> My Pictures [C:\Users\DefaultAppPool\Pictures]
18/05/2011 07:51 PM <JUNCTION> My Videos [C:\Users\DefaultAppPool\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 04:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 04:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 04:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
22/02/2012 01:00 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
22/02/2012 01:00 PM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
22/02/2012 01:00 PM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
22/02/2012 01:00 PM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
22/02/2012 01:00 PM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
22/02/2012 01:00 PM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
22/02/2012 01:00 PM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
22/02/2012 01:00 PM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
22/02/2012 01:00 PM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
22/02/2012 01:00 PM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
22/02/2012 01:00 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
22/02/2012 01:00 PM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
22/02/2012 01:00 PM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
22/02/2012 01:00 PM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
22/02/2012 01:00 PM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
22/02/2012 01:00 PM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Zer0
04/09/2010 04:39 PM <JUNCTION> Application Data [C:\Users\Zer0\AppData\Roaming]
04/09/2010 04:39 PM <JUNCTION> Cookies [C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Cookies]
04/09/2010 04:39 PM <JUNCTION> Local Settings [C:\Users\Zer0\AppData\Local]
04/09/2010 04:39 PM <JUNCTION> My Documents [C:\Users\Zer0\Documents]
04/09/2010 04:39 PM <JUNCTION> NetHood [C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/09/2010 04:39 PM <JUNCTION> PrintHood [C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/09/2010 04:39 PM <JUNCTION> Recent [C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Recent]
04/09/2010 04:39 PM <JUNCTION> SendTo [C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\SendTo]
04/09/2010 04:39 PM <JUNCTION> Start Menu [C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Start Menu]
04/09/2010 04:39 PM <JUNCTION> Templates [C:\Users\Zer0\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Zer0\AppData\Local
04/09/2010 04:39 PM <JUNCTION> Application Data [C:\Users\Zer0\AppData\Local]
04/09/2010 04:39 PM <JUNCTION> History [C:\Users\Zer0\AppData\Local\Microsoft\Windows\History]
04/09/2010 04:39 PM <JUNCTION> Temporary Internet Files [C:\Users\Zer0\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Zer0\Documents
04/09/2010 04:39 PM <JUNCTION> My Music [C:\Users\Zer0\Music]
04/09/2010 04:39 PM <JUNCTION> My Pictures [C:\Users\Zer0\Pictures]
04/09/2010 04:39 PM <JUNCTION> My Videos [C:\Users\Zer0\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
98 Dir(s) 723,085,242,368 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/10/26 12:54:22 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/10/26 12:54:22 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/10/26 12:54:22 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2013/10/26 12:53:21 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/10/26 12:53:21 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/10/26 12:53:21 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/16 01:16:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/16 01:16:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/16 01:16:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2013/09/22 21:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: %ProgramFiles(x86)%\Internet Explorer\iexplore.exe [2013/09/22 21:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013/10/26 12:54:22 | 000,872,352 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013/10/26 12:54:22 | 000,872,352 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013/10/26 12:54:22 | 000,872,352 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2013/10/26 12:53:21 | 000,275,568 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013/10/26 12:53:21 | 000,275,568 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013/10/26 12:53:21 | 000,275,568 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/10/09 11:02:45 | 000,844,752 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/16 01:16:21 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/16 01:16:21 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/16 01:16:21 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/09/22 21:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: %PROGRAMFILES(X86)%\INTERNET EXPLORER\IEXPLORE.EXE [2013/09/22 21:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/20 23:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2009/07/14 12:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
[2009/07/14 13:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/14 12:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/11 08:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/11 08:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/11 08:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/11 08:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/11 08:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/11 08:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/11 08:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/07/14 13:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:F2096E4C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:073341D1

< End of report >

OTL Extras logfile created on: 12/11/2013 1:10:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zer0\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

5.99 Gb Total Physical Memory | 3.17 Gb Available Physical Memory | 52.90% Memory free
11.98 Gb Paging File | 9.02 Gb Available in Paging File | 75.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 673.53 Gb Free Space | 48.21% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1002.08 Gb Free Space | 53.79% Space Free | Partition Type: NTFS

Computer Name: ZER0-PC | User Name: Zer0 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- C:\Windows\SysWow64\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- C:\Windows\SysWow64\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C0B5F7-51E5-4277-90E3-A9FD7F6DFED8}" = rport=45566 | protocol=6 | dir=out | app=%programfiles% (x86)\logmein hamachi\hamachi-2.exe |
"{0947967E-99BE-4494-A287-45E68FBE5508}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0AAAEE10-CE21-4DD1-B3F9-EE075E453156}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{11BD1FC8-5523-4DA4-A049-E1D5B7ABABB6}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{1BE9C614-8C13-4EE9-8CAF-692203FA7F56}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{246D692E-A975-494F-8F05-BADA2C80CFED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D2E53CE-D4F2-44FC-A610-25B8614F57C0}" = lport=445 | protocol=6 | dir=in | app=system |
"{2E63A9BB-2B5D-4E33-88E1-C9EACCBA31D2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E6AE712-809D-4932-8DC9-68431A318B69}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3160AEFD-25BC-42A8-9D33-A2B217BA64E6}" = lport=443 | protocol=6 | dir=in | name=hamachi |
"{38019C3F-2EDB-405C-8216-912CD5EB8935}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{3A4DDB81-CB4F-4D85-9D9F-5590EABB5077}" = rport=443 | protocol=17 | dir=out | name=hamachi udp |
"{3E39E225-6784-4176-A02E-57DEF96E9214}" = rport=45565 | protocol=17 | dir=in | app=%programfiles% (x86)\logmein hamachi\hamachi-2.exe |
"{40E0FC50-BFB4-44B3-B9F2-C80FD302EEA8}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{41150660-3F42-4872-A77B-BECFC783C8CE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{47AE2110-6BDE-4101-833A-0FFFB502A191}" = lport=137 | protocol=17 | dir=in | app=system |
"{4B82D219-8D2F-4C7B-8F38-EA16B43C56FA}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{50A12341-7273-4C38-A2C6-B2AE7B86B60F}" = lport=6907 | protocol=17 | dir=in | name=league of legends launcher |
"{5331C356-FA28-4641-BF3C-E36AEAB8B1E6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56C0BB75-DC4F-43BD-904F-7C9B1C8909A8}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher |
"{587DF980-7D08-4FAE-AF28-0DF1A044265D}" = rport=45566 | protocol=6 | dir=in | app=%programfiles% (x86)\logmein hamachi\hamachi-2.exe |
"{66CFA3F1-7A12-43EA-A1F2-D4C27054D81B}" = lport=6907 | protocol=6 | dir=in | name=league of legends launcher |
"{6C769A8C-5747-4936-B053-5255649AA3FE}" = lport=6920 | protocol=17 | dir=in | name=league of legends launcher |
"{754E97DA-A2B1-400B-BB68-DF052A8154BF}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{78123970-9812-475C-9426-1F67796A5B87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7A3D918C-AB4B-467D-BF50-E4ECE851A156}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{7C753739-3A84-4500-80CE-3C47C1AEA462}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{7CD2A917-62D4-4D7C-B888-704F296001A9}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{7F0EE8E2-0EA4-401F-BD8D-6DE19C6B2F94}" = rport=139 | protocol=6 | dir=out | app=system |
"{8261F36B-D399-4809-AB8E-6EC667EA8D1C}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{84943745-3029-4CD2-9FEE-4712DD37FEAF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{88C5772D-7805-4A31-890A-DAFFD92D8777}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8F58CBB9-272A-4EE9-A04A-3149DF904BFF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9341694D-E58F-42DC-B9B8-B02D02C950D9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{94C9E538-2505-4558-8126-06692CCF4F92}" = lport=2869 | protocol=6 | dir=in | app=system |
"{951A3F5D-DCC3-4540-820C-EC0C68748D93}" = lport=6920 | protocol=6 | dir=in | name=league of legends launcher |
"{979FA352-E348-4A80-890D-362515229715}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{99761CA8-F3C4-461E-A0EA-7435CB62B098}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{9C63320D-8A5B-4CEC-8663-7DDD26AC4CEF}" = rport=445 | protocol=6 | dir=out | app=system |
"{9CEF0D15-E55C-47CE-85B4-872055CA914C}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{9D12DF68-7CB3-4AA7-9341-12A59E1C41BC}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{9DB7F271-86ED-4548-92DA-24AD40309D5C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F1FC913-A1C1-46A2-AF99-AB6E867E8501}" = rport=137 | protocol=17 | dir=out | app=system |
"{A5D2F15B-1A6C-4AFF-8359-E89CB6B10EE3}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |
"{A5E27C14-B871-466B-93E9-F4E1B943AEFA}" = lport=138 | protocol=17 | dir=in | app=system |
"{ADF2F8AE-DD6F-47D0-9CCA-5D2EDB5E40EA}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{B00D4482-5452-40C5-B346-48491F3467FF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B05C06D0-C311-41D6-B2DB-445376A185F7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BE1E82CE-830C-4F5E-96CC-C0F810B2D2F4}" = rport=45565 | protocol=17 | dir=out | app=%programfiles% (x86)\logmein hamachi\hamachi-2.exe |
"{C036EEC3-52AD-442D-8FAF-7D189F1FF0A2}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{C152E8F5-315A-4363-97AB-81D33800EC17}" = lport=49197 | protocol=6 | dir=in | name=akamai netsession interface |
"{C1F3EEB1-2700-4872-80CD-09A1A9E2D622}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{C48E499E-68C2-4944-8614-CB99EE7A5249}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D10849E9-99A9-44B7-8E7C-4BAE3B5AA077}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{D1F66421-DEAB-4534-BFBC-CED9EED5FF37}" = lport=443 | protocol=17 | dir=in | name=hamachi udp |
"{D68FCEE4-B170-42DB-8748-769302A39C19}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe |
"{D958D578-E4D2-4559-8FC0-D6CF6276CFA6}" = rport=443 | protocol=6 | dir=out | name=hamachi tcp |
"{DD34090D-5A2C-442B-9744-023D3C1C3A58}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{E5C1034F-E3E7-40EF-91AD-4FCD99AC07DD}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{E5CA7B0D-C4B6-4274-BDF2-830C14E17713}" = rport=138 | protocol=17 | dir=out | app=system |
"{ED38294A-386C-4AA2-A9C3-3ED73CD09E3D}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{F736A0FD-1D42-40C0-9C6D-2A0EFA60A0B7}" = lport=139 | protocol=6 | dir=in | app=system |
"{F8C91331-5AAA-45CB-B9C7-97543C5EF313}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01629A38-9306-4E47-A899-E1F7808D9783}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{01729B7E-DD52-4747-9C06-C6CB9591D7F3}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2.exe |
"{02C8F397-DF7E-4202-B87E-E108E0B2C96B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
"{073B167A-A8D2-4578-92DE-D7103D1D7ECD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{07EE0C55-E039-40D7-AEE6-97054451A2F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{08928DC3-BC9C-43EC-BFDD-96C5ABE0FCC8}" = dir=in | app=%programfiles% (x86)\raidcall\raidcall.exe |
"{0A021298-8FC1-4D21-85CE-B5C7E0EF35E9}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{0AC54D71-8EFB-4EAC-BF40-76D06217C4F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{0D795ABF-7368-48BC-9618-BF500FE5FE4B}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{10117D0B-1D00-4081-8945-0AA6FA818612}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{10541624-BE5E-4B79-9EB6-79F73E71FAD4}" = protocol=6 | dir=in | app=c:\users\zer0\appdata\local\apps\2.0\l25bhjw6.gjw\3w9vyj8k.dnh\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\curseclient.exe |
"{10DC5615-EF54-4231-8318-EF730553076F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{11039964-B3F9-4692-8BCE-3ED0C68695F6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{12EB0B06-3383-46C2-83F9-0AF00E663EE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{161F624B-D4FD-42CD-9F9E-B930375405E1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{169E7E8F-1BA8-40F1-8781-BCF7CA895086}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 4\bf4.exe |
"{16D6FE99-0573-430B-AD17-D84448D4A72D}" = protocol=17 | dir=in | app=c:\users\zer0\appdata\roaming\spotify\spotify.exe |
"{18285A5F-631F-4CC7-B37E-DA13C2B7CF89}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{199B6ED5-7DE3-4475-93BF-86D6A3EB0BE3}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{1C69152D-BDB7-4FD7-B398-3E140076502B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1E07C016-3A0D-41BE-96C4-DADC4EB1E153}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{1E8F3445-CB56-4611-B76F-D8916B0202BA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{1EBBAA5C-31F6-4FDC-A2AB-C19F9D797E15}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{21B3899F-76A1-4D74-B7C6-DEF453357569}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{22EE129C-275B-4AA3-93DF-5A4243A9EC1A}" = protocol=6 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"{2D373841-A55D-48D6-8558-860C6A8EEA29}" = protocol=17 | dir=in | app=c:\hlserver\css\srcds.exe |
"{32BA5D52-8A85-480B-9B66-D800FDA017FD}" = protocol=58 | dir=out | [email protected],-28546 |
"{333A51F6-69CB-4A2B-943F-532548A9320A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forced\forced.exe |
"{36025BFB-7B4C-482A-9F1F-1B6CCDDA1515}" = protocol=17 | dir=in | app=c:\users\zer0\appdata\local\apps\2.0\l25bhjw6.gjw\3w9vyj8k.dnh\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\curseclient.exe |
"{3698A66E-C465-4258-866A-511BF1967DED}" = protocol=1 | dir=in | [email protected],-28543 |
"{387F0563-2E90-444D-B053-1FC4060D203A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{38A93D7D-D154-4A56-AEFA-A7DF8CC2CB58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{39F670D3-1E06-4392-8F87-A82D47B51D3E}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{3A782CCF-4EC8-4222-9A51-CF308A7CFD2C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{3E0EB66B-824A-4401-8E2E-7B55805BF632}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{41E6DFC8-8104-4BA8-909A-DD76F3ED87E5}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{423896BD-81DC-4BA7-B5AF-FFC8D60289EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{42566AFD-AE56-4689-B12D-3C0291E6A74E}" = protocol=1 | dir=out | [email protected],-28544 |
"{42E5B6B2-DCAC-4859-A68A-E078FB84BB5D}" = dir=in | app=%programfiles% (x86)\steam\steam.exe |
"{4424353B-5B39-41E3-9B93-F4642424DB70}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{444E4772-2449-43D4-BCF4-5E9098BAD5FE}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{44BE948C-9F0F-45AC-9CC7-628CC2577939}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{4A1FE4D5-A5AA-4017-9EE9-074A0627955C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E69FDDD-E7B1-47CB-877F-2AC06F2C83AA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4FBC27D0-A02C-4AA4-AA04-C779EB2606BC}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{50911FDA-5C4F-4B9A-9C96-CC857D7294B9}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{50CFEF23-B0CE-49A6-808F-4482BA7037B3}" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe |
"{5136D0F2-3849-4172-AB0E-20A29FD132D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52141175-C21E-4345-AEA9-47D3D3EA7235}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{570BAB43-4803-4B8C-B04A-7560C3DC20F9}" = protocol=58 | dir=in | [email protected],-28545 |
"{573ACABE-AECE-4ED5-80EE-2E62861B205D}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{59D09F87-599F-4679-8DE9-10D13E615C04}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5D686E28-B063-4E0C-AF75-2DA8CA630459}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forced\forced.exe |
"{62F22B10-41E5-4C1D-B9D6-9693AA8BBD00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{6547967D-6527-48E6-AF6F-F3EB32F40A14}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{66DA6EF4-5372-463E-848A-B382EE1380F4}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{671FFF68-93BA-46F1-995B-CC9E10F09B52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{67CCD15E-F380-402A-98DD-4E4343DECE4C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{68FBD092-8E35-4094-AFA8-8979817F2B03}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6A45577D-2995-482F-9184-C629092BD93F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{6AE42918-849D-427B-BBB2-BBDDE46BBFB8}" = dir=in | app=%programfiles% (x86)\raidcall\wizard.exe |
"{6AFFFF16-62C5-4FF2-9409-6BA5919FD62A}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2.exe |
"{6B2BEB14-509F-47C6-B42D-20B8C20C1A8F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6B6391BD-DA2F-469D-8D22-28E483346907}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{70113105-2C6E-4ACA-9424-2C0805202631}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{70617D1B-F45E-47F6-A090-B32597634143}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sleepingdogs\hkship.exe |
"{7177AC59-F5F5-43C5-A3E8-ED39153A51BF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{73CC3FDC-B084-4825-9429-70BD4BFB5BC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77437A89-A199-407C-8822-A7FC41BE504B}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{7B086951-6DC9-4709-9CC6-3661745EE4A1}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{7E675CAB-F74B-46A0-8E48-08F878A74983}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{801E4538-1FDB-4A91-AD56-D4075565CA66}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{8096949A-8893-45E1-A8F5-81B473314711}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\simcity\simcity\simcity.exe |
"{82AB70CE-CF90-457C-9AC6-23168A9E1238}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
"{85B66029-3293-496F-B4CE-C3EB094AA884}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{8604B43F-F5B6-4E1E-8730-19FA6E7E098D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe |
"{8613CAE8-6B01-40E3-B276-BB8657869177}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe |
"{87DC8B26-23F6-494E-94BA-A9A93B5327D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{88F7DBFE-7F61-45DA-B349-EA5D3DD8D913}" = protocol=17 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"{891D6894-DF83-4371-9E45-32F0B26EDEB5}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{895597D8-0F2B-4BD7-B8DE-4CCC43E4FCDA}" = protocol=17 | dir=in | app=c:\users\zer0\appdata\local\akamai\netsession_win.exe |
"{8B54A242-C950-4FF1-834D-AF6CD93763FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{8DE852F2-1DAE-4D76-A4F3-2F6CB403154D}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{8F68D9D1-E35C-4553-B0EB-D9578637173E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{8FEAD48D-2C32-4EB0-B3AE-D05AAC2DEC35}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90290388-A9FD-4309-B551-364AF8ED2AE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{9035F202-56BB-47DC-AFC6-29699AE276D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{91E4BCB5-BCF4-4316-BBA5-A249D5B51C2C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{94477D1C-342C-4819-BDDE-AE4762974F6C}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{9614A188-2B4A-44A7-A3F9-51FD4FD81FD2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{96D84CBB-1EDA-4A59-8063-589789616A9F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
"{97B50117-E2D9-4FAA-B4D1-15AF71A06878}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{98C43030-7282-4627-944D-F4B164997537}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{998B08DC-D35F-465E-A463-3BC80B542301}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{9B0DEC27-0E47-4B78-B0B7-D331F33CFF4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{9C3D47BF-6ABF-43F2-AF39-FD763FF45572}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A82230F4-7ACA-479F-B5CA-C6CC26E67407}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A9073697-B185-4D24-903E-20605A0DF50D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe |
"{ACDB2D6D-F185-479F-8E54-EE97B7EE6DC2}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{ACECDAE5-731A-409D-95C0-C308BE11D8C0}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{AD8DC4D6-F1F3-46D2-A5D9-C204CA363C19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE27A2D9-AACA-408B-B911-25CFE7ACBD9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{AEC1743D-A408-485E-8237-8056DC4F64F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{AF374D0F-F58C-4100-8703-D2C348323261}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B1B8C85E-B19B-48AB-8740-2C8B957AA775}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{B1CCEBCC-C676-4D3C-A411-6E74BEE28535}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{B22C16F3-1B8D-449E-B258-74203A67E996}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 4\bf4_x86.exe |
"{B23CA21E-AE84-4C72-B3C1-603C7356E0AF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B249B475-727F-41CA-899B-F6B05B97DF24}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{B5A756B0-2C7C-445D-9FA1-00F6D1002E29}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{BB0A7186-B84B-4B09-82F4-4BB24C1A4201}" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe |
"{BCDBD28D-E19A-4D2F-AB3F-D273C22DAF2A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BD7C267D-3857-416E-BFB4-629FCF9C02C6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C92F2649-F4F5-4739-BFAD-30B8892F2072}" = protocol=1 | dir=in | name=hlsw icmp |
"{C9F52197-63BA-43D1-9554-E8112ED80B0C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CA55B349-F7D9-4FAB-B078-E69D8164A53A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CAD539B2-0661-43AB-BF06-EF41BBA94F52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{CDC7F50B-4C6B-4D96-9E64-E1A43EB9F42D}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{D06E3235-7739-4372-BDE8-DC7B9FF80103}" = protocol=6 | dir=in | app=c:\hlserver\css\srcds.exe |
"{D173276C-23C7-4C30-A29B-9286E4C90141}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D278DCF5-8F40-4EE9-AF33-062EE2FDA356}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D2FBEA4E-4648-4DCB-9D32-A432A70F6864}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\natural selection 2\ns2.exe |
"{DCDE3264-7B42-4A8A-9C07-22E1836636D3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DDE3BD61-5B59-44D1-8F17-95668C09BC0C}" = dir=in | app=c:\users\zer0\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{DE0548C1-386C-48CF-BF93-FE23C3E16458}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DE7680A8-C2E7-4DB4-8DF2-761A45EB3B72}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{DEB6EED2-4639-4CA6-BF11-8DC96E0C4513}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DF7930B1-2A80-4848-A8D3-57EF80597DF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe |
"{E100B473-B1F1-4B9A-A01E-36F5FA92CF17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{E131511A-0F48-44D8-A1F0-1562B05A2580}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{E163368C-3F22-4BC5-84B7-59DD56337684}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{E29CF4E9-DC01-46C8-A49C-271B66B45180}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{E2E6C984-0A0F-4D28-930D-6197F2FBF3C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{E4107B9C-3162-4A12-B5A0-EEAC75BA020D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\simcity\simcity\simcity.exe |
"{E46B3E56-0918-4132-8CF1-EAB4C1BF99CA}" = protocol=6 | dir=in | app=c:\users\zer0\appdata\local\akamai\netsession_win.exe |
"{E816B07B-68AA-402B-9F5A-DF4336B69167}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{EA81D0DB-1E2A-4FA3-A3A1-9E3DE43AF611}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{EA970DD5-4799-4AD1-A0DC-0B57EEB9D7F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EAC327EF-D8E7-4353-96E9-145E85312468}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{EB1EDB11-87EC-497A-A8E0-A5201E4970E5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 4\bf4.exe |
"{EC642946-A86E-466A-830C-66E31740DFE5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{EDB73647-2B6B-4AE1-8B3F-68471E7B2DE7}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{EE508158-02F0-4CCF-94FB-0E645DC6C4FF}" = protocol=6 | dir=in | app=c:\users\zer0\appdata\roaming\spotify\spotify.exe |
"{EF53253F-DE6C-4F10-B187-721CF2EB3E16}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{EF6D801B-A83B-4818-BB11-C701DDD3AC7C}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{F108F846-716C-4DFC-A745-E1E45FEB517F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{F42A145D-6A9E-4D0D-9161-05BB397AD46A}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2.exe |
"{F49E4DE1-89B8-4756-AC8B-E510DC8CA048}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{F4E3102B-E92C-40EF-8806-14F8C79B36C7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{F4E7FBB5-A124-4C7B-8367-9837A2B91A88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{F5237D56-12AA-45FD-AEFB-8399149CBDE5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 4\bf4_x86.exe |
"{F6BC8A77-8599-4BBD-9361-8D2507A1D562}" = protocol=6 | dir=out | app=system |
"{F884B144-7A36-4624-BFE9-2155A5A07B81}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{F9E477C2-6877-4B2E-A164-5E2340C924DB}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{F9FB2EE0-D461-45A4-9F5C-19032DE17FA3}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{FA5A3FE3-6E5B-4077-8BFB-EA69FB80AA46}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{FD984C31-9BA2-4D34-94A8-AC9BAC2ACE8D}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2.exe |
"{FEB3C515-70C8-4459-8819-6D813724087E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"TCP Query User{33EB4DE3-6AF6-40EE-8C9F-18E317EAFFE6}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{37FD4D8B-5583-4B7A-8C78-EE6178E6F5B8}D:\easysetupassistant\td-w8950nd\fscommand\easysetupassistant.exe" = protocol=6 | dir=in | app=d:\easysetupassistant\td-w8950nd\fscommand\easysetupassistant.exe |
"TCP Query User{3959A9D0-3420-4961-9F0C-6D1D230CA5AD}E:\crysis2(5620)_01_13\bin32\crysis2.exe" = protocol=6 | dir=in | app=e:\crysis2(5620)_01_13\bin32\crysis2.exe |
"TCP Query User{4E9DE2B7-9FA2-4C7D-B650-02E99D848635}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{6FD033B5-41CA-4F09-A4B4-285A7BFB0DC8}C:\program files (x86)\warthunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
"TCP Query User{7CFA0FC3-1714-4F35-B7AE-6ED511D5E985}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{B81B177E-25E3-4F4D-9A6C-D8CD4AF15B09}C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"TCP Query User{C55666F6-3B7B-45DA-9408-AB12CC66E0F3}D:\alcatel\speedtouch 530\setup\setupst.exe" = protocol=6 | dir=in | app=d:\alcatel\speedtouch 530\setup\setupst.exe |
"TCP Query User{CF062E53-6299-4498-839E-0FF9054ACA52}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{D2CACEFD-575B-429E-8D5D-FB57DD236979}C:\users\zer0\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\zer0\appdata\local\akamai\netsession_win.exe |
"TCP Query User{E832F229-C72B-4F4D-A250-415BC5D0BC9D}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"TCP Query User{FA564AB8-0B61-4CED-A3F7-3597F4DEC854}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{2186ABA4-3975-4BA8-97C2-9DE0253131EA}C:\program files (x86)\warthunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\aces.exe |
"UDP Query User{25501994-EC5B-46BF-A3CC-0085038A1005}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{32FB0878-0455-46FD-9183-D65745EB57CB}C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"UDP Query User{33468986-F884-4A89-95B8-1DFE8FB99927}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{38306632-6804-4165-93F3-E80623566BA8}E:\crysis2(5620)_01_13\bin32\crysis2.exe" = protocol=17 | dir=in | app=e:\crysis2(5620)_01_13\bin32\crysis2.exe |
"UDP Query User{43516AF7-C1FB-4343-89E7-BA214F04A8DF}C:\users\zer0\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\zer0\appdata\local\akamai\netsession_win.exe |
"UDP Query User{54FFE46B-EC0C-4B53-B674-236D2243B6CA}D:\alcatel\speedtouch 530\setup\setupst.exe" = protocol=17 | dir=in | app=d:\alcatel\speedtouch 530\setup\setupst.exe |
"UDP Query User{586C5EB3-8AE4-4D03-9561-3128C91AB673}D:\easysetupassistant\td-w8950nd\fscommand\easysetupassistant.exe" = protocol=17 | dir=in | app=d:\easysetupassistant\td-w8950nd\fscommand\easysetupassistant.exe |
"UDP Query User{5F8D536F-078E-4E3C-92FC-16B4310D0C47}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{60DA4F0A-B604-4B3E-9244-1CE29ED9BB20}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{89A1D47B-5975-4615-A4A0-8B6B4F30D551}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{C20C3B8B-21BB-4292-846F-4A186604602E}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2A9D89B8-D07E-48F5-9A4C-0972D6FA5475}" = Smart Technology Programming Software 7.0.23.0
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A528BDDE-9C9F-11E2-9F0C-F04DA23A5C58}" = MSVCRT Redists
"{A7500970-FE98-11E1-B560-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.65
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D4761C4F-5ED9-11E1-9202-F04DA23A5C58}" = MSVCRT Redists
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2CA3B8348CD526E9B8928840AC68738C5B5A4F8F" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0)
"5AF8BE22A56B38B1816F36BAC6A71F1277E45440" = Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006)
"B090418E214D6BD6EE18A512A8EE609225AC9279" = Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101)
"CCleaner" = CCleaner
"HashTab" = HashTab 4.0.0.2
"LockHunter_is1" = LockHunter 2.0 beta 2, 64 bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Sandboxie" = Sandboxie 3.68 (64-bit)
"SecurityKISS Certificate_is1" = v0.2.2
"SecurityKISS Tunnel_is1" = SecurityKISS Tunnel v0.2.2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"VTFEdit_is1" = VTFEdit 1.3.3
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.5.2
"{0DB44859-4112-4946-BE5E-A4275B3FFB5E}" = Furry Voices for Second Life
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{147894EE-5ED4-11E1-A8FF-F04DA23A5C58}" = MSVCRT Redists
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{29C042AB-059B-414C-840E-94775E3F24A8}" = Personality Voices
"{2A36014E-DF1D-4840-A209-3185B17BFC71}" = BigPond Broadband ADSL
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30349EFD-29C6-471B-B720-10D805B2D9F3}" = NCsoft Launcher
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37E9AFC0-BE43-470A-8903-318DFA9B4B72}_is1" = ScreenSnapr version 4.0.0.2
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018302}" = Fable III
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{5695D908-F97F-499D-91AF-F7D6BFA08575}" = Smoothping Elite
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B616A3F-43D9-4F0B-9F49-D39342A98592}" = Creatures of Darkness
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{639159C2-B27B-4208-8965-D8A0AEDBDED2}" = Microsoft .NET Framework 2.0 SDK - ENU
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{67CEC218-B250-4B4C-B23F-A597EC8DB153}" = Deep Space Voices
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7254274D-3F70-4EDD-9BEE-EA6BAD5636B4}" = Joystix Pro
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{8061C2C9-C2A3-4550-A3FC-585B646840CB}" = Fantasy Voice Pack
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8BD89760-6B5D-4A3C-8B0D-CDB93BEFC0F6}" = XSplit
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A1DD0268-4069-4D39-B6D2-E00DB50CA9C4}" = League of Legends
"{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}" = Tom Clancy's Splinter Cell® Blacklist™
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BC038C91-D3C6-4E43-8439-B65976FE7937}" = Sci-Fi Voice Pack
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C39768C1-82E7-4466-8526-2D8AC44B768F}" = Translator Fun Voice Pack
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = Alcatel SpeedTouch USB Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7870B1A-EECF-45B1-99BD-D1906928A8EC}" = SolarWinds Real-time NetFlow Analyzer
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D947A225-8C23-4E52-866E-CF3967476BFC}" = Female Voice Pack
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.2.336
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF3FE308-58F2-45E2-9BB0-6A993794AD5C}" = Galactic Voices
"{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1" = MSI GamingApp
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.278
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Afterburner" = MSI Afterburner 3.0.0 Beta 14
"Akamai" = Akamai NetSession Interface Service
"AMIP_foobar2000" = AMIP for foobar2000 (remove only)
"Any Video Converter_is1" = Any Video Converter 3.5.8
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"AV Voice Changer Software DIAMOND 7.0" = AV Voice Changer Software DIAMOND 7.0
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Battlelog Web Plugins" = Battlelog Web Plugins
"Bejeweled 31.0.8.6128" = Bejeweled 3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DivX Setup" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.6.0.2
"foobar2000" = foobar2000 v1.1.14a
"Fraps" = Fraps (remove only)
"GoldWave v5.58" = GoldWave v5.58
"Google Chrome" = Google Chrome
"Google Maps Radar - Made by OVPD Badge 169" = Google Maps Radar - Made by OVPD Badge 169
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"HLSW_is1" = HLSW v1.4.0.2
"ImgBurn" = ImgBurn
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare™ 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty® 4 - Modern Warfare™ 1.1 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare™ 1.2 Patch
"Internet Download Manager" = Internet Download Manager
"Internet Explorer" = Internet Explorer
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 2.0 SDK - ENU" = Microsoft .NET Framework 2.0 SDK - ENU
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"MKVToolNix" = MKVToolNix 5.9.0
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Nero 9 Lite_is1" = Nero 9.0.9.4 Lite
"NoIPDUC" = No-IP DUC
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Open Broadcaster Software" = Open Broadcaster Software
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OpenAL" = OpenAL
"Origin" = Origin
"PFConfig" = PFConfig 1.0.296
"PFPortChecker" = PFPortChecker 1.0.39
"Portforward Static IP Address" = Portforward Static IP Address 1.0.47
"PrecisionX" = EVGA Precision X 4.1.0
"PunkBusterSvc" = PunkBuster Services
"RaidCall" = RaidCall
"RealAlt_is1" = Real Alternative 2.0.2
"Rockstar Games Social Club" = Rockstar Games Social Club
"RTSS" = RivaTuner Statistics Server 5.3.0
"Steam App 107410" = Arma 3
"Steam App 113200" = The Binding of Isaac
"Steam App 113400" = APB Reloaded
"Steam App 12210" = Grand Theft Auto IV
"Steam App 200710" = Torchlight II
"Steam App 202170" = Sleeping Dogs™
"Steam App 204100" = Max Payne 3
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base 2006
"Steam App 218620" = PAYDAY 2
"Steam App 220240" = Far Cry® 3
"Steam App 238960" = Path of Exile
"Steam App 240" = Counter-Strike: Source
"Steam App 249990" = FORCED
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 4000" = Garry's Mod
"Steam App 4920" = Natural Selection 2
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"Tom Clancy`s Splinter Cell® Blacklist™_is1" = Tom Clancy`s Splinter Cell® Blacklist™
"Tunngle beta_is1" = Tunngle beta
"Uplay" = Uplay
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"VTFEdit_is1" = VTFEdit 1.2.5
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo!7 Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo!7 Messenger" = Yahoo!7 Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Akamai" = Akamai NetSession Interface
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"InstallShield_{D7870B1A-EECF-45B1-99BD-D1906928A8EC}" = SolarWinds Real-time NetFlow Analyzer
"Spotify" = Spotify

< End of report >

#5
RKinner

Posted 12 November 2013 - 01:21 AM

Malware Expert

Expert
24,624 posts

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

#6
nytmare

Posted 12 November 2013 - 02:30 AM

Member

Topic Starter
Member
14 posts

done and done, heres the attachments

Attached Files

Fixlog.txt 8.06KB 205 downloads
speccyinfo.txt 251.59KB 152 downloads

#7
RKinner

Posted 12 November 2013 - 03:09 AM

Malware Expert

Expert
24,624 posts

The poor thing is about to melt down! You should shut it down and let it cool off. Make sure you do not have the air vents blocked with dust. Appears that it is a desktop so perhaps the fan has failed.

Average Temperature 96 °C
Caches
L1 Data Cache Size 4 x 32 KBytes
L1 Instructions Cache Size 4 x 32 KBytes
L2 Unified Cache Size 4 x 256 KBytes
L3 Unified Cache Size 8192 KBytes
Core 0
Core Speed 3308.5 MHz
Multiplier x 25.0
Bus Speed 132.3 MHz
Rated Bus Speed 2382.1 MHz
Temperature 97 °C
Thread 1
APIC ID 0
Thread 2
APIC ID 1
Core 1
Core Speed 1985.1 MHz
Multiplier x 15.0
Bus Speed 132.3 MHz
Rated Bus Speed 2382.1 MHz
Temperature 98 °C
Thread 1
APIC ID 2
Thread 2
APIC ID 3
Core 2
Core Speed 2646.8 MHz
Multiplier x 20.0
Bus Speed 132.3 MHz
Rated Bus Speed 2382.1 MHz
Temperature 90 °C
Thread 1
APIC ID 4
Thread 2
APIC ID 5
Core 3
Core Speed 2382.1 MHz
Multiplier x 18.0
Bus Speed 132.3 MHz
Rated Bus Speed 2382.1 MHz
Temperature 99 °C
Thread 1
APIC ID 6
Thread 2
APIC ID 7

Shut it down. Leave it plugged in and take the cover off so you can see the CPU heatsink and fan. Use a small brush and a vacuum cleaner hose to remove any dust at the vents (front and back) and near the fans and the heatsink. Turn it on. Watch the fan. It should start up right away. If it does not, or it is slow starting and getting up to speed or is making a noise then it needs to be replace.

Get a program called speedfan from:
http://www.filehippo...nload_speedfan/

Save it. Right click on it and Run As Admin. It will tell you your temperatures in real time. A desktop should run under 40 C at idle.

#8
nytmare

Posted 12 November 2013 - 03:32 AM

Member

Topic Starter
Member
14 posts

fans are fine, its just the thermal paste, gona get some tomorrow. i remember a while back it was pretty much all gone. So that should fix the temp on the cpu a bit i hope

computer is sitting at 47c now

Edited by nytmare, 12 November 2013 - 09:20 PM.

#9
nytmare

Posted 16 November 2013 - 10:08 AM

Member

Topic Starter
Member
14 posts

my problem is still not fixed, someone help

#10
RKinner

Posted 17 November 2013 - 11:40 AM

Malware Expert

Expert
24,624 posts

Have you replaced the thermal paste? What is the highest temp you see now?

#11
nytmare

Posted 18 November 2013 - 08:18 PM

Member

Topic Starter
Member
14 posts

yes i replaced the paste, it sits at 48c and below now

#12
RKinner

Posted 19 November 2013 - 12:23 PM

Malware Expert

Expert
24,624 posts

Now that the PC is not going to melt down we can run some checks:

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. (Does this complain that it could not fix all of your files?).)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Ron

#13
nytmare

Posted 19 November 2013 - 11:22 PM

Member

Topic Starter
Member
14 posts

actually did a chkdsk last night, it fixed a bunch of bad sectors in my hdd.
heres all the scans you asked for.

Attached Files

VEW application.txt 468bytes 152 downloads
VEW system.txt 453bytes 239 downloads
aswMBR log.txt 1.37KB 170 downloads
combofixlog.txt 29.09KB 203 downloads
mbam-log-2013-11-20 (15-48-37).txt 1.81KB 149 downloads
TDSSKiller.2.8.16.0_20.11.2013_15.32.46_log.txt 140.27KB 171 downloads

#14
RKinner

Posted 20 November 2013 - 08:23 PM

Malware Expert

Expert
24,624 posts

Rerun TDSSKiller and Change Skip to Quarantine or Delete for

Akamai

Rerun VEW again. We seldom see a perfectly clean log so expect you may not have rebooted after clearing the alarms.