Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

search donkey malware [Solved]


  • This topic is locked This topic is locked

#1
anti

anti

    Member

  • Member
  • PipPip
  • 36 posts
so i let my gf use my pc the other day and now i have this malware called "search donkey" my antivirus doesnt remove it and all guides i have found tell you to download stuff and i wont do it unless someone i trust is telling me those programs are safe. and u guys have helped me in the past and are awesome!

so once again i call upon your help once again, i need to get rid of search donkey.

heres the otl log:

OTL logfile created on: 11/16/2013 1:17:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.17 Gb Available Physical Memory | 64.68% Memory free
15.98 Gb Paging File | 12.67 Gb Available in Paging File | 79.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.73 Gb Total Space | 300.33 Gb Free Space | 32.55% Space Free | Partition Type: NTFS
Drive D: | 7.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 931.39 Gb Total Space | 628.61 Gb Free Space | 67.49% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: ANTI-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/11/16 01:17:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/11/15 22:18:19 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/11/12 17:53:06 | 003,783,672 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2013/11/10 00:55:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/11/01 04:29:28 | 000,756,840 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2013/10/28 21:09:38 | 000,534,896 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\OriginClientService.exe
PRC - [2013/10/23 02:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/10/17 19:35:01 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/10/17 19:34:28 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/10/17 19:34:27 | 001,224,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
PRC - [2013/10/09 16:11:04 | 003,561,816 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2013/10/09 10:46:07 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/10/02 22:06:52 | 000,252,552 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
PRC - [2013/10/02 22:06:52 | 000,252,552 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
PRC - [2013/10/02 22:06:52 | 000,252,552 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
PRC - [2013/10/02 22:06:36 | 000,298,120 | ---- | M] (Updater) -- C:\ProgramData\Updater\updater.exe
PRC - [2013/10/01 15:51:14 | 002,345,296 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/10/01 01:23:16 | 000,152,392 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.exe
PRC - [2013/09/03 15:17:22 | 000,832,360 | ---- | M] (Spigot, Inc.) -- C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.exe
PRC - [2013/07/26 19:44:26 | 006,381,192 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2013/07/02 08:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2013/06/01 22:26:50 | 005,611,528 | ---- | M] (Thorvald Natvig) -- C:\Program Files (x86)\Mumble\mumble.exe
PRC - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/20 19:28:20 | 007,084,672 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2013/01/10 14:12:20 | 001,103,424 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2011/11/03 08:08:56 | 001,149,288 | ---- | M] (ESN Social Software AB) -- C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/12/03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/07/17 14:07:58 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/06/24 18:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/15 22:18:18 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/28 21:09:39 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll
MOD - [2013/10/23 15:14:14 | 000,031,752 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\l4d2.dll
MOD - [2013/10/23 15:14:14 | 000,022,536 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\borderlands2.dll
MOD - [2013/10/23 15:14:14 | 000,019,976 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\sr.dll
MOD - [2013/10/09 10:46:06 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/07/30 13:20:31 | 000,037,384 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\gmod.dll
MOD - [2013/07/30 13:20:30 | 000,037,384 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\insurgency.dll
MOD - [2013/07/30 13:20:30 | 000,023,560 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\borderlands.dll
MOD - [2013/07/30 13:20:30 | 000,022,536 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\etqw.dll
MOD - [2013/07/30 13:20:30 | 000,022,024 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\cs.dll
MOD - [2013/07/30 13:20:30 | 000,021,000 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\gtaiv.dll
MOD - [2013/07/30 13:20:30 | 000,020,488 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\ut2004.dll
MOD - [2013/07/30 13:20:30 | 000,020,488 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\breach.dll
MOD - [2013/06/29 14:58:21 | 000,024,584 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\wolfet.dll
MOD - [2013/06/29 14:58:20 | 000,032,264 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\ut99.dll
MOD - [2013/06/29 14:58:20 | 000,022,536 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\l4d.dll
MOD - [2013/06/29 14:58:20 | 000,018,952 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\link.dll
MOD - [2013/06/29 14:58:19 | 000,022,536 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\gw.dll
MOD - [2013/06/29 14:58:19 | 000,022,024 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\blacklight.dll
MOD - [2013/06/29 14:58:18 | 000,038,920 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\bf3.dll
MOD - [2013/06/29 14:58:18 | 000,036,872 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\aoc.dll
MOD - [2013/06/29 14:58:18 | 000,020,488 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\bfheroes.dll
MOD - [2013/06/29 14:58:18 | 000,020,488 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\bfbc2.dll
MOD - [2013/06/29 14:58:18 | 000,020,488 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\arma2.dll
MOD - [2013/06/29 14:58:17 | 000,038,920 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\bf2.dll
MOD - [2013/06/29 14:58:17 | 000,020,488 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\bf1942.dll
MOD - [2013/06/01 22:27:00 | 000,106,504 | ---- | M] () -- C:\Program Files (x86)\Mumble\zlib1.dll
MOD - [2013/06/01 22:26:54 | 000,219,144 | ---- | M] () -- C:\Program Files (x86)\Mumble\opus.dll
MOD - [2013/06/01 22:26:54 | 000,167,432 | ---- | M] () -- C:\Program Files (x86)\Mumble\speex.dll
MOD - [2013/06/01 22:26:54 | 000,073,224 | ---- | M] () -- C:\Program Files (x86)\Mumble\celt0.0.7.0.sse2.dll
MOD - [2013/06/01 22:26:52 | 000,133,640 | ---- | M] () -- C:\Program Files (x86)\Mumble\mumble_ol.dll
MOD - [2013/06/01 22:26:52 | 000,089,096 | ---- | M] () -- C:\Program Files (x86)\Mumble\celt0.0.11.0.sse2.dll
MOD - [2013/06/01 21:23:04 | 000,031,816 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\wow.dll
MOD - [2013/06/01 21:23:04 | 000,023,624 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\sto.dll
MOD - [2013/06/01 21:23:04 | 000,022,600 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\lotro.dll
MOD - [2013/06/01 21:23:04 | 000,021,064 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\ut3.dll
MOD - [2013/06/01 21:23:02 | 000,037,960 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\dys.dll
MOD - [2013/06/01 21:23:02 | 000,023,112 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\lol.dll
MOD - [2013/06/01 21:23:02 | 000,020,552 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\jc2.dll
MOD - [2013/06/01 21:23:00 | 000,023,624 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\cod4.dll
MOD - [2013/06/01 21:23:00 | 000,021,064 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\codmw2so.dll
MOD - [2013/06/01 21:23:00 | 000,021,064 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\codmw2.dll
MOD - [2013/06/01 21:23:00 | 000,021,064 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\cod5.dll
MOD - [2013/06/01 21:23:00 | 000,021,064 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\cod2.dll
MOD - [2013/06/01 21:22:58 | 000,022,600 | ---- | M] () -- C:\Program Files (x86)\Mumble\plugins\bf2142.dll
MOD - [2012/12/16 22:22:04 | 004,002,304 | ---- | M] () -- C:\Program Files (x86)\Mumble\libmysql.dll
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/13 21:27:46 | 002,304,512 | ---- | M] () -- C:\Program Files (x86)\Mumble\libsndfile-1.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/01 04:29:28 | 000,756,840 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV:64bit: - [2013/10/17 19:35:51 | 015,122,208 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 17:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/17 11:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/11/15 22:18:18 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/12 17:53:06 | 003,783,672 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013/11/10 00:55:08 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/10/30 13:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/23 02:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/10/17 19:34:28 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/09 10:46:07 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/01 15:51:14 | 002,746,704 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/13 13:32:52 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013/08/13 08:44:22 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/30 20:03:23 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/20 19:28:20 | 007,084,672 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2013/02/15 13:01:52 | 001,143,720 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/06/26 09:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/12 17:53:09 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2013/11/12 17:53:04 | 000,183,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2013/11/12 17:53:03 | 001,120,032 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib.sys -- (tib)
DRV:64bit: - [2013/11/12 17:53:01 | 001,462,560 | ---- | M] (Acronis International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2013/11/12 17:52:47 | 000,161,568 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2013/11/12 17:52:45 | 000,117,024 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)
DRV:64bit: - [2013/11/12 17:52:43 | 000,233,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2013/11/12 17:52:41 | 000,108,832 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2013/11/01 04:29:28 | 000,114,720 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)
DRV:64bit: - [2013/09/27 17:01:44 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/06/16 06:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/08/06 10:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/17 11:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 11:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 08:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/11/02 00:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {07135E3D-7766-44C8-9FEC-FC459D17E16C}
IE:64bit: - HKLM\..\SearchScopes\{07135E3D-7766-44C8-9FEC-FC459D17E16C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {300FBBA8-BEA3-4CD0-B27F-665FD1B6F6FA}
IE - HKLM\..\SearchScopes\{300FBBA8-BEA3-4CD0-B27F-665FD1B6F6FA}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {D31C9828-9C09-4A5E-8AB1-4DD03FFBB590}
IE - HKCU\..\SearchScopes\{300FBBA8-BEA3-4CD0-B27F-665FD1B6F6FA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D31C9828-9C09-4A5E-8AB1-4DD03FFBB590}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.6:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo....type=714647&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.1: C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2010/08/13 01:31:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/08/13 01:31:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/11/16 01:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\extensions
[2013/09/15 22:40:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/04/05 00:58:50 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\extensions\[email protected]
[2013/09/04 15:20:29 | 000,868,738 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013/10/09 15:43:44 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/12 21:18:28 | 000,000,915 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\searchplugins\yahoo.xml
[2013/11/15 22:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/15 22:18:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2012/01/11 03:24:05 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LaCie Shortcut Startup] C:\Program Files (x86)\LaCie\Shortcut Button\LaCieShortcutTrayApp.exe (LaCie)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKCU..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)
O4 - HKCU..\Run: [EPSON WorkForce 520 Series] "C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIA.EXE" /FU "C:\Windows\TEMP\E_SF649.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [SearchProtection] C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - HKCU..\Run: [Steam Wallet Hack Generator.exe] C:\Users\Owner\AppData\Roaming\Steam Wallet Hack Generator.exe ()
O4 - HKCU..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKCU..\Run: [WorkForce 610(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_S4831.tmp" /EF "HKCU" File not found
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_5.0.23.0.cab (Battlefield Heroes Updater)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield....er_1.0.27.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.26.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C088781E-B741-4FD7-AB01-02A93DBBFB57}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/07/26 18:37:07 | 000,000,135 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{46e66168-99b7-11df-b8b7-002564d043c7}\Shell - "" = AutoRun
O33 - MountPoints2\{46e66168-99b7-11df-b8b7-002564d043c7}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6c8aace5-9f02-11e1-9787-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6c8aace5-9f02-11e1-9787-806e6f6e6963}\Shell\AutoRun\command - "" = SETUP.EXE -- [2010/09/03 23:20:20 | 000,598,344 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/16 01:17:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/11/15 22:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/14 18:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/11/14 18:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/11/14 13:00:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\pics for frame
[2013/11/13 15:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchDonkey
[2013/11/12 22:15:14 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2013/11/12 22:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7 Days to Die
[2013/11/12 22:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\7DaysToDie-Alpha
[2013/11/12 22:13:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\7DTD_Alpha_2_win64
[2013/11/12 21:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
[2013/11/12 21:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\RHelpers
[2013/11/12 21:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2013/11/12 21:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2013/11/12 21:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo Browser Settings
[2013/11/12 17:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2013/11/12 17:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2013/11/12 17:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2013/11/12 17:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2013/11/12 00:06:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\7 Days to Die
[2013/11/10 00:37:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Infestation Survivor Stories
[2013/11/10 00:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infestation Survivor Stories
[2013/11/09 14:52:21 | 000,000,000 | ---D | C] -- C:\Nether
[2013/11/09 14:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\NetherLauncher
[2013/10/29 14:52:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\pbsetup
[2013/10/29 14:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/10/29 14:16:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Battlefield 4
[2013/10/29 14:14:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ESN
[2013/10/29 09:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
[2013/10/29 09:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2013/10/29 09:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/10/28 21:09:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Origin
[2013/10/28 21:09:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Origin
[2013/10/28 21:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013/10/28 21:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013/10/26 11:40:35 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/10/22 20:19:02 | 000,000,000 | ---D | C] -- C:\021cab80c00e94ffe86c01
[2013/10/22 20:02:00 | 000,000,000 | ---D | C] -- C:\b01a67f4f9784bc4a4
[2013/10/22 18:42:19 | 000,000,000 | ---D | C] -- C:\6968a054ecd560674e3f
[2013/10/22 17:35:50 | 000,000,000 | ---D | C] -- C:\bb61f7ffadd740839dde7ab8
[2013/10/22 17:28:54 | 000,000,000 | ---D | C] -- C:\563aa925fdcbdbcd2cc04a9068060e
[2013/10/19 15:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Damned
[2013/10/19 15:46:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2013/10/19 15:46:01 | 000,000,000 | ---D | C] -- C:\Python27
[2013/10/18 22:19:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\64
[2013/10/18 20:03:17 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/10/01 01:35:40 | 000,112,968 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\ITDetector.ocx
[2013/10/01 01:23:16 | 000,293,192 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesOutlookAddIn.dll
[2013/10/01 01:23:16 | 000,152,392 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.exe
[2013/10/01 01:23:16 | 000,148,808 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.dll
[2013/10/01 01:23:14 | 009,789,256 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.exe
[2013/10/01 01:23:14 | 000,405,320 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesAdmin.dll
[2013/10/01 01:23:08 | 025,251,656 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.dll
[2013/10/01 01:23:06 | 003,015,008 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_dsp.dll
[2013/10/01 01:23:06 | 000,776,216 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_sdkmanager.dll
[2013/10/01 01:23:06 | 000,262,680 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_submit.dll
[2013/10/01 01:23:06 | 000,219,672 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_musicid.dll
[2013/09/30 23:50:58 | 001,741,128 | ---- | C] (Apple, Inc) -- C:\Program Files (x86)\iAdCore.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/16 01:17:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/11/16 00:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/16 00:38:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/15 18:15:28 | 000,098,220 | ---- | M] () -- C:\Users\Owner\Desktop\friday.jpg
[2013/11/15 18:11:54 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
[2013/11/15 18:11:53 | 000,002,369 | ---- | M] () -- C:\Users\Owner\Desktop\quick reconnect.lnk
[2013/11/15 18:11:53 | 000,001,551 | ---- | M] () -- C:\Users\Owner\Desktop\1964 - Shortcut.lnk
[2013/11/15 18:11:53 | 000,000,994 | ---- | M] () -- C:\Users\Owner\Desktop\Core Temp.lnk
[2013/11/15 18:11:53 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2013/11/15 18:11:53 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\7 Days to Die - Alpha.lnk
[2013/11/15 18:11:53 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013/11/15 17:06:12 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/11/15 15:21:17 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/11/15 03:38:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/14 17:42:54 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/14 17:42:54 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/14 17:41:05 | 000,795,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/14 17:41:05 | 000,671,152 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/14 17:41:05 | 000,126,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/14 17:40:22 | 000,178,844 | ---- | M] () -- C:\Users\Owner\Desktop\friday.png
[2013/11/14 17:34:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/14 17:34:33 | 2140,495,871 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/12 22:12:35 | 365,823,766 | ---- | M] () -- C:\Users\Owner\Desktop\7DTD_Alpha_2_win64.zip
[2013/11/12 21:09:03 | 000,000,640 | ---- | M] () -- C:\Users\Owner\Desktop\movies - Shortcut.lnk
[2013/11/12 20:35:01 | 000,000,812 | ---- | M] () -- C:\Users\Owner\Desktop\Steam - Shortcut.lnk
[2013/11/11 23:11:51 | 000,291,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/11/10 00:55:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/11/10 00:37:48 | 000,001,095 | ---- | M] () -- C:\Users\Owner\Desktop\Infestation Survivor Stories.lnk
[2013/11/09 14:38:18 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\Nether.lnk
[2013/11/01 04:29:28 | 000,154,312 | ---- | M] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
[2013/11/01 04:29:28 | 000,114,720 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
[2013/11/01 04:29:28 | 000,104,872 | ---- | M] (Webroot) -- C:\Windows\SysNative\WRusr.dll
[2013/10/29 14:52:36 | 000,716,526 | ---- | M] () -- C:\Users\Owner\Desktop\pbsetup.zip
[2013/10/29 09:48:43 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4.lnk
[2013/10/29 09:48:43 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[2013/10/28 21:09:19 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/10/27 11:09:57 | 000,217,219 | ---- | M] () -- C:\Users\Owner\Desktop\dayzloadings.jpg
[2013/10/23 04:30:23 | 000,023,287 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/10/23 02:20:03 | 003,426,956 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/10/18 22:51:50 | 000,001,035 | ---- | M] () -- C:\Windows\kaillera.ini
[2013/10/18 22:38:49 | 014,796,360 | ---- | M] () -- C:\Users\Owner\Desktop\mariotennis.zip
[2013/10/18 22:18:34 | 008,229,276 | ---- | M] () -- C:\Users\Owner\Desktop\1964_11.rar
[2013/10/18 22:17:40 | 010,122,352 | ---- | M] () -- C:\Users\Owner\Desktop\mariokart64.zip
[2013/10/18 22:06:09 | 000,000,874 | ---- | M] () -- C:\Users\Owner\Desktop\BitTorrent.lnk
[2013/10/18 22:06:09 | 000,000,854 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2013/10/18 20:18:00 | 005,849,088 | ---- | M] () -- C:\Users\Owner\Desktop\hamachi(2).msi
[2013/10/18 20:05:19 | 000,787,876 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/15 18:14:26 | 000,098,220 | ---- | C] () -- C:\Users\Owner\Desktop\friday.jpg
[2013/11/14 17:40:20 | 000,178,844 | ---- | C] () -- C:\Users\Owner\Desktop\friday.png
[2013/11/12 22:15:14 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\7 Days to Die - Alpha.lnk
[2013/11/12 22:10:46 | 365,823,766 | ---- | C] () -- C:\Users\Owner\Desktop\7DTD_Alpha_2_win64.zip
[2013/11/12 21:18:40 | 000,000,994 | ---- | C] () -- C:\Users\Owner\Desktop\Core Temp.lnk
[2013/11/12 21:09:03 | 000,000,640 | ---- | C] () -- C:\Users\Owner\Desktop\movies - Shortcut.lnk
[2013/11/12 20:35:01 | 000,000,812 | ---- | C] () -- C:\Users\Owner\Desktop\Steam - Shortcut.lnk
[2013/11/10 00:37:48 | 000,001,095 | ---- | C] () -- C:\Users\Owner\Desktop\Infestation Survivor Stories.lnk
[2013/11/09 14:38:18 | 000,000,784 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nether.lnk
[2013/11/09 14:38:18 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\Nether.lnk
[2013/10/29 14:52:37 | 000,716,526 | ---- | C] () -- C:\Users\Owner\Desktop\pbsetup.zip
[2013/10/29 09:48:43 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4.lnk
[2013/10/29 09:48:43 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[2013/10/28 21:09:19 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/10/27 11:02:18 | 000,217,219 | ---- | C] () -- C:\Users\Owner\Desktop\dayzloadings.jpg
[2013/10/18 22:38:38 | 014,796,360 | ---- | C] () -- C:\Users\Owner\Desktop\mariotennis.zip
[2013/10/18 22:27:27 | 000,001,035 | ---- | C] () -- C:\Windows\kaillera.ini
[2013/10/18 22:20:17 | 000,001,551 | ---- | C] () -- C:\Users\Owner\Desktop\1964 - Shortcut.lnk
[2013/10/18 22:18:28 | 008,229,276 | ---- | C] () -- C:\Users\Owner\Desktop\1964_11.rar
[2013/10/18 22:17:34 | 010,122,352 | ---- | C] () -- C:\Users\Owner\Desktop\mariokart64.zip
[2013/10/18 20:19:29 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013/10/18 20:18:02 | 005,849,088 | ---- | C] () -- C:\Users\Owner\Desktop\hamachi(2).msi
[2013/10/17 12:44:12 | 002,075,124 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Steam Wallet Hack Generator.exe
[2013/10/14 13:07:21 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2013/10/01 01:38:38 | 000,122,375 | ---- | C] () -- C:\Program Files (x86)\Acknowledgements.rtf
[2013/09/09 19:59:19 | 000,000,044 | ---- | C] () -- C:\Users\Owner\pb000007.htm
[2013/09/09 19:51:06 | 000,000,044 | ---- | C] () -- C:\Users\Owner\pb000001.htm
[2013/09/08 22:19:25 | 000,004,229 | ---- | C] () -- C:\Users\Owner\pbsv.cfg
[2013/09/04 15:26:38 | 000,014,493 | ---- | C] () -- C:\Users\Owner\AADevTools.ini
[2013/09/04 15:25:14 | 000,000,293 | ---- | C] () -- C:\Users\Owner\aahub.ini
[2013/09/04 15:24:55 | 000,000,159 | ---- | C] () -- C:\Users\Owner\aauconfig.ini
[2013/09/04 15:24:24 | 000,000,143 | ---- | C] () -- C:\Users\Owner\masconfig.ini
[2013/09/04 14:38:51 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_pg.exe
[2013/05/16 21:15:11 | 000,000,867 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\BreakingPoint_Options.ini
[2013/03/07 15:23:51 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/09/28 22:02:48 | 000,000,093 | -H-- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2010/07/19 02:25:15 | 000,001,618 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/12/06 21:43:40 | 000,000,075 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/26 16:09:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.minecraft
[2013/09/04 17:13:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\3909
[2010/07/11 22:09:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2013/06/05 23:02:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Awesomium
[2011/11/05 15:42:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BF3CC
[2013/11/12 21:10:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitTorrent
[2013/10/05 01:42:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2013/03/20 19:17:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson
[2010/12/05 21:44:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Genie-Soft
[2011/02/13 13:50:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient
[2012/05/29 22:33:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient2
[2013/11/16 01:18:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mumble
[2013/09/24 15:44:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OBS
[2013/10/28 22:21:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Origin
[2013/09/23 22:44:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Publish Providers
[2013/08/12 18:05:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Search Protection
[2013/10/10 17:22:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sony
[2012/04/19 23:37:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SplitMediaLabs
[2011/01/23 01:03:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2013/10/21 15:02:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\The Creative Assembly
[2013/10/22 14:16:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TS3Client
[2013/04/09 16:00:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ubisoft
[2011/04/23 22:16:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\wargaming.net
[2013/04/05 00:58:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2013/03/07 15:50:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wizards of the Coast
[2013/03/08 02:59:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\YOUDONTKNOWJACK

========== Purity Check ==========



< End of report >

Edited by anti, 16 November 2013 - 02:08 AM.

  • 0

Advertisements


#2
anti

anti

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
extra tests:

OTL Extras logfile created on: 11/16/2013 1:17:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.17 Gb Available Physical Memory | 64.68% Memory free
15.98 Gb Paging File | 12.67 Gb Available in Paging File | 79.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.73 Gb Total Space | 300.33 Gb Free Space | 32.55% Space Free | Partition Type: NTFS
Drive D: | 7.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 931.39 Gb Total Space | 628.61 Gb Free Space | 67.49% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: ANTI-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0404302E-4210-464A-B5D5-1D170031E44E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{074EF42D-CCAE-4CAE-A6BA-D0211329E7A6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{09140D08-1928-4CE7-AA0D-192BEB020FDD}" = rport=139 | protocol=6 | dir=out | app=system |
"{0CBE0086-D36E-4CBE-BE0F-A128918502EB}" = lport=137 | protocol=17 | dir=in | app=system |
"{0D21B84F-F094-4181-9D45-C85CD3AE8E87}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{11200ABB-4589-4B52-9DA1-8C72E2C59149}" = lport=2869 | protocol=6 | dir=in | app=system |
"{137ABD40-5C20-40CD-A161-9EEF1E576433}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{139D01D5-2A53-4108-8CDE-5C1FABDCF3E4}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{21D3BBDD-806D-474B-99E0-6263C6D02376}" = lport=6899 | protocol=6 | dir=in | name=league of legends launcher |
"{29A2EE8D-8780-47A4-B978-547F0A5775C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B5D2D4D-AB9B-4D98-8B24-D0042262DCF2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3186F5B7-DCD0-46F9-A4A7-A26F3C5FDB9A}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{39537252-4D0B-4C23-85EF-8E7484B95CAB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3C13A597-B9F8-447B-B213-F27A507FA7C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3D3AA5D1-6E75-4DEF-AA46-67D35ADC33FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E6C9101-1D1E-438B-8639-6351A8488AB9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{402CDC3E-A5C7-49B7-9F1E-C1B269F6CD8F}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{4579CD2F-86CD-43C8-BCE3-2A6C843330FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{47031D53-66C0-4222-A483-70EC26FD92BC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{47D4078F-5227-4097-BF20-6948406DCD5B}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{4AB1E012-E801-4AB4-BA6A-BEFE49186CCE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BFF8CBC-F735-45B3-BB35-9CBFE80FA07C}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{594204B8-3A76-40A9-A6FA-555B622208EB}" = rport=445 | protocol=6 | dir=out | app=system |
"{5A8F4327-8EBE-45FA-9B11-D872D7B7216C}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{5BF5F3A5-994E-426B-ADCC-95F160F72AED}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{60F1C900-9DA5-4E0A-95ED-8BF1730873FA}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{66B448CB-ECBA-47C7-9BDA-EA801A513A0C}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{6AE16305-FDED-475A-9F26-7D8D771DB47A}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{6BF91FE4-2552-417F-9F13-38C0B071596C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{71A3C5CC-97EA-4BCC-9D8B-2789EB712C74}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{77007FA0-13F6-4FC1-9682-01D26E280A8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77DB2F2B-E60A-48FE-85A4-D7B5692DAE41}" = rport=138 | protocol=17 | dir=out | app=system |
"{7C06002F-35A7-44C0-A787-A53CE12AC795}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{870497B6-E928-48EE-A579-CA5AA3D1A4F4}" = lport=445 | protocol=6 | dir=in | app=system |
"{87E510F2-CC4E-4A48-8E5B-A5252F111D1B}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{89C72E90-6BA4-4692-8A27-73652542B210}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8C0CC7E6-5334-4FE7-94A5-1E627E7282C5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{91B0238C-8386-4E83-87B5-C15211554B3F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{94FC025B-BED1-4623-8EB4-60358795CA45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{99902AAD-B1F2-4ADA-BFAE-51E9646E140A}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{9A8E932A-7213-4AD1-950F-FCB177B06F34}" = lport=6899 | protocol=17 | dir=in | name=league of legends launcher |
"{9FCB1680-855E-43FB-ADFA-530E5E9692E8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A3AAC743-1566-4E65-846D-4600C8AA79B2}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher |
"{B1044B62-C4AF-4964-8723-AD9B0C4E4FE7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B930C578-AF02-4E18-A1D1-AAFE0B1DA92E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BE61F978-74B4-4F2F-9B77-7F5F4635B010}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C3E48137-5108-4935-A57A-63DDD4031EFE}" = lport=139 | protocol=6 | dir=in | app=system |
"{C6ECBFA9-A0BB-423D-A65B-A4080867D3BB}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |
"{C90BF949-68B2-47A5-AAC4-E22D610E1730}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C94A92C3-95AA-409E-8123-0B9C057FCFAC}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{CD8C1064-D5EE-466E-884A-319C3E5A2EE2}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{CDF4EE4A-2161-4AE4-9342-FE84FAF2C19B}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{D37510B9-4418-4114-AA3F-BA8204BADEA4}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{DB1583C9-AB0C-4E22-9732-8D991B6B00AE}" = rport=137 | protocol=17 | dir=out | app=system |
"{E168A76A-D8F1-4ADB-A963-D5FCFF523B02}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{F02C61BE-8781-408E-920D-90E1EC1CD19E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F7A12A8A-3899-44E3-A4AF-5E3DB0156C67}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FA68252A-9146-4433-9F50-31FFCD279032}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FFF0CE1F-9DF4-4A76-A838-E16D1CE102E8}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{FFF1BAFE-7027-4DE7-BC2F-F6A75BABB4BC}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008B2BCA-CD77-4047-B73B-79A968FE4720}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{00A5E98A-C0C6-4E04-A94E-8687A921DE0E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{01070C40-6218-4146-B496-E0BB69CC1F93}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\call of duty ghosts\iw6sp64_ship.exe |
"{02B8634C-288F-4BCE-A026-2EDD743E8C4B}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{03A6AFD8-5FDF-4339-8FEF-067EDF0E7FC4}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{045100A5-3684-44B3-B9CF-C0298C1B26B8}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{0484E8E5-DB3A-46A8-ABAC-6D4171FDE7DA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{074688BE-13BC-4025-90D9-0CD399349C54}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win32\udk.exe |
"{08720BDE-5565-4A3D-B09F-C316E50BA4E1}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\america's army\aapg\binaries\aalauncher32.exe |
"{088A7809-9AC3-4C97-B998-717701D5055F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{09449098-F1EF-4670-815E-AC911D6F89D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{0ACB6815-907E-4F59-B5FC-D0EE2B57B2F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{0B081708-E508-4DD0-8C3D-CEEF2E4BA659}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{0B2CF1D9-A43C-4490-AF0A-F780890EAE59}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\godus\windows\godus.exe |
"{0B7BC14E-43AE-49C3-88C9-2DF508955D81}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0BF6D6AB-D18B-4A6B-A34D-8C2E2D546FA7}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\call of duty ghosts\iw6mp64_ship.exe |
"{0CEE6840-9BA8-492C-B4C6-2E29A846B315}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{0CF72EEE-8A1F-4E8C-BB5D-D696D2C7EFA9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{0FBA5080-EE1D-4C67-A16E-F0B7F7AEB75A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{1068620D-FAFF-4F9F-BB4B-168D9522BE6B}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\napoleon total war\napoleon.exe |
"{1123E8F4-4226-4774-B82E-76C3AB9F9EF2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{148D9A6D-0853-4D5B-BD02-908996D92C65}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{15872659-34DC-4B6B-8FB6-6F6DDEC37801}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{17E988AA-9AAB-46F9-A0C1-750EB8BFC39A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty ghosts\iw6mp64_ship.exe |
"{180E63F9-65EF-46BC-821F-16A562EEAB36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{183F9B40-901D-44EA-A4EE-20FCD765B14B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{18E55B03-12F4-4435-9A92-9141870EC312}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{19902920-F4B6-4430-A403-6070F67FC329}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{1B422D16-5F8B-4178-AC47-AAD38FCA474D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1B469E35-73C7-454B-B2D7-2F687BB738D0}" = dir=out | app=c:\program files\7daystodie-alpha\7daystodie.exe |
"{1BE75425-88F2-4CD9-A3A7-A9FA9B1AAF91}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nether\launcher\launcher.exe |
"{1D675649-E8A7-4BB5-AD92-55C080233ADB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{1EA02CAD-3CAB-43AD-9042-53207396FE59}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{21863FE3-B5EF-4957-9FCF-7597B8353049}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\i am alive\src\system\iamalive_game.exe |
"{223BBC20-A18D-4080-81D5-666A207E2892}" = protocol=17 | dir=in | app=c:\program files (x86)\dolbyaxon\axon.exe |
"{2495214E-698D-4CAD-A6C3-D9F528EECA3A}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\arma 2\arma2.exe |
"{250E4D62-41BB-4375-A2BC-281B18D20F48}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{254DB6F4-DC8C-4117-835C-39552CCA52FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{269CF3A5-0F21-4D10-BC23-C292CB2BBEAB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{2767EAE1-D3DA-44DF-810B-ED370061A384}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\you don't know jack\bin\win\jackgame.exe |
"{28079D3E-E45F-4F12-8686-8C5397801830}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{29CF4D50-1AA7-4771-B4C9-E8016B3AFEE4}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{2BC32CBA-4FD3-4119-9F7A-1DF8C405C10C}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\arma 2\arma2.exe |
"{2C932A42-89E0-416B-AF95-808449D28DC0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{323D15D9-53C5-4BDE-A56A-6D3071779837}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{32B80BA9-9838-492D-805A-E702B0E93204}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{3340E597-14DB-4E3F-94D4-5EE1EB1B5CE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nether\launcher\launcher.exe |
"{34941284-CB23-4CB8-81D4-67423FEE8043}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\you don't know jack\bin\win\jackgame.exe |
"{3526AFE1-3A22-4A69-9096-E84E51685395}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{359E8E4D-55D3-4BBA-90B9-D63F4C2176D8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{35D865D1-EBBA-4A12-96DC-9DD422AC51B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\i am alive\src\system\iamalive_game.exe |
"{35F4C211-3B2C-44ED-B757-7083EB0B3D9C}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{3633AD4A-EE73-48E7-B9D8-FB074C31CD37}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{36C8F176-700C-4615-B588-AB6D8852EB4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty ghosts\iw6sp64_ship.exe |
"{372013B1-2E39-49FB-82A6-F2CA4C505BED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{3859A66F-25CE-4770-869C-AFD05FCFD94E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kerbal space program demo\ksp.exe |
"{399D4935-F3CD-4B98-BB99-6C166A292CF0}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\takedown red sabre early access\binaries\takedownlauncher.bat |
"{3A3DBA70-303C-4E62-8076-3E05BD483AAC}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\godus\windows\godus.exe |
"{3D570D3A-B598-496C-AD0D-683F4AD12DBB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E105D69-10B1-426F-B9D0-2E333C7D4208}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\qball1460\counter-strike\hl.exe |
"{405E4F6F-1E87-4620-9548-FB0CB003A7E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\takedown red sabre early access\binaries\takedownlauncher.bat |
"{414B462B-811E-4672-BD59-75B5DAA517A3}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\nether\launcher\launcher.exe |
"{46F948EA-2599-40AE-9FD8-1F052AF90A34}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{4728AAEC-BE17-4E94-824A-6D189456CB65}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe |
"{476594D3-6046-49C5-BEC1-3AFB4063C7BF}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{4821FC46-EB27-4070-9827-BC903EF134E0}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{48721CAA-80B7-4AB6-AC92-18405551A9E3}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{4CA26EA2-4767-47E3-A978-AC6CDF0E3DD2}" = protocol=58 | dir=out | [email protected],-503 |
"{4D98E2FC-A444-408A-8AC1-78CEE6557FF3}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{4DDB087A-1473-4C28-9FB9-BC92B873DA42}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4EBDBB80-FB22-439E-841E-6B7C82CB153C}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{52D4ED9C-484E-452D-8A3A-367D64C30D45}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\payday 2\payday2_win32_release.exe |
"{548BABAE-9558-4664-BC07-27746125B584}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win64\udkeditor.exe |
"{54B5E62D-91CE-410C-95AB-F5E7609DDCC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kerbal space program demo\ksp.exe |
"{55741DA2-FFA9-4884-AC32-7463EB0B8884}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win64\udkeditor.exe |
"{55A3CB84-8F57-445E-A137-6C144731C4A6}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\call of duty ghosts\iw6sp64_ship.exe |
"{562DE166-13EF-443D-9DD1-7CC843B8961B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\qball1460\counter-strike\hl.exe |
"{585A2A97-B022-4F4D-B086-354683E0313F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{5D1DE8F9-6890-482B-9656-091C6C4F5F86}" = dir=in | app=c:\users\owner\documents\infestation survivor stories\infestation.exe |
"{5E8144F8-6069-4139-8D4D-30ACFBE3E40E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5EB697DA-D277-4FD0-BDB1-7C7182E34AEF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{609159F0-39E5-478B-8427-4ACCE2FF6317}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\damned\damned.exe |
"{6134CEDC-1A76-41A4-9DBB-E270089702FF}" = dir=in | app=c:\program files (x86)\itunes.exe |
"{61A81BD7-EC06-44EB-A9C4-A571ED8E8B35}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{63FEC35A-9389-4C66-AF95-AD5785567ED4}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{64F8A065-C8D3-46F3-822C-9A4D0C6DB8A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{659774B7-C281-4DE2-A77A-07584439DEFB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe |
"{65A1071D-9F38-4D26-ADB7-71586EA4151F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{6610ACA2-9DE0-40DA-9E5D-F396113B8826}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{66E7A4AB-1C09-4259-893E-44F9962280FB}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\godus\windows\godus.exe |
"{67486B20-1751-44C8-89A3-44BB5945A43A}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"{690A8596-5595-4235-BEA5-1651888F7AE9}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\portal\hl2.exe |
"{6A2BE5E0-336A-411A-98C9-4431E4A47BDB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\damned\damned.exe |
"{6C288193-8454-4B8A-BD15-ED3FE848CAAE}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{6CCA69C4-DCCA-4EA5-A36D-797EC2509E5D}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{6CDEF6B6-93AF-44BD-912A-9BD26AAD26EF}" = protocol=58 | dir=in | app=system |
"{6D25D842-E87F-42A0-A1A1-9303759872F8}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\terraria\terraria.exe |
"{6D7C4FB4-DD0E-4EFC-A474-942F29EA2870}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{6DC9A1B1-4477-4254-9123-07B04197A3B0}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{709C64B2-214C-4455-AEFA-14A1D16A04A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{70A7FBE1-4872-4D48-932E-7EAC93487D1A}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\napoleon total war\napoleon.exe |
"{70AC7C41-19F4-4E0F-9B88-751CDC5031BB}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{71513AF3-5647-49EA-B505-C5F0994D085F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{74604825-691C-451C-AA2B-57C5502C6D86}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\america's army\aapg\binaries\aalauncher32.exe |
"{7486ED87-93DF-4391-BF7F-009E10F7715A}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{748CD1C9-C359-41B3-81FB-8E9002F882B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{75D498EF-37D2-4A8C-BDB6-7EC9CA1A4AD9}" = dir=in | app=c:\users\owner\documents\the war z\warz.exe |
"{75FD8667-415E-41F7-9FD9-6B8ABBC8D703}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty ghosts\iw6sp64_ship.exe |
"{76926F0E-DDCC-4652-A49D-564C0F11B484}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{76C63FBA-6D1E-4321-A530-836B9432C4EF}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{7B02CE41-402E-4041-82C0-45A8501A4B0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\i am alive\src\system\iamalive_game.exe |
"{7B99FA41-97C5-4B6C-9048-5355E502CCC5}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{7C32EA31-D99B-4793-B074-3DDE1046B3F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe |
"{81355811-4064-42AD-A59A-25755CA7B6E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{8265A229-846F-4B33-8CD4-A7ABA5F62D5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{8300F9E2-48F9-4780-9BE5-9B6DA6DF638A}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\empire total war\empire.exe |
"{830E64C2-688D-42F2-8CFC-1F1486BBB546}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\aalauncher32.exe |
"{839EC60D-4BDD-404D-A087-DF00400A24BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{83C3FF44-46AA-4878-B6BC-25CF31FBD1A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2 - test build\reliccoh2.exe |
"{85BF8414-BDF4-4102-9A9F-253285CF9300}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{85E760CF-41CB-4F7E-8F79-55DEB9499213}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\call of duty ghosts\iw6mp64_ship.exe |
"{86BA6641-A9AC-4F11-A0FE-6BC1291EAB7C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{879C6152-4D4D-44AC-AC01-3209310D5C5F}" = protocol=58 | dir=in | [email protected],-28545 |
"{87E7F914-0CB3-48D8-ADD8-3EA41F9DF29A}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\bittorrent\bittorrent.exe |
"{8833BD39-B0A5-408E-A6C2-2508F5C787C9}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{886E8E40-089D-4FE6-B7DF-58436606E21F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{887E27A4-8377-4D36-AEC3-F3F6832822AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{88C1D28F-0404-4398-9FC0-DA0715C6C343}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\aalauncher32.exe |
"{8A1D313D-121E-4624-8B4D-D20192FBD2C5}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{8A2F20A8-F051-46A3-AC08-9BCD8E4D4C44}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{8A8A1091-A970-4A27-982D-0005BDE65DE3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe |
"{8BBA661C-A4CD-4B80-8B72-21C0CEC2243B}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{8C22F5A8-B98E-46A8-9920-5D0E50AAAC0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8C35A612-261C-4D15-8A18-8E359175E2DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{8CF29BFE-8B5C-4163-9468-D46833FADAD0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{8CFE2B5B-5078-4CBA-8E1F-53E547CEB98D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{8E387A7E-450B-48D8-8B46-DCA255163DB1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8FF4E53E-813C-4755-8EF6-CB1BE3BDAC28}" = protocol=58 | dir=out | [email protected],-28546 |
"{9423E3D4-140B-4D4D-90DB-BC3CE064FEB4}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{952B6051-CF12-4179-B791-C5C4BC20846A}" = dir=in | app=c:\program files\7daystodie-alpha\7daystodie.exe |
"{95EACBB9-A13B-4CF1-9685-05A674A3F48C}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{96E2FD7A-8265-4593-8EDF-D5C8F4B9D35B}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\payday 2\payday2_win32_release.exe |
"{9758C331-F607-4889-99B9-C8659F1845C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{98711416-D949-4EBC-BF9F-258C7BD09BE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{9928A41C-C6E7-49B7-9AAC-5652556778CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{99437542-E9CA-4F3B-B1A7-6BC09124057A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{99C79A3A-DBFC-419D-8881-B06BE140FA67}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\help.htm |
"{9B644DD7-3210-45D2-A25B-FB17E90E3EB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{9CB20191-940A-4034-B305-046AB787CB85}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9CE73162-8FC8-4C26-B703-0D1348061974}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\nether\launcher\launcher.exe |
"{9D36D7A5-282A-4416-944A-5EF24877F06A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{9D904029-1887-47ED-B9D6-07BCCABBA3C9}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{A0957291-14F8-4F90-80F8-807A60C5A734}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{A16FC4A7-61AD-4F26-9597-EDDCFDFCAE12}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\terraria\terraria.exe |
"{A1B3ADA4-A1E4-4F61-98B4-6443EDCBA54B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday 2\payday2_win32_release.exe |
"{A1D20608-629B-45CD-B80C-B33D0C4E03C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\help.htm |
"{A27523C6-FCD2-45D7-B5CD-72C1B7438AB5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{A50676A6-6EF4-489D-9033-4850773CB735}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{A5CAFCD5-87EB-4484-9FC0-762A6FA0CFE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{A6444CAE-60E6-4C1D-8BAD-01D682405293}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A6EAA3B0-D879-4605-85B5-4FF55F15D156}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{A8293631-13B3-40A1-8C91-84E3C3894BFA}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{A82B042C-D201-4022-BC1E-B3E0AF8F01F1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A976F4A5-F687-4356-8F11-E359F6A011B6}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\i am alive\src\system\iamalive_game.exe |
"{AB5F726B-D435-4745-A537-9F1264F05B21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{ADBB1180-038E-469A-9C27-B8CDCF0B9C4C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{ADEE189C-8554-4B72-9411-394E3F017E44}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{ADF15B67-A27B-4AE1-9151-31791B577389}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{AE7EBB6F-B1B0-4EFB-BD21-3F1BA9ED8FAD}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{AEB5342D-A2C8-475D-BF95-CC7090FFFCC9}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{AEF6A1B9-34FC-4A06-84A4-E638AF9C2008}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\empire total war\empire.exe |
"{AF2E2EE3-3B2F-432F-B0C9-F0E36AD95EAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{B03582A9-CFC7-4DB8-8159-9470600CE95F}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{B05AF8E1-EA3E-4251-B251-7523A6CA43D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{B0ADDF44-93F0-4E3F-91F7-5CAB0DB1B342}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe |
"{B0EFCDA6-4D26-49A2-8996-82E0EC295841}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{B19E4487-D5B2-4FBE-B0C0-E825C5185032}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\bittorrent\bittorrent.exe |
"{B39F6679-CFE0-4C72-BCC6-A82D8C7C40CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B583A25B-CE83-4779-ABD6-1B5C2C0C52C8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B65507B0-EB4B-4F28-9750-27315F675C5F}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\you don't know jack\bin\win\jackgame.exe |
"{B6D22B56-099C-4B28-81BA-00AD6B623685}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{B7534F30-949E-42D4-A19C-27F03B029B7F}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\portal\hl2.exe |
"{B7B3C37F-B450-43C3-B7E8-85F415A0AEB2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B81C5DCC-ADF6-441C-B8BC-E543826E2DAD}" = protocol=17 | dir=in | app=c:\users\owner\downloads\mtgoiii_helper.exe |
"{B9B60DE9-7747-4ACB-831E-3D6D77EB02BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{BADB4EF7-04F2-4CAF-9944-A65E2BC8A67F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BB4A6FF4-72E6-41E2-A219-E47AE5B1A233}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BCAC8C07-137F-43E3-8CB4-44BF9D9743E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{BCE976A4-E9FD-4A22-91AD-A3999B4B67EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2 - test build\reliccoh2.exe |
"{BD2FF544-0C70-4932-9CEF-8573F00519F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{BDA78F39-BC5A-46FD-9A6A-7A7D869B523C}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\damned\damned.exe |
"{BFA95C4B-AEC9-4EFD-B3A5-9BC0EEF60115}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\damned\damned.exe |
"{C089D80D-FBA9-49BC-A2F0-70E3226899DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C09535D3-5765-4E1F-9E95-839C09B1774E}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{C127B64F-67DC-446B-B019-722C3673B450}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{C32B7F4F-3BE2-4D3B-B5C2-1FB2F9AEED3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C395FE54-1C70-41A9-AB9F-D1266856550D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\godus\windows\godus.exe |
"{C3E8F0FD-56B6-49E1-BF5A-3C5DC34D7444}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{C48778D1-B799-484E-B2B7-83BDD78B3163}" = dir=in | app=c:\users\owner\appdata\local\microsoft\skydrive\skydrive.exe |
"{C4999C32-80DC-4E04-8D38-8FC0352B06AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{C4C50FC2-FBC9-47BE-A4E6-814B65E4F1FA}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{C737888B-2B33-49E8-A16C-537574EE6D80}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{C7594E9E-423D-45B4-A08C-1665B3FC010D}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{C7E7318C-9411-41A2-9D8A-595F83100B8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C89CEF9F-D99C-4600-ADD0-6C61F5B74A1B}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{C8A4835D-B1F1-463D-9D36-0ACC7BD4DCCA}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{C93CE464-0202-4829-A6C0-5E34303693F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{CA02F5C9-E10B-4A68-A607-0531B6700061}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{CA62A1BA-BDCF-491B-8D1E-B0F575A41A67}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CA644639-8A2D-4115-9359-2C5859F446AB}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{CA7051DE-7D69-4A70-AB25-834F7E48017C}" = protocol=6 | dir=in | app=c:\users\owner\downloads\mtgoiii_helper.exe |
"{CAFDCD9B-8AE3-4917-A2C0-02F83C888F1C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\help.htm |
"{CC8B901D-9C04-419B-B162-BEE97834C95E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{CCAF464C-D312-4427-AF3C-25AD4E4BF88A}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\takedown red sabre early access\binaries\takedownlauncher.bat |
"{CDFF07B8-2D52-439B-A586-884ADD065B58}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\you don't know jack\bin\win\jackgame.exe |
"{CE3E442D-B8B3-4C7A-B548-5DB0E6E15EF4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{D000B2DA-998B-490E-A2F1-BC5F3EB16B6C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D43C8848-F701-49B8-AD2C-A34FD0A658AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{D500F254-90C7-417E-B0C6-1F62931E5B13}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D5C22979-F452-4C5F-B7D6-735C6931A035}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{D6185709-C283-4221-A7F7-791B5F1C4DE7}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{D92A2683-81AC-4320-B1CD-9D122092C5D7}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{D9524F6A-8034-4434-9D8E-AB586F8B43A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\takedown red sabre early access\binaries\takedownlauncher.bat |
"{D9FED3F1-0047-4932-AAAA-45E9FA393EC5}" = protocol=1 | dir=out | [email protected],-28544 |
"{DB8B2FE9-03F0-4B8E-85AD-18EE31269219}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{DCCA3E5F-9CF8-4855-AB17-3B1D86F7A984}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty ghosts\iw6mp64_ship.exe |
"{E0CDE0B9-7049-4370-ADFA-7C2B725C8C20}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{E143F08A-0BB6-431D-BEC9-BC6DF45545F8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E1FBD302-8692-4809-A7AF-BFA6FF59FF94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2858000-A5DA-4A54-9179-E818E90D4E9D}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{E61D4863-17EC-4DAF-8A5B-C3A9A71BF430}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{E7FB74E8-495D-44ED-A681-655F55A84B6C}" = protocol=6 | dir=out | app=system |
"{E8039910-337F-461B-A0C4-EFE1152498B1}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{E978777B-F8D1-482E-BD27-AA929505A108}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA7A4B28-6589-4CA3-A29B-57453DFFCFC4}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{EA85971D-CB72-4270-9204-EB0D99C0BDC5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{EB2DEA1B-12F1-4A37-84F6-0325D80BEF21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{EDB12BB9-4ABC-40EA-A6AF-2DA903731822}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{EDDFB96D-DDDC-4C76-97C8-93F84A2F2631}" = protocol=1 | dir=in | [email protected],-28543 |
"{EF8815EC-5D30-46E1-B4DD-B48C05CF77D6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFFEA688-7CD8-4238-9B4E-AA01293B65C9}" = protocol=17 | dir=in | app=j:\steam\steamapps\common\portal 2\portal2.exe |
"{EFFEEEA2-FE4D-4C24-BAA5-87425D60D7E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{F21695B2-B355-4C86-B3BA-3948ECFAE152}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"{F28C165D-74D3-40AD-BD6F-150670B2FDE9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F426974F-81CB-493D-940F-E4A8F0094C08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win32\udk.exe |
"{F46C887E-D70F-43F2-95A8-173D30C49294}" = protocol=6 | dir=in | app=j:\steam\steamapps\common\portal 2\portal2.exe |
"{F5F68838-DA9E-4136-AD8E-1559F8438723}" = protocol=6 | dir=in | app=c:\program files (x86)\dolbyaxon\axon.exe |
"{F88191A6-0534-49B9-9197-3A1A11F128F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{F8989DCF-0B60-4B3A-8B8B-DC9E8CF21223}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F899BECF-7287-4083-8C70-658E42F69A99}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FA4E2A3D-C024-4597-974B-F2F60975A50B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{FAD24E7A-A9C4-4918-BB87-3CA325E415B8}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{FB94AEFA-4028-4BC6-B5FB-115ECFC2A8CC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FC401200-A22D-4887-A17A-5E062871887E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\help.htm |
"{FC64B8A2-F9C9-42EA-A1FA-3BBC983A84B5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{FDDE8B28-1F2E-4DA0-822D-092474D1B517}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{FF66C761-99D3-47E5-846F-3A8A2C66B745}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FFAE5259-5156-49DF-A0B2-0E7A9BD1B39E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FFFE9AB1-D2FB-4930-A3E4-1E33A3EC9C75}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"TCP Query User{01212655-CA1B-4A04-ADD7-1193E734AD12}C:\program files (x86)\1clickdownload\1clickdownload.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownload.exe |
"TCP Query User{0C05C72E-20D0-4992-96D2-3BB992449534}C:\users\owner\desktop\breakingpoint.exe" = protocol=6 | dir=in | app=c:\users\owner\desktop\breakingpoint.exe |
"TCP Query User{189D5F0D-A1AE-4163-8767-CF512B2FD6DF}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{2189C03E-AAB6-4654-989F-BD146725BE2A}C:\program files (x86)\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\aces.exe |
"TCP Query User{22425779-360A-4DF9-8E0E-D597D21AF4B1}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{2F1D9D7B-3D40-4060-B46E-232046D27EDD}C:\games\world_of_tanks1\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks1\wotlauncher.exe |
"TCP Query User{3D5CABF6-7596-48A2-814F-08D4DB505344}C:\users\owner\downloads\mtgoiii_helper.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\mtgoiii_helper.exe |
"TCP Query User{3FF7D740-5DF7-4BEE-B616-522988586BD0}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{48DDF9D9-BDAA-4BEF-983E-08080B6C0147}C:\users\owner\desktop\7 days to die\7daystodie.exe" = protocol=6 | dir=in | app=c:\users\owner\desktop\7 days to die\7daystodie.exe |
"TCP Query User{50490446-6CA6-41CD-9A4F-5A642578AD11}C:\program files (x86)\america's army deploy client\aadeployclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\america's army deploy client\aadeployclient.exe |
"TCP Query User{60F787E6-AA29-4B87-B745-5BF0AEDEDB9B}C:\users\owner\downloads\breakingpoint.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\breakingpoint.exe |
"TCP Query User{6A71A86A-EDC8-4B53-9937-C04ED12C5CF3}C:\users\owner\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\gw2.exe |
"TCP Query User{6FCF63D4-4FCB-4BEE-B401-EAB2DC5E55B2}C:\users\owner\downloads\breakingpoint(1).exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\breakingpoint(1).exe |
"TCP Query User{7B523D7B-CF1A-4386-A10F-96AEE321BC66}C:\games\world_of_tanks1\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks1\worldoftanks.exe |
"TCP Query User{90E5059D-4FF7-429E-8101-93A34D6CEAFF}C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe |
"TCP Query User{92444906-7C44-4FE7-BA1D-D2893BC0E915}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{964CDFFB-B974-4657-B6E4-2C06AF0FBA52}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{9C3B410A-D4E1-45CC-9EE9-62795A1008EF}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{B33D1D5F-47EC-4E9E-9424-17C5CED34C73}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{BBE4EC98-0817-4C25-B889-10E86A343FEE}C:\nether\nether\binaries\win64\nether.exe" = protocol=6 | dir=in | app=c:\nether\nether\binaries\win64\nether.exe |
"TCP Query User{C1525613-4166-49E1-AC18-E8AE062E115B}C:\program files (x86)\steam\steamapps\common\takedown red sabre early access\binaries\win64\takedowngame-win64-shipping.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\takedown red sabre early access\binaries\win64\takedowngame-win64-shipping.exe |
"TCP Query User{D369A21C-F86B-45BC-BCD1-B043BB75B357}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{D8ABEF8B-1C4F-4DB4-986E-16F257F8D735}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{DA884A25-0112-4130-9CF5-90A8CBB0A34D}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{E014670C-8F51-4564-9D63-FA2153F47385}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{F129CDB4-9C7C-403F-B0C4-DDA3AD0E6EFD}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{F40B9305-AEFB-40A3-B84E-A189A62EBE09}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{FA278354-8F45-4FFB-8D00-E52701539CF3}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{FBEC2978-9D94-42BA-ACF3-6C0E7BC1D3B6}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{006DB476-F42A-49B8-87ED-53FD8B898392}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{0DAA35CD-3B9A-45CA-8E8E-34E1CACE57E0}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{0DB3802C-CCCA-4FAD-A352-36D76C56DE3E}C:\games\world_of_tanks1\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks1\worldoftanks.exe |
"UDP Query User{19F9F557-3C4B-44BC-A705-C13951702B18}C:\users\owner\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\gw2.exe |
"UDP Query User{1E4A899C-5095-4E17-BA8B-40342F52902C}C:\users\owner\downloads\breakingpoint(1).exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\breakingpoint(1).exe |
"UDP Query User{2116E0E5-23A0-4340-B0D9-DB3DC6F3857D}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{2B6B6A83-E131-427D-ABBE-79B325C16635}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{30E54925-C5C8-4FAF-8FD5-B6D7DF8C918E}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{34CD0F87-9A25-4D64-BE43-2AA8C524A34E}C:\users\owner\downloads\breakingpoint.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\breakingpoint.exe |
"UDP Query User{53A6E914-E947-4AE5-AF6A-045AF784F4D9}C:\users\owner\desktop\breakingpoint.exe" = protocol=17 | dir=in | app=c:\users\owner\desktop\breakingpoint.exe |
"UDP Query User{582DF6D9-0DEB-48D5-BF73-45F73407971B}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{613138F9-7E5A-4E1B-ABEE-FAF19AE1E5D2}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{617FD503-1364-4115-8309-0B14DBA5DEE8}C:\program files (x86)\1clickdownload\1clickdownload.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownload.exe |
"UDP Query User{62F68EDB-0DC4-4B7F-834D-F97CB84CC889}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{7ACEB664-3F8A-4F38-BE10-16C6F07D8C5B}C:\program files (x86)\america's army deploy client\aadeployclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\america's army deploy client\aadeployclient.exe |
"UDP Query User{7DD3B800-BD01-404D-BBF2-B27DA5FF53D8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{872388D6-0C2B-46B1-A0DB-F86FA33A2776}C:\program files (x86)\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\aces.exe |
"UDP Query User{8E4D089D-C9D5-4C73-9CBC-92A12DB3FF25}C:\users\owner\downloads\mtgoiii_helper.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\mtgoiii_helper.exe |
"UDP Query User{94185438-8549-4549-8FEB-9439DEEE863B}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{AED8B407-1FC3-49DD-A5FF-5105E6782C57}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{C3AB51A1-4E69-41E9-AF27-05AB37691FEC}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{C84C1633-70B9-4E3C-B73B-1A4731911517}C:\users\owner\desktop\7 days to die\7daystodie.exe" = protocol=17 | dir=in | app=c:\users\owner\desktop\7 days to die\7daystodie.exe |
"UDP Query User{CEE16469-9C48-4434-9D7C-9056FE2316F7}C:\nether\nether\binaries\win64\nether.exe" = protocol=17 | dir=in | app=c:\nether\nether\binaries\win64\nether.exe |
"UDP Query User{D23A0A2E-3C2B-441D-8EA2-3F3C4B2FA1F9}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{D5FA0570-42A7-4416-8577-EB81CDC4BD6D}C:\games\world_of_tanks1\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks1\wotlauncher.exe |
"UDP Query User{DB428155-475D-4CB7-B0F9-628D03C055A0}C:\program files (x86)\steam\steamapps\common\takedown red sabre early access\binaries\win64\takedowngame-win64-shipping.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\takedown red sabre early access\binaries\win64\takedowngame-win64-shipping.exe |
"UDP Query User{E5648A13-7A85-4874-B9DE-8FAAECE3EF32}C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe |
"UDP Query User{E96C92F6-4603-4509-BBAF-86AEA7CDFB07}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{FEE92313-415E-46BD-B8AF-03B47141EBFE}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC6
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{269F9470-26A4-11E1-83EE-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{29AFE1B0-26A4-11E1-BFD4-F04DA23A5C58}" = MSVCRT Redists
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{58B12CE6-DC97-4350-951A-8A6EB57AC37F}" = Nether Launcher
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 RC
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A535111D-95C8-487F-869E-CE4C239972D2}" = iTunes
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.65
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}" = Microsoft LifeChat
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{E70808B9-78FE-3081-9658-A3C9DBC9A798}" = Microsoft .NET Framework 4.5.1 RC
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.21
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"EPSON WorkForce 520 Series" = EPSON WorkForce 520 Series Printer Uninstall
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"HomeStudentRetail - en-us" = Microsoft Office Home and Student 2013 - en-us
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B74EC0B-2A85-4542-A167-3DE2132E7DAA}" = DayZ Commander
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{11416621-3E19-471E-8A0B-47A787DA418E}_is1" = Genie Backup Manager Pro 8.0(LaCie)
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17936630-5344-4F18-9970-616129E2A114}_is1" = Dolby Axon - 1.5.1.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks 0.7.0_test1
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6204C8-6B1D-4FBA-ADA9-CB6DFF9BF80D}" = America's Army Deploy Client
"{6E2B03EE-B6F4-43F9-B261-02CDB0AFF059}" = XSplit Broadcaster
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{901B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{967E55B4-6DDD-4A2F-BFC7-07F1E327971E}_is1" = 7 Days to Die - Alpha version 2
"{9728B44B-A68A-4481-917B-192A1996868E}" = Shortcut Button
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A016E1-0840-43AE-8434-A18CEDFA833B}" = LogMeIn Hamachi
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Pro
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = Infestation Survivor Stories version 1.0
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D252D346-FDB9-40D6-A361-5368615CF887}" = True Image WD Edition
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" = Updater
"{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1" = Cube World version 0.0.1
"{DBDD570E-0952-475F-9453-AB88F3DD5659}" = Python 2.7.5
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E0955568-4353-4C85-8988-285A8C0F5E87}" = Mumble 1.2.4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E77DA909-3532-4C95-AFEB-06310E88462A}" = System Requirements Lab CYRI
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.246
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"CMN_Deploy_0" = CMN3 4.0
"Diablo III" = Diablo III
"Dxtory2.0_is1" = Dxtory version 2.0.119
"EPSON Scanner" = EPSON Scan
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"GOGPACKPAPERSPLEASE_is1" = Papers, Please
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Open Broadcaster Software" = Open Broadcaster Software
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 10500" = Empire: Total War
"Steam App 105600" = Terraria
"Steam App 12210" = Grand Theft Auto IV
"Steam App 1250" = Killing Floor
"Steam App 15100" = Assassin's Creed
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 203290" = America's Army: Proving Grounds Beta
"Steam App 209160" = Call of Duty: Ghosts
"Steam App 209170" = Call of Duty: Ghosts - Multiplayer
"Steam App 21110" = F.E.A.R.: Extraction Point
"Steam App 21120" = F.E.A.R.: Perseus Mandate
"Steam App 214250" = I Am Alive
"Steam App 218620" = PAYDAY 2
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 224580" = Arma 2: DayZ Mod
"Steam App 231430" = Company of Heroes 2
"Steam App 232810" = Godus
"Steam App 236510" = Takedown: Red Sabre
"Steam App 247730" = Nether
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 251170" = Damned
"Steam App 33900" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 34030" = Napoleon: Total War
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 400" = Portal
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 49520" = Borderlands 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 620" = Portal 2
"Steam App 65800" = Dungeon Defenders
"Steam App 99200" = YOU DON'T KNOW JACK
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"WRUNINST" = Webroot SecureAnywhere
"Yahoo Browser Settings" = Yahoo Browser Settings
"Yahoo! Software Update" = Yahoo! Software Update
"Zynga Toolbar" = Zynga Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"477233b55d082a86" = Company of Heroes Online Launcher (THQ)
"9f2df17776476c05" = Magic The Gathering Online
"af8063ee51cc0619" = BF3CC
"BitTorrent" = BitTorrent
"Dropbox" = Dropbox
"Search Protection" = Search Protection
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/3/2013 4:06:55 PM | Computer Name = Anti-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 9/3/2013 4:07:06 PM | Computer Name = Anti-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 9/4/2013 4:34:20 PM | Computer Name = Anti-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.1.0, time stamp:
0x4f63d546 Faulting module name: vlc.exe, version: 2.0.1.0, time stamp: 0x4f63d546
Exception
code: 0xc0000005 Fault offset: 0x000016d5 Faulting process id: 0x1954 Faulting application
start time: 0x01cea8f38fbf4e18 Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting
module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: 5fb84555-15a1-11e3-8353-002564d043c7

Error - 9/4/2013 4:54:52 PM | Computer Name = Anti-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 9/4/2013 4:54:56 PM | Computer Name = Anti-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 9/4/2013 7:00:22 PM | Computer Name = Anti-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AALauncher32.exe, version: 1.0.0.4, time
stamp: 0x52264ac4 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time
stamp: 0x51db9710 Exception code: 0xc0000005 Fault offset: 0x000343e0 Faulting process
id: 0x1fb8 Faulting application start time: 0x01cea9c1f96cba4c Faulting application
path: C:\Program Files (x86)\Steam\steamapps\common\America's Army\AAPG\Binaries\AALauncher32.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: c63a0753-15b5-11e3-b694-002564d043c7

Error - 9/5/2013 7:34:20 PM | Computer Name = Anti-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AALauncher32.exe, version: 1.0.0.4, time
stamp: 0x5228b0d3 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time
stamp: 0x51db9710 Exception code: 0xc0000005 Fault offset: 0x000343e0 Faulting process
id: 0x24e0 Faulting application start time: 0x01ceaa904e30b05e Faulting application
path: C:\Program Files (x86)\Steam\steamapps\common\America's Army\AAPG\Binaries\AALauncher32.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: af605496-1683-11e3-b694-002564d043c7

Error - 9/5/2013 8:23:37 PM | Computer Name = Anti-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 9/5/2013 8:23:48 PM | Computer Name = Anti-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 9/6/2013 8:24:03 AM | Computer Name = Anti-PC | Source = MsiInstaller | ID = 11720
Description =

Error - 9/6/2013 12:51:43 PM | Computer Name = Anti-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 9/6/2013 12:51:49 PM | Computer Name = Anti-PC | Source = NvStreamSvc | ID = 131073
Description =

[ Broadcom Wireless LAN Events ]
Error - 6/14/2012 1:55:03 PM | Computer Name = Anti-PC | Source = WLAN-Tray | ID = 0
Description = 12:55:00, Thu, Jun 14, 12 Error - Unable to gain access to user store


Error - 5/17/2013 3:33:37 PM | Computer Name = Anti-PC | Source = WLAN-Tray | ID = 0
Description = 14:33:36, Fri, May 17, 13 Error - Unable to gain access to user store


Error - 9/3/2013 4:06:56 PM | Computer Name = Anti-PC | Source = WLAN-Tray | ID = 0
Description = 15:06:55, Tue, Sep 03, 13 Error - Unable to gain access to user store


[ System Events ]
Error - 11/14/2013 7:35:07 PM | Computer Name = Anti-PC | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%2

Error - 11/14/2013 7:35:40 PM | Computer Name = Anti-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the LogMeIn
Hamachi Tunneling Engine service to connect.

Error - 11/14/2013 7:35:40 PM | Computer Name = Anti-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
the following error: %%1053

Error - 11/14/2013 7:35:44 PM | Computer Name = Anti-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 11/14/2013 7:38:58 PM | Computer Name = Anti-PC | Source = bowser | ID = 8003
Description =

Error - 11/14/2013 8:39:53 PM | Computer Name = Anti-PC | Source = Service Control Manager | ID = 7030
Description = The LogMeIn Hamachi Tunneling Engine service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.

Error - 11/14/2013 8:39:56 PM | Computer Name = Anti-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the LogMeIn
Hamachi Tunneling Engine service to connect.

Error - 11/14/2013 8:39:56 PM | Computer Name = Anti-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
the following error: %%1053

Error - 11/15/2013 3:14:26 AM | Computer Name = Anti-PC | Source = BROWSER | ID = 8032
Description =

Error - 11/16/2013 12:06:52 AM | Computer Name = Anti-PC | Source = nvlddmkm | ID = 11141134
Description =


< End of report >
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, it looks like adware city :)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.6:80
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKCU..\Run: [SearchProtection] C:\Users\Owner\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - HKCU..\Run: [Steam Wallet Hack Generator.exe] C:\Users\Owner\AppData\Roaming\Steam Wallet Hack Generator.exe ()
O4 - HKCU..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
[2013/11/13 15:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchDonkey
[2013/11/12 21:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
[2013/11/12 21:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\RHelpers
[2013/10/26 11:40:35 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/10/22 20:19:02 | 000,000,000 | ---D | C] -- C:\021cab80c00e94ffe86c01
[2013/10/22 20:02:00 | 000,000,000 | ---D | C] -- C:\b01a67f4f9784bc4a4
[2013/10/22 18:42:19 | 000,000,000 | ---D | C] -- C:\6968a054ecd560674e3f
[2013/10/22 17:35:50 | 000,000,000 | ---D | C] -- C:\bb61f7ffadd740839dde7ab8
[2013/10/22 17:28:54 | 000,000,000 | ---D | C] -- C:\563aa925fdcbdbcd2cc04a9068060e
[2013/09/04 17:13:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\3909
[2013/08/12 18:05:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Search Protection

:Files
C:\ProgramData\RHelpers
C:\ProgramData\Updater
C:\Users\Owner\AppData\Roaming\Search Protection
C:\Program Files (x86)\Zynga
C:\Program Files (x86)\Pando Networks
C:\Program Files (x86)\BitTorrentBar

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

  • 0

#4
anti

anti

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
for some reason i cant copy and paste the command in the box
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We have a solution to that :)

Download the attached fix.txt to your desktop
[attachment=67770:fix.txt]
Run OTL and press Run Fix
A dialogue will open asking for the location of fix.txt
Navigate to the desktop and select fix.txt
Press Run Fix again
OTL will now run and execute the fix.

On completion post the log that appears at reboot and then run JRT as previously posted
  • 0

#6
anti

anti

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
OTL logfile created on: 11/22/2013 1:54:57 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.41 Gb Available Physical Memory | 80.18% Memory free
15.98 Gb Paging File | 14.18 Gb Available in Paging File | 88.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.73 Gb Total Space | 295.03 Gb Free Space | 31.97% Space Free | Partition Type: NTFS
Drive D: | 7.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 931.39 Gb Total Space | 631.31 Gb Free Space | 67.78% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: ANTI-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/16 01:17:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/11/12 17:53:06 | 003,783,672 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2013/11/11 15:37:52 | 002,349,392 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/11/10 00:55:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/11/08 14:46:18 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/11/08 14:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/11/02 00:29:44 | 000,152,392 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.exe
PRC - [2013/11/01 04:29:28 | 000,756,840 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2013/10/23 02:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2013/07/26 19:44:26 | 006,381,192 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/10 14:12:20 | 001,103,424 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2012/09/23 20:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/12/03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/07/17 14:07:58 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/06/24 18:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/13 19:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/08 14:47:21 | 015,125,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/11/01 04:29:28 | 000,756,840 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV:64bit: - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 17:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/17 11:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/11/15 22:18:18 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/12 17:53:06 | 003,783,672 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013/11/11 15:37:48 | 002,756,944 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/11/10 00:55:08 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/11/08 14:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/30 13:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/23 02:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/10/11 11:51:18 | 000,377,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/10/09 10:46:07 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/13 13:32:52 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013/08/13 08:44:22 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/30 20:03:23 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/20 19:28:20 | 007,084,672 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2013/02/15 13:01:52 | 001,143,720 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/06/26 09:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/12 17:53:09 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2013/11/12 17:53:04 | 000,183,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2013/11/12 17:53:03 | 001,120,032 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib.sys -- (tib)
DRV:64bit: - [2013/11/12 17:53:01 | 001,462,560 | ---- | M] (Acronis International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2013/11/12 17:52:47 | 000,161,568 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2013/11/12 17:52:45 | 000,117,024 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)
DRV:64bit: - [2013/11/12 17:52:43 | 000,233,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2013/11/12 17:52:41 | 000,108,832 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2013/11/01 04:29:28 | 000,114,720 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)
DRV:64bit: - [2013/09/27 17:01:44 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/06/16 06:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/08/06 10:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/17 11:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 11:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 08:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/11/02 00:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {07135E3D-7766-44C8-9FEC-FC459D17E16C}
IE:64bit: - HKLM\..\SearchScopes\{07135E3D-7766-44C8-9FEC-FC459D17E16C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {300FBBA8-BEA3-4CD0-B27F-665FD1B6F6FA}
IE - HKLM\..\SearchScopes\{300FBBA8-BEA3-4CD0-B27F-665FD1B6F6FA}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\..\SearchScopes,DefaultScope = {D31C9828-9C09-4A5E-8AB1-4DD03FFBB590}
IE - HKCU\..\SearchScopes\{300FBBA8-BEA3-4CD0-B27F-665FD1B6F6FA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D31C9828-9C09-4A5E-8AB1-4DD03FFBB590}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: support%40searchdonkeyapp.com:2.6.43
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo....type=714647&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.1: C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2010/08/13 01:31:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/08/13 01:31:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/11/20 15:19:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\extensions
[2013/09/15 22:40:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/04/05 00:58:50 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\extensions\[email protected]
[2013/11/17 18:19:48 | 000,000,000 | ---D | M] (SearchDonkey) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\extensions\[email protected]
[2013/11/20 15:19:42 | 000,869,218 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013/10/09 15:43:44 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/12 21:18:28 | 000,000,915 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\searchplugins\yahoo.xml
[2013/11/15 22:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/15 22:18:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/11/22 13:46:29 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LaCie Shortcut Startup] C:\Program Files (x86)\LaCie\Shortcut Button\LaCieShortcutTrayApp.exe (LaCie)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKCU..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)
O4 - HKCU..\Run: [EPSON WorkForce 520 Series] "C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIA.EXE" /FU "C:\Windows\TEMP\E_SF649.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [WorkForce 610(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_S4831.tmp" /EF "HKCU" File not found
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_5.0.23.0.cab (Battlefield Heroes Updater)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield....er_1.0.27.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.26.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C088781E-B741-4FD7-AB01-02A93DBBFB57}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/07/26 18:37:07 | 000,000,135 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{46e66168-99b7-11df-b8b7-002564d043c7}\Shell - "" = AutoRun
O33 - MountPoints2\{46e66168-99b7-11df-b8b7-002564d043c7}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6c8aace5-9f02-11e1-9787-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6c8aace5-9f02-11e1-9787-806e6f6e6963}\Shell\AutoRun\command - "" = SETUP.EXE -- [2010/09/03 23:20:20 | 000,598,344 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/22 13:56:20 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Owner\Desktop\JRT.exe
[2013/11/22 13:45:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/19 21:06:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\NVIDIA Corporation
[2013/11/19 16:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/19 16:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Plugins
[2013/11/19 16:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunesHelper.Resources
[2013/11/19 16:06:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes.Resources
[2013/11/19 16:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/19 16:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/19 16:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CD Configuration
[2013/11/19 16:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/11/17 18:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/11/17 18:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/11/16 01:17:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/11/15 22:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/14 13:00:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\pics for frame
[2013/11/12 22:15:14 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2013/11/12 22:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7 Days to Die
[2013/11/12 22:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\7DaysToDie-Alpha
[2013/11/12 22:13:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\7DTD_Alpha_2_win64
[2013/11/12 21:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo Browser Settings
[2013/11/12 17:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2013/11/12 17:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2013/11/12 17:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2013/11/12 17:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2013/11/12 00:06:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\7 Days to Die
[2013/11/10 00:37:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Infestation Survivor Stories
[2013/11/10 00:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infestation Survivor Stories
[2013/11/09 14:52:21 | 000,000,000 | ---D | C] -- C:\Nether
[2013/11/09 14:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\NetherLauncher
[2013/11/02 00:29:46 | 000,293,192 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesOutlookAddIn.dll
[2013/11/02 00:29:44 | 009,789,256 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.exe
[2013/11/02 00:29:44 | 000,405,320 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesAdmin.dll
[2013/11/02 00:29:44 | 000,152,392 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.exe
[2013/11/02 00:29:44 | 000,148,808 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.dll
[2013/11/02 00:29:36 | 025,449,288 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.dll
[2013/11/02 00:29:34 | 003,008,536 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_dsp.dll
[2013/11/02 00:29:34 | 000,776,216 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_sdkmanager.dll
[2013/11/02 00:29:34 | 000,262,680 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_submit.dll
[2013/11/02 00:29:34 | 000,219,672 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_musicid.dll
[2013/10/29 14:52:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\pbsetup
[2013/10/29 14:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/10/29 14:16:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Battlefield 4
[2013/10/29 14:14:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ESN
[2013/10/29 09:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
[2013/10/29 09:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2013/10/29 09:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/10/28 21:09:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Origin
[2013/10/28 21:09:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Origin
[2013/10/28 21:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013/10/28 21:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013/10/01 18:15:34 | 000,112,968 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\ITDetector.ocx
[2013/10/01 18:15:32 | 001,741,128 | ---- | C] (Apple, Inc) -- C:\Program Files (x86)\iAdCore.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/22 13:56:24 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Owner\Desktop\JRT.exe
[2013/11/22 13:53:17 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/22 13:52:57 | 000,000,749 | ---- | M] () -- C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
[2013/11/22 13:52:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/22 13:52:46 | 2140,495,871 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/22 13:47:59 | 000,000,886 | ---- | M] () -- C:\Users\Owner\Desktop\Document.rtf
[2013/11/22 13:46:29 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/11/22 13:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/22 13:38:58 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/21 13:35:29 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 13:35:29 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/19 16:08:08 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/18 21:03:48 | 000,795,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/18 21:03:48 | 000,671,152 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/18 21:03:48 | 000,126,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/18 20:32:23 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\Nether.lnk
[2013/11/18 10:37:52 | 281,271,260 | ---- | M] () -- C:\Users\Owner\Desktop\jamesO.mpg
[2013/11/17 18:16:10 | 640,290,215 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/11/16 01:17:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/11/15 18:15:28 | 000,098,220 | ---- | M] () -- C:\Users\Owner\Desktop\friday.jpg
[2013/11/15 18:11:53 | 000,002,369 | ---- | M] () -- C:\Users\Owner\Desktop\quick reconnect.lnk
[2013/11/15 18:11:53 | 000,001,551 | ---- | M] () -- C:\Users\Owner\Desktop\1964 - Shortcut.lnk
[2013/11/15 18:11:53 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2013/11/15 18:11:53 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\7 Days to Die - Alpha.lnk
[2013/11/15 18:11:53 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013/11/15 17:06:12 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/11/15 15:21:17 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/11/14 17:40:22 | 000,178,844 | ---- | M] () -- C:\Users\Owner\Desktop\friday.png
[2013/11/12 22:12:35 | 365,823,766 | ---- | M] () -- C:\Users\Owner\Desktop\7DTD_Alpha_2_win64.zip
[2013/11/12 21:09:03 | 000,000,640 | ---- | M] () -- C:\Users\Owner\Desktop\movies - Shortcut.lnk
[2013/11/12 20:35:01 | 000,000,812 | ---- | M] () -- C:\Users\Owner\Desktop\Steam - Shortcut.lnk
[2013/11/11 23:11:51 | 000,291,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/11/10 00:55:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/11/10 00:37:48 | 000,001,095 | ---- | M] () -- C:\Users\Owner\Desktop\Infestation Survivor Stories.lnk
[2013/11/02 00:29:34 | 003,008,536 | ---- | M] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_dsp.dll
[2013/11/02 00:29:34 | 000,776,216 | ---- | M] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_sdkmanager.dll
[2013/11/02 00:29:34 | 000,262,680 | ---- | M] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_submit.dll
[2013/11/02 00:29:34 | 000,219,672 | ---- | M] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_musicid.dll
[2013/11/01 04:29:28 | 000,154,312 | ---- | M] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
[2013/11/01 04:29:28 | 000,114,720 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
[2013/11/01 04:29:28 | 000,104,872 | ---- | M] (Webroot) -- C:\Windows\SysNative\WRusr.dll
[2013/10/29 14:52:36 | 000,716,526 | ---- | M] () -- C:\Users\Owner\Desktop\pbsetup.zip
[2013/10/29 09:48:43 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4.lnk
[2013/10/29 09:48:43 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[2013/10/28 21:09:19 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/10/27 11:09:57 | 000,217,219 | ---- | M] () -- C:\Users\Owner\Desktop\dayzloadings.jpg
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/22 13:47:58 | 000,000,886 | ---- | C] () -- C:\Users\Owner\Desktop\Document.rtf
[2013/11/18 15:16:42 | 281,271,260 | ---- | C] () -- C:\Users\Owner\Desktop\jamesO.mpg
[2013/11/15 18:14:26 | 000,098,220 | ---- | C] () -- C:\Users\Owner\Desktop\friday.jpg
[2013/11/14 17:40:20 | 000,178,844 | ---- | C] () -- C:\Users\Owner\Desktop\friday.png
[2013/11/12 22:15:14 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\7 Days to Die - Alpha.lnk
[2013/11/12 22:10:46 | 365,823,766 | ---- | C] () -- C:\Users\Owner\Desktop\7DTD_Alpha_2_win64.zip
[2013/11/12 21:09:03 | 000,000,640 | ---- | C] () -- C:\Users\Owner\Desktop\movies - Shortcut.lnk
[2013/11/12 20:35:01 | 000,000,812 | ---- | C] () -- C:\Users\Owner\Desktop\Steam - Shortcut.lnk
[2013/11/10 00:37:48 | 000,001,095 | ---- | C] () -- C:\Users\Owner\Desktop\Infestation Survivor Stories.lnk
[2013/11/09 14:38:18 | 000,000,784 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nether.lnk
[2013/11/09 14:38:18 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\Nether.lnk
[2013/10/29 14:52:37 | 000,716,526 | ---- | C] () -- C:\Users\Owner\Desktop\pbsetup.zip
[2013/10/29 09:48:43 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4.lnk
[2013/10/29 09:48:43 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[2013/10/28 21:09:19 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/10/27 11:02:18 | 000,217,219 | ---- | C] () -- C:\Users\Owner\Desktop\dayzloadings.jpg
[2013/10/18 22:27:27 | 000,001,035 | ---- | C] () -- C:\Windows\kaillera.ini
[2013/10/14 13:07:21 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2013/10/01 18:19:26 | 000,122,375 | ---- | C] () -- C:\Program Files (x86)\Acknowledgements.rtf
[2013/09/09 19:59:19 | 000,000,044 | ---- | C] () -- C:\Users\Owner\pb000007.htm
[2013/09/09 19:51:06 | 000,000,044 | ---- | C] () -- C:\Users\Owner\pb000001.htm
[2013/09/08 22:19:25 | 000,004,229 | ---- | C] () -- C:\Users\Owner\pbsv.cfg
[2013/09/04 15:26:38 | 000,014,493 | ---- | C] () -- C:\Users\Owner\AADevTools.ini
[2013/09/04 15:25:14 | 000,000,293 | ---- | C] () -- C:\Users\Owner\aahub.ini
[2013/09/04 15:24:55 | 000,000,159 | ---- | C] () -- C:\Users\Owner\aauconfig.ini
[2013/09/04 15:24:24 | 000,000,143 | ---- | C] () -- C:\Users\Owner\masconfig.ini
[2013/09/04 14:38:51 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_pg.exe
[2013/05/16 21:15:11 | 000,000,867 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\BreakingPoint_Options.ini
[2013/03/07 15:23:51 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/09/28 22:02:48 | 000,000,093 | -H-- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2010/07/19 02:25:15 | 000,001,618 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/12/06 21:43:40 | 000,000,075 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/21 23:12:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.minecraft
[2010/07/11 22:09:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2013/06/05 23:02:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Awesomium
[2011/11/05 15:42:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BF3CC
[2013/11/20 18:11:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitTorrent
[2013/10/05 01:42:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2013/03/20 19:17:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson
[2010/12/05 21:44:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Genie-Soft
[2011/02/13 13:50:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient
[2012/05/29 22:33:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient2
[2013/11/22 13:44:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mumble
[2013/09/24 15:44:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OBS
[2013/10/28 22:21:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Origin
[2013/09/23 22:44:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Publish Providers
[2013/10/10 17:22:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sony
[2012/04/19 23:37:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SplitMediaLabs
[2011/01/23 01:03:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2013/10/21 15:02:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\The Creative Assembly
[2013/10/22 14:16:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TS3Client
[2013/04/09 16:00:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ubisoft
[2011/04/23 22:16:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\wargaming.net
[2013/04/05 00:58:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2013/03/07 15:50:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wizards of the Coast
[2013/03/08 02:59:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\YOUDONTKNOWJACK

========== Purity Check ==========



< End of report >



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Fri 11/22/2013 at 14:05:37.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bittorrentbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\bittorrentbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dynconie
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bittorrentbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2438727
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2790392
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\bittorrentbar"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\zynga"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2D4CAF63-626D-447E-A1F1-6A5DB9F9E134}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{34CD098A-1520-4C09-A64A-1D21D0F0B817}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{967A0B19-A680-4BD9-A94F-AC978CECC430}
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"



~~~ FireFox

Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\su28qtvk.default\user.js
Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\su28qtvk.default\prefs.js

user_pref("extensions.dynconff.cache.www.geekstogo.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1164_1524_1146_1169_1540_1263_1348_1482_1493_1521_1675\"><
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\su28qtvk.default\minidumps [95 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/22/2013 at 14:41:24.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Two more to kill, how is it behaving now ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..extensions.enabledAddons: support%40searchdonkeyapp.com:2.6.43
[2013/11/17 18:19:48 | 000,000,000 | ---D | M] (SearchDonkey) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\extensions\[email protected]
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Attach the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#8
anti

anti

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
reboot log:

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


olt quick scan log:

OTL logfile created on: 11/25/2013 5:19:24 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 76.46% Memory free
15.98 Gb Paging File | 13.84 Gb Available in Paging File | 86.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 922.73 Gb Total Space | 291.28 Gb Free Space | 31.57% Space Free | Partition Type: NTFS
Drive D: | 7.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 931.39 Gb Total Space | 626.93 Gb Free Space | 67.31% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: ANTI-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/16 01:17:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/11/15 22:18:19 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/11/12 17:53:06 | 003,783,672 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2013/11/11 15:37:52 | 002,349,392 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/11/10 00:55:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/11/08 14:46:18 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/11/08 14:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/11/02 00:29:44 | 000,152,392 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.exe
PRC - [2013/11/01 04:29:28 | 000,756,840 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2013/10/23 02:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/07/26 19:44:26 | 006,381,192 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/10 14:12:20 | 001,103,424 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/12/03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/07/17 14:07:58 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/06/24 18:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/15 22:18:18 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/13 19:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/08 14:47:21 | 015,125,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/11/01 04:29:28 | 000,756,840 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV:64bit: - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 17:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/17 11:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/11/15 22:18:18 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/12 17:53:06 | 003,783,672 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013/11/11 15:37:48 | 002,756,944 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/11/10 00:55:08 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/11/08 14:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/30 13:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/23 02:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/10/11 11:51:18 | 000,377,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/10/09 10:46:07 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/13 13:32:52 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013/08/13 08:44:22 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/30 20:03:23 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/20 19:28:20 | 007,084,672 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2013/02/15 13:01:52 | 001,143,720 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/06/26 09:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/12 17:53:09 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2013/11/12 17:53:04 | 000,183,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2013/11/12 17:53:03 | 001,120,032 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib.sys -- (tib)
DRV:64bit: - [2013/11/12 17:53:01 | 001,462,560 | ---- | M] (Acronis International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2013/11/12 17:52:47 | 000,161,568 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2013/11/12 17:52:45 | 000,117,024 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)
DRV:64bit: - [2013/11/12 17:52:43 | 000,233,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2013/11/12 17:52:41 | 000,108,832 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2013/11/01 04:29:28 | 000,114,720 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)
DRV:64bit: - [2013/09/27 17:01:44 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/06/16 06:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/08/06 10:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/17 11:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 11:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 08:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/11/02 00:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {07135E3D-7766-44C8-9FEC-FC459D17E16C}
IE:64bit: - HKLM\..\SearchScopes\{07135E3D-7766-44C8-9FEC-FC459D17E16C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {300FBBA8-BEA3-4CD0-B27F-665FD1B6F6FA}
IE - HKLM\..\SearchScopes\{300FBBA8-BEA3-4CD0-B27F-665FD1B6F6FA}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\..\SearchScopes,DefaultScope = {D31C9828-9C09-4A5E-8AB1-4DD03FFBB590}
IE - HKCU\..\SearchScopes\{300FBBA8-BEA3-4CD0-B27F-665FD1B6F6FA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D31C9828-9C09-4A5E-8AB1-4DD03FFBB590}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.1: C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2010/08/13 01:31:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/08/13 01:31:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/11/20 15:19:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\extensions
[2013/09/15 22:40:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/04/05 00:58:50 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\extensions\[email protected]
[2013/11/20 15:19:42 | 000,869,218 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013/10/09 15:43:44 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/12 21:18:28 | 000,000,915 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\su28qtvk.default\searchplugins\yahoo.xml
[2013/11/15 22:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/15 22:18:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/11/25 17:14:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LaCie Shortcut Startup] C:\Program Files (x86)\LaCie\Shortcut Button\LaCieShortcutTrayApp.exe (LaCie)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKCU..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)
O4 - HKCU..\Run: [EPSON WorkForce 520 Series] "C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIA.EXE" /FU "C:\Windows\TEMP\E_SF649.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [WorkForce 610(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_S4831.tmp" /EF "HKCU" File not found
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_5.0.23.0.cab (Battlefield Heroes Updater)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield....er_1.0.27.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.26.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C088781E-B741-4FD7-AB01-02A93DBBFB57}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/07/26 18:37:07 | 000,000,135 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{46e66168-99b7-11df-b8b7-002564d043c7}\Shell - "" = AutoRun
O33 - MountPoints2\{46e66168-99b7-11df-b8b7-002564d043c7}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6c8aace5-9f02-11e1-9787-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6c8aace5-9f02-11e1-9787-806e6f6e6963}\Shell\AutoRun\command - "" = SETUP.EXE -- [2010/09/03 23:20:20 | 000,598,344 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/25 17:07:33 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/22 14:05:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/22 13:56:20 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Owner\Desktop\JRT.exe
[2013/11/22 13:45:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/19 21:06:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\NVIDIA Corporation
[2013/11/19 16:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/19 16:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Plugins
[2013/11/19 16:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunesHelper.Resources
[2013/11/19 16:06:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes.Resources
[2013/11/19 16:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/19 16:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/19 16:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CD Configuration
[2013/11/19 16:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/11/17 18:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/11/17 18:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/11/16 01:17:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/11/15 22:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/14 13:00:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\pics for frame
[2013/11/12 22:15:14 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2013/11/12 22:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7 Days to Die
[2013/11/12 22:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\7DaysToDie-Alpha
[2013/11/12 22:13:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\7DTD_Alpha_2_win64
[2013/11/12 21:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo Browser Settings
[2013/11/12 17:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2013/11/12 17:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2013/11/12 17:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2013/11/12 17:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2013/11/12 00:06:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\7 Days to Die
[2013/11/10 00:37:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Infestation Survivor Stories
[2013/11/10 00:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infestation Survivor Stories
[2013/11/09 14:52:21 | 000,000,000 | ---D | C] -- C:\Nether
[2013/11/09 14:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\NetherLauncher
[2013/11/02 00:29:46 | 000,293,192 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesOutlookAddIn.dll
[2013/11/02 00:29:44 | 009,789,256 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.exe
[2013/11/02 00:29:44 | 000,405,320 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesAdmin.dll
[2013/11/02 00:29:44 | 000,152,392 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.exe
[2013/11/02 00:29:44 | 000,148,808 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.dll
[2013/11/02 00:29:36 | 025,449,288 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.dll
[2013/11/02 00:29:34 | 003,008,536 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_dsp.dll
[2013/11/02 00:29:34 | 000,776,216 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_sdkmanager.dll
[2013/11/02 00:29:34 | 000,262,680 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_submit.dll
[2013/11/02 00:29:34 | 000,219,672 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_musicid.dll
[2013/10/29 14:52:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\pbsetup
[2013/10/29 14:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/10/29 14:16:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Battlefield 4
[2013/10/29 14:14:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ESN
[2013/10/29 09:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
[2013/10/29 09:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2013/10/29 09:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/10/28 21:09:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Origin
[2013/10/28 21:09:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Origin
[2013/10/28 21:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013/10/28 21:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013/10/01 18:15:34 | 000,112,968 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\ITDetector.ocx
[2013/10/01 18:15:32 | 001,741,128 | ---- | C] (Apple, Inc) -- C:\Program Files (x86)\iAdCore.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/25 17:23:28 | 000,795,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/25 17:23:28 | 000,671,152 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/25 17:23:28 | 000,126,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/25 17:17:16 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/25 17:16:27 | 000,000,749 | ---- | M] () -- C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
[2013/11/25 17:16:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/25 17:16:06 | 2140,495,871 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/25 17:14:15 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/11/25 17:07:35 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/25 16:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/25 16:38:18 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/24 21:35:48 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/24 21:35:48 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/22 13:56:24 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Owner\Desktop\JRT.exe
[2013/11/22 13:47:59 | 000,000,886 | ---- | M] () -- C:\Users\Owner\Desktop\Document.rtf
[2013/11/19 16:08:08 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/18 20:32:23 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\Nether.lnk
[2013/11/18 10:37:52 | 281,271,260 | ---- | M] () -- C:\Users\Owner\Desktop\jamesO.mpg
[2013/11/17 18:16:10 | 640,290,215 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/11/16 01:17:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/11/15 18:15:28 | 000,098,220 | ---- | M] () -- C:\Users\Owner\Desktop\friday.jpg
[2013/11/15 18:11:53 | 000,002,369 | ---- | M] () -- C:\Users\Owner\Desktop\quick reconnect.lnk
[2013/11/15 18:11:53 | 000,001,551 | ---- | M] () -- C:\Users\Owner\Desktop\1964 - Shortcut.lnk
[2013/11/15 18:11:53 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2013/11/15 18:11:53 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\7 Days to Die - Alpha.lnk
[2013/11/15 18:11:53 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013/11/15 17:06:12 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/11/15 15:21:17 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/11/14 17:40:22 | 000,178,844 | ---- | M] () -- C:\Users\Owner\Desktop\friday.png
[2013/11/12 22:12:35 | 365,823,766 | ---- | M] () -- C:\Users\Owner\Desktop\7DTD_Alpha_2_win64.zip
[2013/11/12 21:09:03 | 000,000,640 | ---- | M] () -- C:\Users\Owner\Desktop\movies - Shortcut.lnk
[2013/11/12 20:35:01 | 000,000,812 | ---- | M] () -- C:\Users\Owner\Desktop\Steam - Shortcut.lnk
[2013/11/11 23:11:51 | 000,291,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/11/10 00:55:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/11/10 00:37:48 | 000,001,095 | ---- | M] () -- C:\Users\Owner\Desktop\Infestation Survivor Stories.lnk
[2013/11/02 00:29:34 | 003,008,536 | ---- | M] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_dsp.dll
[2013/11/02 00:29:34 | 000,776,216 | ---- | M] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_sdkmanager.dll
[2013/11/02 00:29:34 | 000,262,680 | ---- | M] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_submit.dll
[2013/11/02 00:29:34 | 000,219,672 | ---- | M] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_musicid.dll
[2013/11/01 04:29:28 | 000,154,312 | ---- | M] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
[2013/11/01 04:29:28 | 000,114,720 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
[2013/11/01 04:29:28 | 000,104,872 | ---- | M] (Webroot) -- C:\Windows\SysNative\WRusr.dll
[2013/10/29 14:52:36 | 000,716,526 | ---- | M] () -- C:\Users\Owner\Desktop\pbsetup.zip
[2013/10/29 09:48:43 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4.lnk
[2013/10/29 09:48:43 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[2013/10/28 21:09:19 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/10/27 11:09:57 | 000,217,219 | ---- | M] () -- C:\Users\Owner\Desktop\dayzloadings.jpg
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/22 13:47:58 | 000,000,886 | ---- | C] () -- C:\Users\Owner\Desktop\Document.rtf
[2013/11/18 15:16:42 | 281,271,260 | ---- | C] () -- C:\Users\Owner\Desktop\jamesO.mpg
[2013/11/15 18:14:26 | 000,098,220 | ---- | C] () -- C:\Users\Owner\Desktop\friday.jpg
[2013/11/14 17:40:20 | 000,178,844 | ---- | C] () -- C:\Users\Owner\Desktop\friday.png
[2013/11/12 22:15:14 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\7 Days to Die - Alpha.lnk
[2013/11/12 22:10:46 | 365,823,766 | ---- | C] () -- C:\Users\Owner\Desktop\7DTD_Alpha_2_win64.zip
[2013/11/12 21:09:03 | 000,000,640 | ---- | C] () -- C:\Users\Owner\Desktop\movies - Shortcut.lnk
[2013/11/12 20:35:01 | 000,000,812 | ---- | C] () -- C:\Users\Owner\Desktop\Steam - Shortcut.lnk
[2013/11/10 00:37:48 | 000,001,095 | ---- | C] () -- C:\Users\Owner\Desktop\Infestation Survivor Stories.lnk
[2013/11/09 14:38:18 | 000,000,784 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nether.lnk
[2013/11/09 14:38:18 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\Nether.lnk
[2013/10/29 14:52:37 | 000,716,526 | ---- | C] () -- C:\Users\Owner\Desktop\pbsetup.zip
[2013/10/29 09:48:43 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4.lnk
[2013/10/29 09:48:43 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
[2013/10/28 21:09:19 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/10/27 11:02:18 | 000,217,219 | ---- | C] () -- C:\Users\Owner\Desktop\dayzloadings.jpg
[2013/10/18 22:27:27 | 000,001,035 | ---- | C] () -- C:\Windows\kaillera.ini
[2013/10/14 13:07:21 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2013/10/01 18:19:26 | 000,122,375 | ---- | C] () -- C:\Program Files (x86)\Acknowledgements.rtf
[2013/09/09 19:59:19 | 000,000,044 | ---- | C] () -- C:\Users\Owner\pb000007.htm
[2013/09/09 19:51:06 | 000,000,044 | ---- | C] () -- C:\Users\Owner\pb000001.htm
[2013/09/08 22:19:25 | 000,004,229 | ---- | C] () -- C:\Users\Owner\pbsv.cfg
[2013/09/04 15:26:38 | 000,014,493 | ---- | C] () -- C:\Users\Owner\AADevTools.ini
[2013/09/04 15:25:14 | 000,000,293 | ---- | C] () -- C:\Users\Owner\aahub.ini
[2013/09/04 15:24:55 | 000,000,159 | ---- | C] () -- C:\Users\Owner\aauconfig.ini
[2013/09/04 15:24:24 | 000,000,143 | ---- | C] () -- C:\Users\Owner\masconfig.ini
[2013/09/04 14:38:51 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_pg.exe
[2013/05/16 21:15:11 | 000,000,867 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\BreakingPoint_Options.ini
[2013/03/07 15:23:51 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/09/28 22:02:48 | 000,000,093 | -H-- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2010/07/19 02:25:15 | 000,001,618 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/12/06 21:43:40 | 000,000,075 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/22 16:09:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.minecraft
[2010/07/11 22:09:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2013/06/05 23:02:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Awesomium
[2011/11/05 15:42:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BF3CC
[2013/11/20 18:11:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitTorrent
[2013/10/05 01:42:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2013/03/20 19:17:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson
[2010/12/05 21:44:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Genie-Soft
[2011/02/13 13:50:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient
[2012/05/29 22:33:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LolClient2
[2013/11/24 17:32:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mumble
[2013/09/24 15:44:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OBS
[2013/10/28 22:21:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Origin
[2013/09/23 22:44:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Publish Providers
[2013/10/10 17:22:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sony
[2012/04/19 23:37:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SplitMediaLabs
[2011/01/23 01:03:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2013/10/21 15:02:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\The Creative Assembly
[2013/11/25 17:10:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TS3Client
[2013/04/09 16:00:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ubisoft
[2011/04/23 22:16:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\wargaming.net
[2013/04/05 00:58:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2013/03/07 15:50:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wizards of the Coast
[2013/03/08 02:59:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\YOUDONTKNOWJACK

========== Purity Check ==========



< End of report >


about to run the last scan now. will post those logs in post post
  • 0

#9
anti

anti

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
mbam log:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.25.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Owner :: ANTI-PC [administrator]

Protection: Enabled

11/25/2013 5:32:03 PM
mbam-log-2013-11-25 (17-32-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247850
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Owner\Downloads\coretemp_1236.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\SoftonicDownloader_for_hwmonitor.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.

(end)


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Has the errant search engine disappeared now, any further problems ?
  • 0

Advertisements


#11
anti

anti

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
so far so good
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case methinks I will send you on your merry way :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Delete JRT from the desktop

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button



: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

Posted Image

Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#13
anti

anti

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
i have had an issue i dunno if you can help me with it. when i leave my pc on for like a day or 2 and i open a game (normally from steam) my monitors go into sleep mode and i cant do anything to get them out. i end up having to hard reboot my pc. its been having for a few months now
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is it both monitors or just one ? Is the input cable free of kinks ?
  • 0

#15
anti

anti

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
yes it is both monitors. no kinks in the cables. i googled fixes before and it had me change sleep settings and it made it happen less but it still happens.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP