I am uncertain if this is malware related but don't think there are supposed to be .tmp files in the Google Chrome User Data folder. Maybe I am wrong and just paranoid. I know malware can spawn files with randomized names to make detection more difficult so when a google search for the files names didnt turn up any immediate results (that I trusted enough to click on), I decided to come here. There should be a .jpg attached showing the files in the chrome user data folder so you can see file names and details.
Reason I found these is because chrome will not open, or does so intermittently. I have uninstalled using revo uninstaller and reinstalled (after a reboot) but get the same symptom - an APPCRASH dialog with the following text:
Problem signature:
Problem Event Name: APPCRASH
Application Name: chrome.exe
Application Version: 35.0.1916.114
Application Timestamp: 53726019
Fault Module Name: chrome.dll
Fault Module Version: 35.0.1916.114
Fault Module Timestamp: 53725d18
Exception Code: c0000005
Exception Offset: 00728bc8
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789
I have MBAM Pro and Microsoft Security Essentials running on my system, both updated. neither picked up anything. I submitted a couple of the TMP files to VirusTotal.com which came up negative for malware. I do not see any .tmp files running in the system processes tab of task manager, though there are a couple other processes that i either don't know what they are or seem somewhat suspect.
OTL log below
OTL logfile created on: 5/22/2014 10:03:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SomeCrazyStuff\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
11.99 Gb Total Physical Memory | 9.19 Gb Available Physical Memory | 76.60% Memory free
23.98 Gb Paging File | 20.79 Gb Available in Paging File | 86.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863.01 Gb Total Space | 1579.24 Gb Free Space | 84.77% Space Free | Partition Type: NTFS
Drive D: | 558.81 Gb Total Space | 182.83 Gb Free Space | 32.72% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 71.63 Mb Free Space | 71.64% Space Free | Partition Type: NTFS
Computer Name: CUSTOMDESKTOP | User Name: SomeCrazyStuff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/05/22 22:02:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SomeCrazyStuff\Desktop\OTL.exe
PRC - [2014/05/13 18:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/05/07 20:52:34 | 032,668,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/04/12 22:16:28 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/04/02 20:19:15 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\SomeCrazyStuff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/01/22 14:05:52 | 000,106,496 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2014/01/22 13:44:22 | 007,393,280 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2014/01/20 21:57:07 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/21 06:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/07/03 05:25:00 | 000,038,288 | ---- | M] (Mindjet) -- C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe
PRC - [2011/02/10 19:17:46 | 000,310,784 | ---- | M] () -- C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe
PRC - [2010/10/29 12:09:00 | 000,139,264 | ---- | M] (amBX UK Ltd.) -- C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe
PRC - [2010/08/03 10:44:28 | 000,858,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
PRC - [2010/08/03 10:44:16 | 000,498,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDWebCam.exe
PRC - [2010/08/03 10:43:32 | 000,850,504 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
PRC - [2010/08/03 10:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010/05/06 17:37:46 | 009,921,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010/04/29 16:20:10 | 001,109,632 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/04/26 21:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/02/10 15:46:40 | 000,697,640 | ---- | M] (CyberLink Corporation.) -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
PRC - [2010/01/19 01:10:48 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2009/12/28 08:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
PRC - [2009/11/05 22:32:04 | 002,717,024 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/11/02 15:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/26 14:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/10/14 15:43:08 | 000,612,864 | -HS- | M] (amBX) -- C:\Program Files (x86)\amBX\System\amBX_Service.exe
PRC - [2009/07/13 20:14:47 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/06 15:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/06/08 15:34:58 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2009/06/03 16:33:14 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009/02/13 11:08:50 | 002,559,823 | ---- | M] (amBX) -- C:\Program Files (x86)\amBX\Illuminate\Illuminate.exe
PRC - [2008/09/30 11:47:30 | 000,047,616 | ---- | M] (amBX) -- C:\Program Files\amBX\Effects\amBX Event Manager.exe
PRC - [2008/07/24 12:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
========== Modules (No Company Name) ==========
MOD - [2014/05/22 21:45:44 | 000,041,984 | ---- | M] () -- c:\Users\SomeCrazyStuff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpso4fx_.dll
MOD - [2014/05/22 21:45:40 | 000,053,248 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Local\Temp\2042wrd.~lk\3848fspext.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/02 22:42:50 | 003,610,624 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 18:55:02 | 025,100,288 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/07/03 05:24:24 | 000,151,408 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\zlib.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/02/09 11:52:26 | 033,735,976 | ---- | M] () -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\Res.dll
MOD - [2010/02/08 18:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
MOD - [2010/01/22 11:30:00 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/01/22 11:29:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/01/22 11:29:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/11/02 15:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 15:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/06/27 11:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2008/12/10 21:04:54 | 000,253,952 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\pngio.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/10/23 18:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 18:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/22 14:10:58 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/21 12:39:14 | 000,564,416 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/09 14:30:43 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/12 22:16:28 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/01/22 13:44:22 | 007,393,280 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2014/01/20 21:57:07 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/25 15:02:23 | 004,795,672 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/06/21 06:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/02/10 19:17:46 | 000,310,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe -- (amBX Saitek HAL Service)
SRV - [2009/12/28 08:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/10/26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/10/21 11:40:44 | 000,193,904 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/10/14 15:43:08 | 000,612,864 | -HS- | M] (amBX) [Auto | Running] -- C:\Program Files (x86)\amBX\System\amBX_Service.exe -- (amBX Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/05/22 21:50:10 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/12/27 13:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/09/27 10:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/30 11:55:32 | 000,052,640 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2013/04/30 11:55:32 | 000,025,120 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2013/04/04 11:33:50 | 000,051,496 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ymidusbx64.sys -- (YMIDUSBW)
DRV:64bit: - [2013/02/25 00:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/03/10 16:07:30 | 000,176,136 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0DC5.sys -- (SaiK0DC5)
DRV:64bit: - [2010/08/27 12:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/04/26 20:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/26 20:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/04/07 03:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/10/29 03:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/10/07 15:48:28 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor)
DRV:64bit: - [2009/10/07 15:48:26 | 000,376,304 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF)
DRV:64bit: - [2009/09/24 18:55:00 | 000,212,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009/09/14 15:30:26 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009/07/28 21:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 19:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/07/01 12:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/06/19 11:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/17 13:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/01/19 17:10:38 | 000,146,928 | ---- | M] (CyberLink Corp.) [2013/12/02 01:23:50] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 2A 7A 3F 6F 74 CF 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {35437C12-E54F-40c3-BF79-468EB8C65DA8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{33F1B3D0-B103-482c-8428-5AF918134BBF}: "URL" = http://www.google.co...&q={searchTerms}
IE - HKCU\..\SearchScopes\{35437C12-E54F-40c3-BF79-468EB8C65DA8}: "URL" = http://search.yahoo....icevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2013/12/02 01:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SomeCrazyStuff\AppData\Roaming\Mozilla\Extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Entanglement Web App = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: BIODIGITAL HUMAN = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Google Docs = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Tabs Outliner = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl\0.4.78_0\
CHR - Extension: SparkChess 7 = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\7.0.0_0\
CHR - Extension: TouristEye Planner = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpejalhlnocbhggpnokneghfenoneg\9_0\
CHR - Extension: Evernote Web = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.8_0\
CHR - Extension: zen temple = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmiiioabolbmhbhphhfjbohiiijmkee\1_0\
CHR - Extension: Google Wallet = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Picky Wallpapers = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj\1.0.0_0\
CHR - Extension: klekr = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\opljjfbgbkjjjgdhbocfakafilegppbl\1.0.0_0\
CHR - Extension: Edgeworld = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfmpdiaehhnljpdomnggcbfofdgkmbp\1.0.1.2_0\
CHR - Extension: Evernote Web Clipper = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.1.3_0\
CHR - Extension: Gmail = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [amBX Daemon] C:\Program Files\amBX\Control Panel\amBXDaemon.exe (Koninklijke Philips N.V.)
O4:64bit: - HKLM..\Run: [amBX System Tray Application] C:\Program Files\amBX\Gaming FXGen\x64\amBXFxGen.exe (amBX UK Ltd.)
O4:64bit: - HKLM..\Run: [Fences] C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [InstantBurn] C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe (NCSOFT Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [KeePass Password Safe 2] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\SomeCrazyStuff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54C0AC9A-94BD-4D39-BCFB-DB348B4079D9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAC60A3E-A6A2-4F6C-8530-C617481A1A78}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{311ce271-5b26-11e3-8a37-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{311ce271-5b26-11e3-8a37-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup\setup.exe
O33 - MountPoints2\{9445c8b4-7c72-11e3-a52a-f46d04005102}\Shell - "" = AutoRun
O33 - MountPoints2\{9445c8b4-7c72-11e3-a52a-f46d04005102}\Shell\AutoRun\command - "" = I:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{fcd2c528-aaf9-11e3-b224-f46d04005102}\Shell - "" = AutoRun
O33 - MountPoints2\{fcd2c528-aaf9-11e3-b224-f46d04005102}\Shell\AutoRun\command - "" = E:\eTflash.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/05/22 22:02:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\SomeCrazyStuff\Desktop\OTL.exe
[2014/05/22 21:47:56 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/22 21:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/22 21:47:39 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/22 21:47:39 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/22 21:47:39 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/22 21:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/22 14:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\YAMAHA
[2014/05/22 14:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAMAHA
[2014/05/22 14:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YAMAHA
[2014/05/22 14:17:36 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\AppData\Roaming\InstallShield
[2014/05/22 14:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Yamaha
[2014/05/22 14:13:59 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\AppData\Local\Downloaded Installations
[2014/05/22 13:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\amBX
[2014/05/22 13:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\amBX
[2014/05/22 13:52:49 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\AppData\Local\SmartTechnology
[2014/05/22 13:51:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\SmartTechnology Profiles
[2014/05/22 13:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartTechnology
[2014/05/22 13:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Technology
[2014/05/22 13:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\SmartTechnology
[2014/05/21 17:48:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LeapFrog
[2014/05/21 17:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/05/15 17:24:16 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\AppData\Roaming\DropboxMaster
[2014/05/09 14:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/05/22 22:02:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SomeCrazyStuff\Desktop\OTL.exe
[2014/05/22 21:52:32 | 000,020,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/22 21:52:32 | 000,020,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/22 21:50:10 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/22 21:50:01 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/22 21:50:01 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/22 21:50:01 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/22 21:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/22 21:45:44 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/22 21:45:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/22 21:45:21 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/22 21:39:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/22 21:34:07 | 000,001,262 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2014/05/22 14:05:03 | 000,002,249 | ---- | M] () -- C:\Users\SomeCrazyStuff\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/22 14:00:51 | 000,001,118 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Illuminate.lnk
[2014/05/22 13:59:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SaiK0DC5_01009.Wdf
[2014/05/22 13:55:19 | 000,001,814 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Effects.lnk
[2014/05/21 15:50:07 | 000,001,447 | ---- | M] () -- C:\Users\SomeCrazyStuff\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/16 20:49:19 | 000,002,120 | ---- | M] () -- C:\Users\SomeCrazyStuff\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/05/15 17:24:18 | 000,001,075 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/05/22 14:10:58 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/22 13:59:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SaiK0DC5_01009.Wdf
[2014/05/22 13:55:19 | 000,001,814 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Effects.lnk
[2014/05/22 13:54:56 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Illuminate.lnk
[2014/05/21 17:34:40 | 000,002,249 | ---- | C] () -- C:\Users\SomeCrazyStuff\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/21 17:34:17 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/21 17:34:17 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/12 22:16:28 | 000,291,760 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/04/12 22:16:28 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/12/02 02:46:24 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/02 02:22:59 | 000,000,017 | ---- | C] () -- C:\Users\SomeCrazyStuff\AppData\Local\resmon.resmoncfg
[2013/12/02 01:36:08 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2013/12/02 01:36:08 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013/12/02 01:36:05 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013/12/02 01:36:05 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2013/12/02 01:14:18 | 000,047,174 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013/12/02 01:12:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/12/02 01:12:16 | 000,034,051 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/13 20:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 20:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/12/02 06:05:42 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\amBX_Events
[2014/03/02 20:41:36 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\com.ynab.YNAB4.LiveSteam
[2013/12/02 03:18:22 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Curse Advertising
[2014/05/22 21:45:51 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox
[2014/05/15 17:24:16 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\DropboxMaster
[2013/12/02 03:36:52 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\FastCopy
[2014/05/22 21:44:15 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\KeePass
[2014/03/13 18:40:49 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Origin
[2014/03/27 08:36:12 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\ProcessLasso
[2014/04/05 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Rainmeter
[2014/03/12 23:51:41 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\RIFT
[2013/12/02 03:18:57 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\SoftGrid Client
[2014/04/07 22:52:39 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Spotify
[2014/03/20 09:46:12 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Stardock
[2013/12/02 02:52:26 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Thunderbird
[2013/12/02 02:49:37 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\TP
[2014/03/04 00:56:40 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\wc3270
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
< End of report >
OTL-Extras log:
OTL Extras logfile created on: 5/22/2014 10:03:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SomeCrazyStuff\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
11.99 Gb Total Physical Memory | 9.19 Gb Available Physical Memory | 76.60% Memory free
23.98 Gb Paging File | 20.79 Gb Available in Paging File | 86.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863.01 Gb Total Space | 1579.24 Gb Free Space | 84.77% Space Free | Partition Type: NTFS
Drive D: | 558.81 Gb Total Space | 182.83 Gb Free Space | 32.72% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 71.63 Mb Free Space | 71.64% Space Free | Partition Type: NTFS
Computer Name: CUSTOMDESKTOP | User Name: SomeCrazyStuff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A9E6B30-DEC6-407B-9C23-254B118D4747}" = rport=445 | protocol=6 | dir=out | app=system |
"{15F3C85E-8E70-4CC9-8DD4-C71734183763}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1BF598A4-EC6C-46CB-AE59-7FB4D3349C28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{2B5562B9-FBE6-474F-AAF6-FF4712006770}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{2FA12286-860C-4E94-A44C-753F7302D2CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{555DD3CA-0AD1-4B4C-8CE9-19863E572778}" = lport=138 | protocol=17 | dir=in | app=system |
"{57ADAE28-C17C-4321-B24E-18C1B029336E}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{59B4D957-D343-4711-8B30-89C5499B8589}" = lport=139 | protocol=6 | dir=in | app=system |
"{5DF1E7DA-C7E2-438F-8AC3-49ADEEC22EF2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5FB710FD-578B-4F6F-9F1F-CE667E48D956}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6A296D91-9601-4113-9ACE-0161347AF19E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{71991BF5-4B97-403B-A34A-3FAF31DCB147}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{76E06739-CFD1-4F82-B1A1-49055819F402}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{90CD9564-6D40-4424-83F3-0F59CB6A5A65}" = rport=139 | protocol=6 | dir=out | app=system |
"{96A4CA0F-BF14-49B4-857D-8BEDEFCD9FB5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7299BFE-672E-48E5-A365-0BB0F9B9437F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AB727818-0C0E-4E9C-AD5D-C6FB11E69D1B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2D2A800-F0C2-4486-B424-D92DB14FFCF5}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{B4A2FBBD-F6D5-4B1C-8F7F-77782FDB8697}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C0C000CA-F4EA-431B-AE3C-E3E920FE69DF}" = lport=445 | protocol=6 | dir=in | app=system |
"{C2C1A1D2-2CE9-4646-918B-9440F850B515}" = rport=137 | protocol=17 | dir=out | app=system |
"{C4A90DBC-C4F3-4E8E-B5A2-F32AA74BD3EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4D6E5AD-4CB8-4991-AC78-2EC20BBA7429}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C89441CF-8AA1-4036-9305-9B9814AC892E}" = lport=137 | protocol=17 | dir=in | app=system |
"{E3320401-39A2-40DA-9F3B-1E511F09DF37}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F05F5279-DF1C-420B-9242-B4BBBB00A83C}" = rport=138 | protocol=17 | dir=out | app=system |
"{F31A62DD-D8A3-4DA0-9B7C-5075471082E2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{F5302835-D6FA-4AAD-87AD-82FF264C19FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0040E2F6-BF79-4463-A64D-04A3FA9DEDFE}" = protocol=58 | dir=in | [email protected],-28545 |
"{050DCCBE-62FD-4D67-B348-254A8CA59458}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\sporebinep1\sporeapp.exe |
"{07C931BA-B8B0-4186-B7D0-0B0BD50BAAEF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{093EF7E9-B745-4B78-BE16-001B87C34D0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tower wars\tw.exe |
"{0B1BD880-6797-4C1C-BA1E-3AEBE5B89EE6}" = protocol=1 | dir=out | [email protected],-28544 |
"{107018BB-E3E0-4032-95EF-E373A6547484}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{14EBF333-F6DA-4030-A432-245B9F1FC750}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1782EAB6-3AAD-4246-8BEB-6780645A6462}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1793C6F6-9833-4736-AF70-7F86EFBD1979}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1862DC17-AC19-4985-90D0-A1038BCCA899}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{19B5DE75-A38F-4BC1-B726-652CB50365B4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{19B7700C-0C11-4B0C-BAFC-A5FED690B0C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nza\bin\nza.exe |
"{19FCECE4-0E28-4FB8-9BF0-F3445C1FACC1}" = protocol=58 | dir=out | [email protected],-28546 |
"{2042A848-D50A-4402-A317-D7A5A8C8FA9B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{22BB9ED9-0362-4623-8B92-389C10B46E5E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{22DA7BFB-03D8-4B0E-9AA4-DCEB8635657C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro last light\metroll.exe |
"{238523A2-6D73-4B5D-80DD-2C0BA4C8A109}" = protocol=6 | dir=in | app=c:\users\somecrazystuff\appdata\roaming\dropbox\bin\dropbox.exe |
"{2621B544-F4FC-4151-B606-8C099161E104}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\runme.exe |
"{294D7A99-707F-41DB-8002-E383D9210A6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{2C61C78F-7733-43C0-9122-BF05E3FE5A49}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{2CDE0061-1757-4788-8B6E-82CE9C760814}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2E28876A-9B2C-4882-B3B3-9D93A907DA3A}" = protocol=17 | dir=in | app=c:\users\somecrazystuff\appdata\local\apps\2.0\mdaq3tc9.6z2\dwer0naj.1qo\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\curseclient.exe |
"{30068592-881B-4838-9824-654CA38D5F7E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{34070654-7F2F-4388-926D-4868D8BC3789}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{367AC547-1054-48A0-ADE7-6A921A393FEF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\symphony\symphony.exe |
"{382E1CA2-CA32-4BC0-9B8C-C190262E3E62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{385D9C89-4BBC-4585-9C61-BDEBFAFACC7C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm |
"{38769E53-FEF5-4262-88B6-248C9000FC46}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{38C82D21-D67C-4D67-86AF-3B35D9CEEA17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ynab 4\ynab 4.exe |
"{3BCE4518-4BA9-4056-AAF1-FFB4F673EFA6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rift\riftpatchlive.exe |
"{3E3C0EAA-DA66-436C-91A3-B223C76AD4FB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{40F3B3D8-4EC2-453E-8733-6BA789391B5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\launcher.exe |
"{41BD2C1F-6026-4B9A-8546-656DDC9586AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\sporebin\sporeapp.exe |
"{43C1CE31-8AFB-488E-8010-FF5C19DC5938}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46860955-3BE0-437E-BFE5-B968318BE391}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{47C202B4-2DCB-4557-8819-C5E66CB08AFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{4C679E4C-9905-4B14-BEF7-B08410EFAEEB}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{4E0842DC-A8A5-4293-AC7D-F7DF8F892ABD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{4E4C6445-4A99-462F-BF6D-AB02E28CF0A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4FE3FB1C-F129-4ACE-BC2B-58A17BBD243C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{50683A92-B618-4165-8C2F-2C4282409E45}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{515FEED6-C17C-43FA-A916-DB1BB37437C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{51FD1AE9-4F2B-4601-8E69-CD1E195253C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{528B417B-F3D9-4393-A8B7-7A0453D3B93D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{562802A3-3CF8-46EE-95CE-9590EA71298D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{5806EA88-E043-4A6A-943F-51787B1D0D44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5FB72655-5DA4-4986-85C2-3FAD98B889CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ynab 4\ynab 4.exe |
"{62BD3435-2364-423D-8B83-C9061E3ABE8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{62C92253-DD07-4E38-8C4D-73A1B2EC442E}" = protocol=6 | dir=in | app=c:\users\somecrazystuff\appdata\local\apps\2.0\mdaq3tc9.6z2\dwer0naj.1qo\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\curseclient.exe |
"{64C1641D-0E2D-4680-A7AB-908D0239DFAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nza\bin\nza.exe |
"{67AFE04D-2334-4F7D-9901-06D8B80C1B7E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{68BF8909-443B-4823-93CB-DA66D24700E1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{6E68442F-ECAB-456C-B904-DA2387223C73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{708CBD31-D624-46EB-8659-411DB718FA92}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{719F89EA-8F51-4F97-ACF8-4CFFADD89084}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\outlast\outlastlauncher.exe |
"{724B14A0-2C35-4395-B3F6-BB4AE0BD381B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{784033B7-E552-4D27-9A21-345052034DA3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{7B5A8486-0A8E-4795-844E-1FBF24B6DCFC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{7C7A434C-752C-413A-8428-99105EFF0767}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{7DAC0B8D-A537-402C-B2F3-1F73D060A373}" = protocol=1 | dir=in | [email protected],-28543 |
"{7DF6CD62-9630-401B-B74D-4DAA05D36A2A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{7FAA2CE9-7F84-4630-A8A8-2F478D4F982D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\sporebinep1\sporeapp.exe |
"{84554C99-7035-4FC6-B768-449BD4CE239F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A65CD50-940B-499E-954F-BB146D73ED5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\democracy 3\democracy3.exe |
"{8B652305-2DF9-4F8B-B3DC-64A3869C43F6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{8C4FBA98-D8D4-432A-B605-83030BB838DF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{91A5FFEA-9D1F-4C18-92F3-1945AD949776}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{9264DFFE-7812-4F32-98F9-647371D911E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{957DE6FA-5C74-4C36-BA8D-0A4925F6D29E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{96AA187D-C71B-49D3-A06D-1FEC63BDE50F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{96CDDB4D-EB29-4426-84E1-A8BEF4EE17A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tower wars\tw.exe |
"{9755F215-57A8-49B2-9E2C-EEB9364725C1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{97B5EBF4-925B-4BFC-A431-1AA30759D676}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm |
"{9939113B-8CDC-488E-8F70-4AA16525CBFB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{99E3B129-0CE7-458B-85EC-82E6BABCBD3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9BE8A9AB-545E-4FD2-9F4A-A4CC458575D9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9DD7738C-2490-411C-837C-F816A9018C4F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{A9971D42-2D79-48AB-92BC-7EA2677346A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm |
"{AAAA8CEE-F6C0-4A3F-AA1F-CF4DC963D618}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE49AF10-420A-4162-BCA8-1599B5A2CF46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF1038C3-02D5-4FFA-BADA-1877D4AB2406}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{B275E32F-2F2F-46CE-9C28-E91AE802BA39}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{B314A336-D694-49E2-8ED2-B21DB1FA39CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\sporebin\sporeapp.exe |
"{B34D4B95-754C-4183-BC24-E3627F1590CA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{B3CBCE4C-8F0F-49DA-B272-D958FBB98FFD}" = protocol=17 | dir=in | app=c:\users\somecrazystuff\appdata\roaming\dropbox\bin\dropbox.exe |
"{B4DCD0C0-BFBF-4031-BAF1-7B4C4E410F71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{B5429B74-33B8-4D05-87FA-D52288109275}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{B86B85C5-683D-4622-9EFA-C1FC6D01BE31}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\runme.exe |
"{B917F70D-FB64-44C8-AC51-8AAC4CD0DE76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BC7573CF-3F0A-4F25-8A83-D60439778BDB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\symphony\symphony.exe |
"{C0F5708B-8663-4705-B47E-4644B081ABB3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2A29AE1-4B9F-4731-93B8-22C546FD952E}" = protocol=6 | dir=out | app=system |
"{C2D61113-A7DD-4596-B214-F13859EA4A27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nza\bin\nza.exe |
"{C3AF3FE9-562C-49B2-95B9-0D8D66DB9019}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rift\riftpatchlive.exe |
"{C5352A52-5A9E-45D8-84E0-6928A1589F03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\democracy 3\democracy3.exe |
"{C5A773BF-B554-4F8F-93EF-10212A58DB16}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{C8CF76BC-FC22-4119-A25A-411F3A24C345}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{CB979EB3-4998-4285-9AA1-2ECC601986F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm |
"{CC1D3751-5EC6-43CB-B866-0F9D5B4E1BC2}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{CE2DE377-00F7-4B0B-9958-21C1435326EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ynab 4\ynab 4.exe |
"{D2A51693-40A7-4E8E-A2FB-0F6BBE4BB352}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{D5A92C2E-BCF0-4A06-9ECC-52994E91B5E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\launcher.exe |
"{D67AD15C-6EF2-4DBC-8760-D5A9FB1A86EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{D81AA8BC-ED05-408C-9F27-E0889B6CD1E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ynab 4\ynab 4.exe |
"{DEF2D66E-CBBF-42D0-A56A-E74696A059F4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{E225E97B-8584-4902-93C1-EF6D004F0F42}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nza\bin\nza.exe |
"{E4083C19-5FF8-49BD-B620-25DD2EE7D781}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E5AFA935-2BE2-40D8-BA9A-2F8BB60E6FB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{ED39D1C0-1109-4E30-B1FC-23DB744066C3}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{F1D5AA5A-D5AC-444B-9542-2AB5BDEC615E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{F2066656-D3E4-4399-89E7-ECC88660B115}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{F2D2D942-B9CA-4BE2-84CD-9B968AB5061C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\outlast\outlastlauncher.exe |
"{F330D9B0-AEB9-4AC2-A46B-2CB1E5D7BA11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{F3EB352A-0BEE-4D92-9017-9646C7852083}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro last light\metroll.exe |
"{F453CA40-9B78-4B13-8AE5-99666F6E5BDF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F6049E6C-3042-4665-9ADA-0255C9C739ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{F68DD97F-66F1-4EFF-80D1-25288A70F7C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F87AFABD-CE69-4AEC-8FAA-C62FFA8637DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FDD00DDD-54E0-4304-850F-EFD43656703E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"TCP Query User{026D9B77-7801-4648-BF7F-BEF45E148A4F}C:\users\somecrazystuff\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\somecrazystuff\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{394A0229-4C6E-4D29-A6E9-50FEFD0F7E8D}C:\users\somecrazystuff\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\somecrazystuff\appdata\roaming\spotify\spotify.exe |
"TCP Query User{70E69D50-95A1-4E37-8CD5-185766A256D4}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe |
"TCP Query User{E3626687-8DDD-48C1-9E06-78B9C65604E2}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe |
"TCP Query User{ED294C8C-5DFC-494A-8C66-43E9E70E4BB6}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe |
"UDP Query User{0AA170AF-8D05-40FA-9F44-851EA6F7B19C}C:\users\somecrazystuff\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\somecrazystuff\appdata\roaming\spotify\spotify.exe |
"UDP Query User{408C28A5-3B90-4B6F-BC7E-D6410B2535C0}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe |
"UDP Query User{462CB317-4FE4-4C53-9441-46DA66A7FF6D}C:\users\somecrazystuff\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\somecrazystuff\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{911D5876-FC43-4D44-9B3E-D6347FF8CF90}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe |
"UDP Query User{9F27ADBC-D22A-4CF1-950A-C053A64309FC}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{13DB5647-AE17-4487-83A6-C18BA89874AD}_is1" = amBX Effects 1.1.2
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{257A63C6-A669-43F1-8C75-E16CDB617841}_is1" = amBX Gaming FXGen 3.6.2
"{3A76C69A-09A7-4DDB-BFFF-EDFDC33814D1}_is1" = amBX Audio FXGen 3.1.1
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.8
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{71E75F05-930E-41BA-BDBC-15E3134DD45B}" = Yamaha USB-MIDI Driver
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{93F00A69-865C-4FEE-AB52-EF2312A28252}_is1" = amBX Control Panel 1.2.4
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}" = Smart Technology Programming Software 7.0.27.13
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel® Network Connections 15.3.68.0
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{F2C07BE3-0F88-4D0C-957B-3557699981E9}" = HP Deskjet 2050 J510 series Basic Device Software
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"CCleaner" = CCleaner
"Microsoft Security Client" = Microsoft Security Essentials
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"PDF-XChange 3_is1" = PDF-XChange 3
"PROSetDX" = Intel® Network Connections 15.3.68.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3F87B468-8245-4B0C-80A1-92F3DEB1EAC4}" = Mocha TN3270 for Windows 7
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}" = YAMAHA Musicsoft Downloader 5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732E3F74-FF24-42BC-B1A2-3244BBEBEB5D}" = LeapFrog LeapPad Explorer Plugin
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88838D48-0421-4F2B-AF81-D08D206DEE4C}_is1" = Flyff
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{920A4937-9D4D-4457-A323-F3EA79A84A3D}_is1" = amBX Saitek HAL 1.0.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4D16A7-393F-470C-8B9F-74AE1EA6C105}" = LeapFrog Connect
"{A140B991-FC80-475C-B569-7197EA261A45}_is1" = amBX System 1.1.4.0
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}" = Aion
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17C58F5-2646-4743-A779-A24976F46571}" = Mindjet MindManager 2012
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"amBX Illuminate" = amBX Illuminate 1.0.2
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{71E75F05-930E-41BA-BDBC-15E3134DD45B}" = Yamaha USB-MIDI Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.25
"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
"MagniDriver" = marvell 91xx driver
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Thunderbird 24.5.0 (x86 en-US)" = Mozilla Thunderbird 24.5.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyDriveConnect" = MyDriveConnect 3.3.0.1502
"NCLauncher_NCWest" = NCSOFT Game Launcher
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"ProcessLasso" = Process Lasso
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Stardock Fences 2" = Stardock Fences 2
"Steam" = Steam
"Steam App 107410" = Arma 3
"Steam App 17390" = Spore
"Steam App 17440" = Spore: Creepy & Cute Parts Pack
"Steam App 207750" = Symphony
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 214360" = Tower Wars
"Steam App 227100" = Sniper Elite: [bleep] Zombie Army
"Steam App 227320" = You Need A Budget 4 (YNAB)
"Steam App 238320" = Outlast
"Steam App 243870" = Tom Clancy's Ghost Recon Phantoms - NA
"Steam App 245470" = Democracy 3
"Steam App 24720" = Spore: Galactic Adventures
"Steam App 39120" = RIFT™
"Steam App 43110" = Metro 2033
"Steam App 43160" = Metro: Last Light
"Steam App 50300" = Spec Ops: The Line
"Steam App 570" = Dota 2
"Steam App 63380" = Sniper Elite V2
"Steam App 8930" = Sid Meier's Civilization V
"UPCShell" = LeapFrog Connect
"wc3270_is1" = wc3270 3.3.14ga6
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Dropbox" = Dropbox
"RIFT" = RIFT
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 5/21/2014 12:17:22 PM | Computer Name = CustomDesktop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 35.0.1916.114, time
stamp: 0x53726019 Faulting module name: chrome.dll, version: 35.0.1916.114, time
stamp: 0x53725d18 Exception code: 0xc0000005 Fault offset: 0x00728bc8 Faulting process
id: 0xb14 Faulting application start time: 0x01cf7510252c01fa Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\chrome.dll
Report
Id: 6344f479-e103-11e3-869c-f46d04005102
Error - 5/21/2014 12:17:38 PM | Computer Name = CustomDesktop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 35.0.1916.114, time
stamp: 0x53726019 Faulting module name: chrome.dll, version: 35.0.1916.114, time
stamp: 0x53725d18 Exception code: 0xc0000005 Fault offset: 0x00728bc8 Faulting process
id: 0x1910 Faulting application start time: 0x01cf75102f138d9b Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\chrome.dll
Report
Id: 6ce033bc-e103-11e3-869c-f46d04005102
Error - 5/21/2014 12:22:41 PM | Computer Name = CustomDesktop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 35.0.1916.114, time
stamp: 0x53726019 Faulting module name: chrome.dll, version: 35.0.1916.114, time
stamp: 0x53725d18 Exception code: 0xc0000005 Fault offset: 0x00728bc8 Faulting process
id: 0x1e68 Faulting application start time: 0x01cf7510d78ba15a Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\chrome.dll
Report
Id: 214ee4b3-e104-11e3-869c-f46d04005102
Error - 5/21/2014 12:22:52 PM | Computer Name = CustomDesktop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 35.0.1916.114, time
stamp: 0x53726019 Faulting module name: chrome.dll, version: 35.0.1916.114, time
stamp: 0x53725d18 Exception code: 0xc0000005 Fault offset: 0x00728bc8 Faulting process
id: 0x1a3c Faulting application start time: 0x01cf7510de0e2351 Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\chrome.dll
Report
Id: 27b94a6f-e104-11e3-869c-f46d04005102
Error - 5/21/2014 12:22:56 PM | Computer Name = CustomDesktop | Source = ESENT | ID = 412
Description = wuaueng.dll (1084) SUS20ClientDataStore: Unable to read the header
of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
Error - 5/21/2014 12:22:56 PM | Computer Name = CustomDesktop | Source = ESENT | ID = 412
Description = wuaueng.dll (1084) SUS20ClientDataStore: Unable to read the header
of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
Error - 5/21/2014 12:22:56 PM | Computer Name = CustomDesktop | Source = ESENT | ID = 412
Description = wuaueng.dll (1084) SUS20ClientDataStore: Unable to read the header
of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
Error - 5/21/2014 12:22:56 PM | Computer Name = CustomDesktop | Source = ESENT | ID = 412
Description = wuaueng.dll (1084) SUS20ClientDataStore: Unable to read the header
of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
Error - 5/21/2014 12:22:56 PM | Computer Name = CustomDesktop | Source = ESENT | ID = 412
Description = wuaueng.dll (1084) SUS20ClientDataStore: Unable to read the header
of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
Error - 5/21/2014 12:22:56 PM | Computer Name = CustomDesktop | Source = ESENT | ID = 412
Description = wuaueng.dll (1084) SUS20ClientDataStore: Unable to read the header
of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
[ System Events ]
Error - 5/20/2014 4:28:58 PM | Computer Name = CustomDesktop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854
Source
Path: http://go.microsoft....5D-99752CCA7094
Signature
Type: %%886 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x8007042c Error description: The dependency
service or group failed to start.
Error - 5/21/2014 12:22:56 PM | Computer Name = CustomDesktop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.175.11.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
Current
Engine Version: Previous Engine Version: 1.1.10600.0 Error code: 0xc8000222 Error
description: Length of message passed to NtRequestPort or NtRequestWaitReplyPort
was longer than the maximum message allowed by the port.
Error - 5/21/2014 12:23:19 PM | Computer Name = CustomDesktop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: Update Source: %%815 Update Stage: %%854 Source
Path: Signature Type: %%886 Update Type: %%803 User: CustomDesktop\SomeCrazyStuff
Current
Engine Version: Previous Engine Version: Error code: 0x8007042c Error description:
The dependency service or group failed to start.
Error - 5/21/2014 12:23:19 PM | Computer Name = CustomDesktop | Source = Microsoft Antimalware | ID = 2003
Description = %%860 has encountered an error trying to update the engine. New Engine
Version: Previous Engine Version: Engine Type: %%886 User: CustomDesktop\SomeCrazyStuff
Error
Code: 0x8007042c Error description: The dependency service or group failed to start.
Error - 5/21/2014 12:23:20 PM | Computer Name = CustomDesktop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854
Source
Path: http://go.microsoft....5D-99752CCA7094
Signature
Type: %%886 Update Type: %%803 User: CustomDesktop\SomeCrazyStuff Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x8007042c Error description: The dependency
service or group failed to start.
Error - 5/21/2014 2:18:18 PM | Computer Name = CustomDesktop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.175.98.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
Current
Engine Version: Previous Engine Version: 1.1.10600.0 Error code: 0xc8000222 Error
description: Length of message passed to NtRequestPort or NtRequestWaitReplyPort
was longer than the maximum message allowed by the port.
Error - 5/21/2014 2:18:40 PM | Computer Name = CustomDesktop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: Update Source: %%815 Update Stage: %%854 Source
Path: Signature Type: %%886 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE
Current
Engine Version: Previous Engine Version: Error code: 0x8007042c Error description:
The dependency service or group failed to start.
Error - 5/21/2014 2:18:40 PM | Computer Name = CustomDesktop | Source = Microsoft Antimalware | ID = 2003
Description = %%860 has encountered an error trying to update the engine. New Engine
Version: Previous Engine Version: Engine Type: %%886 User: NT AUTHORITY\NETWORK
SERVICE Error Code: 0x8007042c Error description: The dependency service or group
failed to start.
Error - 5/21/2014 2:18:40 PM | Computer Name = CustomDesktop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854
Source
Path: http://go.microsoft....5D-99752CCA7094
Signature
Type: %%886 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x8007042c Error description: The dependency
service or group failed to start.
Error - 5/21/2014 4:35:24 PM | Computer Name = CustomDesktop | Source = Service Control Manager | ID = 7023
Description = The amBX Service service terminated with the following error: %%1115
< End of report >
MBAM log:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/22/2014
Scan Time: 9:50:10 PM
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.05.23.03
Rootkit Database: v2014.05.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
OS: Windows 7
CPU: x64
File System: NTFS
User: SomeCrazyStuff
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 272127
Time Elapsed: 9 min, 39 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
I apologize in advanced. I do have limited times where I can reply. I am very busy on workdays and sometimes do not get in til late in which case i go straight to bed. I will make every attempt to answer promptly. Thanks for your time!