Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malicious URL C:\windows\sytem32\wscript.exe [Closed]

Malicious URL wscript.exe

  • This topic is locked This topic is locked

#1
LordKurow

LordKurow

    New Member

  • Member
  • Pip
  • 4 posts

Been having this pop up since a couple hours ago, tried to scan with avast and malwarebytes, found nothing so far.

8WrPmXb.jpg

 

Also tried OTL so far:

 

OTL logfile created on: 1/6/2016 7:04:30 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\HeroCorruptor66\Downloads\Programs
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16384)
Locale: 00003409 | Country: Philippines | Language: ENP | Date Format: M/d/yyyy
 
5.91 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 32.39% Memory free
9.89 Gb Paging File | 5.72 Gb Available in Paging File | 57.77% Paging File free
Paging file location(s): c:\pagefile.sys 4074 4074 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.75 Gb Total Space | 522.39 Gb Free Space | 56.74% Space Free | Partition Type: NTFS
 
Computer Name: LORDKUROWPC | User Name: HeroCorruptor66 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2016/01/06 06:50:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HeroCorruptor66\Downloads\Programs\OTL.exe
PRC - [2016/01/05 09:42:27 | 007,021,880 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2016/01/05 09:42:15 | 000,226,440 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/12/31 02:21:34 | 000,392,136 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015/12/30 00:00:33 | 003,442,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
PRC - [2015/10/28 18:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/10/12 09:28:44 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2015/10/12 09:28:42 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2015/10/05 09:48:34 | 009,832,760 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2015/09/29 19:26:20 | 003,907,152 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2015/08/27 08:37:44 | 002,634,872 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2015/08/27 08:37:41 | 001,872,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2015/07/26 10:35:42 | 001,719,784 | ---- | M] (EuroTech AE Co., Ltd.) -- C:\Program Files (x86)\Ecsow Dialer\CallBackReminder.exe
PRC - [2015/07/22 15:45:52 | 000,896,632 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
PRC - [2015/07/21 20:23:32 | 000,831,096 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
PRC - [2015/06/16 22:34:14 | 001,027,704 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Frontend.exe
PRC - [2015/06/16 22:33:36 | 000,413,304 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2015/06/16 22:33:14 | 000,433,784 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe
PRC - [2015/06/16 22:33:14 | 000,396,408 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
PRC - [2015/06/16 22:33:06 | 000,290,424 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
PRC - [2015/06/16 22:33:04 | 000,392,312 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe
PRC - [2015/03/30 11:37:39 | 000,568,904 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
PRC - [2015/02/04 18:05:36 | 000,269,848 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2015/01/21 11:51:59 | 009,895,936 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
PRC - [2014/08/06 01:33:30 | 000,132,096 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
PRC - [2014/07/10 16:01:28 | 003,639,568 | ---- | M] (Disc Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe
PRC - [2014/07/10 16:01:00 | 000,887,056 | ---- | M] (Disc Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
PRC - [2013/09/03 23:52:56 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/09/03 23:52:14 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
PRC - [2013/09/03 23:52:14 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2013/07/23 11:47:24 | 000,239,696 | ---- | M] () -- C:\ProgramData\MobileBrServ\mbbService.exe
PRC - [2013/03/27 19:53:36 | 002,216,800 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
PRC - [2012/10/24 14:38:56 | 000,274,760 | ---- | M] () -- C:\Program Files (x86)\SMART BRO\AssistantServices.exe
PRC - [2012/05/11 09:41:56 | 000,156,448 | ---- | M] () -- C:\Program Files (x86)\SMART BRO\UIExec.exe
PRC - [2009/11/10 15:39:26 | 005,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2016/01/05 09:42:29 | 040,539,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2016/01/05 09:42:27 | 000,103,888 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2016/01/05 09:42:26 | 000,469,008 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll
MOD - [2016/01/05 09:42:18 | 000,125,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2015/12/30 00:00:32 | 017,882,304 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll
MOD - [2015/10/03 13:06:17 | 000,012,080 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2015/08/27 08:37:44 | 000,011,896 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2015/08/05 13:47:42 | 001,443,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\NAudio\d1dfecad598fce9cf1709cd1d233f1a7\NAudio.ni.dll
MOD - [2015/08/05 13:47:41 | 002,060,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Frontend\c4dc8e5a3e95508e59161034aa673b32\HD-Frontend.ni.exe
MOD - [2015/08/05 13:47:37 | 000,155,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\795328bb7906a7be4355bba99162a9ae\JSON.ni.dll
MOD - [2015/08/02 00:05:32 | 001,467,392 | ---- | M] () -- C:\Program Files (x86)\BlueStacks\libGLESv2.dll
MOD - [2015/08/02 00:05:32 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\BlueStacks\libEGL.dll
MOD - [2015/03/30 11:37:39 | 000,568,904 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
MOD - [2014/08/18 13:41:37 | 000,358,400 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\QtXml4.dll
MOD - [2014/08/18 13:41:36 | 008,503,296 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\QtGui4.dll
MOD - [2014/08/18 13:41:36 | 000,863,744 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\QtNetwork4.dll
MOD - [2014/08/18 13:41:35 | 002,349,568 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\QtCore4.dll
MOD - [2013/09/24 03:35:46 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b66c3a9184d6f58a4ea4c9fda959ae1\System.Configuration.ni.dll
MOD - [2013/09/24 03:35:45 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c0052aff87b28099a76300de91deab35\System.ServiceProcess.ni.dll
MOD - [2013/09/24 03:35:44 | 011,917,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42edbc5d3f9295cb2a1d60c31e22cd3f\System.Web.ni.dll
MOD - [2013/09/24 03:35:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3ef49b2672992839babbcec7a64ed9b1\System.Runtime.Remoting.ni.dll
MOD - [2013/09/24 03:35:30 | 005,463,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9e55130078215e51257977a651b0696b\System.Xml.ni.dll
MOD - [2013/09/24 03:35:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\eac55000ab752ad6469e74bc2031a3ef\System.Windows.Forms.ni.dll
MOD - [2013/09/24 03:35:18 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e846f72e7c00312a5d9c04e7f70fa4a8\System.Drawing.ni.dll
MOD - [2013/09/24 03:35:11 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\2cf4ca11dfbba16f4f64e94726d7a303\System.Management.ni.dll
MOD - [2013/09/24 03:34:40 | 007,993,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5a86b00da9227fe7c9a1f6ca95c1850c\System.ni.dll
MOD - [2013/09/24 03:34:34 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0cc1da9cd31b490f4ec04cb6c2aa0519\mscorlib.ni.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/11 09:41:56 | 000,156,448 | ---- | M] () -- C:\Program Files (x86)\SMART BRO\UIExec.exe
MOD - [2012/03/18 12:07:57 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\imageformats\qjpeg4.dll
MOD - [2012/03/18 12:07:54 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\imageformats\qgif4.dll
MOD - [2012/01/15 17:50:08 | 000,370,688 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\libsndfile.dll
MOD - [2012/01/15 17:50:00 | 000,390,656 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\lame_enc.dll
MOD - [2009/11/10 15:39:24 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2016/01/05 09:42:15 | 000,226,440 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015/08/27 08:37:41 | 001,155,192 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2015/08/27 08:37:39 | 005,544,568 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV:64bit: - [2013/09/04 20:20:16 | 000,466,504 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2013/08/29 15:36:00 | 000,532,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/08/29 15:24:19 | 001,295,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/08/22 20:39:24 | 003,395,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/08/22 20:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 20:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 20:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 19:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 19:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 19:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 19:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 19:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 19:03:23 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/08/22 18:36:01 | 000,321,024 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2013/08/22 18:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 18:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 18:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 18:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 17:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 17:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/08/22 17:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 17:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 17:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 17:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 17:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 17:41:28 | 000,365,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/08/22 17:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 17:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 17:40:00 | 000,265,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/08/22 17:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 17:38:22 | 001,563,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/08/22 17:36:35 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/08/22 17:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 17:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/08/22 16:47:59 | 001,534,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/08/16 12:21:10 | 000,339,456 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2013/08/10 00:18:58 | 000,328,544 | ---- | M] (Toshiba Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Teco\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2013/07/31 19:15:06 | 000,053,864 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV:64bit: - [2013/07/17 00:34:02 | 000,216,976 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe -- (THAccelSvc)
SRV:64bit: - [2013/05/12 00:45:54 | 000,822,232 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/05/12 00:45:38 | 000,733,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/07/28 21:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2015/12/31 02:21:29 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/12/30 00:00:33 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/10/28 18:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/10/12 09:28:44 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2015/10/12 09:28:42 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/08/27 08:37:41 | 001,872,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2015/07/21 20:23:32 | 000,831,096 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc)
SRV - [2015/06/16 22:33:36 | 000,413,304 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2015/06/16 22:33:14 | 000,433,784 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2014/12/01 17:18:04 | 000,033,080 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2014/08/06 01:33:30 | 000,132,096 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
SRV - [2014/07/10 16:01:00 | 000,887,056 | ---- | M] (Disc Soft Ltd) [On_Demand | Running] -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Bus Service)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/21 04:13:54 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/09/03 23:52:56 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/09/03 23:52:14 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/09/03 23:52:14 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2013/08/22 20:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/22 11:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 10:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/08/22 10:35:39 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/08/22 09:03:34 | 000,312,448 | ---- | M] (Windows ® Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013/07/23 11:47:24 | 000,239,696 | ---- | M] () [Auto | Running] -- C:\ProgramData\MobileBrServ\mbbService.exe -- (Mobile Broadband HL Service)
SRV - [2013/03/27 19:53:34 | 000,163,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2012/10/24 14:38:56 | 000,274,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMART BRO\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2016/01/06 06:45:45 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2016/01/05 09:43:52 | 000,451,040 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2016/01/05 09:43:51 | 000,097,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswmonflt.sys -- (aswMonFlt)
DRV:64bit: - [2016/01/05 09:42:34 | 000,273,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2016/01/05 09:42:34 | 000,155,304 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2016/01/05 09:42:34 | 000,065,224 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2016/01/05 09:42:33 | 000,093,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2016/01/05 09:42:33 | 000,028,656 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2016/01/05 09:42:06 | 001,055,560 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2015/10/05 09:50:22 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/10/03 13:06:17 | 000,031,352 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2015/09/08 11:47:40 | 000,146,072 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VBoxNetLwf.sys -- (VBoxNetLwf)
DRV:64bit: - [2015/08/27 08:37:39 | 000,019,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2015/08/11 12:52:30 | 000,050,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2015/06/12 10:00:58 | 000,197,616 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2014/11/21 14:55:56 | 000,141,440 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2014/07/25 02:13:12 | 000,029,696 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtscsibus.sys -- (dtscsibus)
DRV:64bit: - [2014/01/22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/12/18 11:33:16 | 000,017,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ampa.sys -- (ampa)
DRV:64bit: - [2013/11/01 03:22:28 | 000,027,032 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2013/09/16 23:21:52 | 000,449,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/09/16 23:17:28 | 004,177,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/09/03 23:52:14 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/08/23 06:51:12 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/08/23 06:51:12 | 000,026,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/08/23 03:12:11 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/08/23 03:12:07 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 21:25:40 | 000,175,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/08/22 21:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 21:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 20:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 20:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 20:49:33 | 000,234,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/08/22 20:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 20:49:29 | 000,039,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/08/22 20:45:37 | 000,135,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/08/22 20:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 20:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 20:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 20:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 20:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 20:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 20:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 20:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 20:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 20:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 20:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 20:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 20:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 20:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 20:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 20:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 20:43:34 | 000,466,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/08/22 20:43:34 | 000,325,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/08/22 20:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 20:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 20:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 20:43:32 | 000,370,528 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/08/22 20:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 20:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 20:43:31 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/08/22 20:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 20:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 20:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 20:43:31 | 000,056,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/08/22 20:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 20:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/08/22 20:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 20:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 20:39:15 | 000,086,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/08/22 20:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 20:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 20:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 20:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/08/22 20:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/08/22 20:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/08/22 19:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 19:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 19:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 19:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 19:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 19:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 19:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 19:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 19:38:30 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthA2DP.sys -- (BthA2DP)
DRV:64bit: - [2013/08/22 19:38:26 | 000,032,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthHfAud.sys -- (BthHFAud)
DRV:64bit: - [2013/08/22 19:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 19:38:23 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb22.sys -- (xusb22)
DRV:64bit: - [2013/08/22 19:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 19:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 19:38:17 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/08/22 19:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 19:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 19:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 19:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 19:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 19:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 19:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 19:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 19:36:37 | 000,224,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/08/22 19:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 19:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 19:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 19:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 16:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/22 14:42:06 | 000,528,112 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/08/22 14:42:06 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/08/22 08:59:58 | 000,590,024 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013/08/19 19:32:10 | 000,032,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Thotkey.sys -- (Thotkey)
DRV:64bit: - [2013/08/16 12:21:10 | 000,551,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2013/08/16 03:13:30 | 003,859,968 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)
DRV:64bit: - [2013/08/15 08:13:32 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2013/08/13 07:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 08:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/08/07 21:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/08/01 02:25:43 | 001,936,088 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/07/31 02:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/26 03:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/18 13:55:44 | 000,130,248 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2013/06/25 10:34:22 | 000,109,336 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2013/05/19 02:02:52 | 000,039,168 | ---- | M] (Scarlet.Crush Productions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScpVBus.sys -- (ScpVBus)
DRV:64bit: - [2013/03/26 02:01:16 | 000,110,976 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\THAccel.sys -- (THAccel)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/25 07:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2012/07/21 22:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/06/18 17:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2012/05/12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011/12/07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011/09/01 11:17:54 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2011/08/29 11:42:56 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2011/08/29 11:42:56 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2011/08/29 11:42:56 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2011/08/29 11:42:56 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011/05/25 05:10:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/07/02 01:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2015/06/16 22:33:28 | 000,145,528 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2013/12/18 11:33:16 | 000,017,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ampa.sys -- (ampa)
DRV - [2009/09/11 17:11:46 | 000,014,344 | ---- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys -- (PEGAGFN)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F4ED0519-C584-4DDA-BE93-FA0B93D040F6}
IE:64bit: - HKLM\..\SearchScopes\{F46DCA0A-CD02-43BA-B169-38539BC9E999}: "URL" = http://www.bing.com/...=IE11TR&pc=TEJB
IE:64bit: - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...=IE11TR&pc=TEJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {F4ED0519-C584-4DDA-BE93-FA0B93D040F6}
IE - HKLM\..\SearchScopes\{F46DCA0A-CD02-43BA-B169-38539BC9E999}: "URL" = http://www.bing.com/...=IE11TR&pc=TEJB
IE - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...=IE11TR&pc=TEJB
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3368743618-531305195-2325762822-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TEJB
IE - HKU\S-1-5-21-3368743618-531305195-2325762822-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.toshibamea.com[binary data]
IE - HKU\S-1-5-21-3368743618-531305195-2325762822-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3368743618-531305195-2325762822-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-3368743618-531305195-2325762822-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.toshibamea.com[binary data]
IE - HKU\S-1-5-21-3368743618-531305195-2325762822-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-3368743618-531305195-2325762822-1002\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3368743618-531305195-2325762822-1002\..\SearchScopes,DefaultScope = {F4ED0519-C584-4DDA-BE93-FA0B93D040F6}
IE - HKU\S-1-5-21-3368743618-531305195-2325762822-1002\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...=IE11TR&pc=TEJB
IE - HKU\S-1-5-21-3368743618-531305195-2325762822-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3368743618-531305195-2325762822-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "PH"
FF - prefs.js..browser.search.hiddenOneOffs: "Google,DuckDuckGo"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "PH"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: edit-source%40mozilla.com:1.0.1.1-signed
FF - prefs.js..extensions.enabledAddons: giorgio%40gilestro.tk:1.0.6.1-signed
FF - prefs.js..extensions.enabledAddons: nicofox%40littlebtc:1.0b5.1-signed
FF - prefs.js..extensions.enabledAddons: siphon%40siphon.ian-halpern.com:0.9.8.1-signed
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:1.3.1.1-signed
FF - prefs.js..extensions.enabledAddons: %7B4a313247-8330-4a81-948e-b79936516f78%7D:2.0.2.1-signed
FF - prefs.js..extensions.enabledAddons: %7B6dd0bdba-0a02-429e-b595-87a7dfdca7a1%7D:0.8.8.1.1-signed
FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:28.0.2.1-signed
FF - prefs.js..extensions.enabledAddons: %7B992791ee-61dc-7b98-a8fd-dc49b7deeee9%7D:3.4.6.1-signed
FF - prefs.js..extensions.enabledAddons: %7B9c51bd27-6ed8-4000-a2bf-36cb95c0c947%7D:11.0.1.1-signed
FF - prefs.js..extensions.enabledAddons: %7B0AA9101C-D3C1-4129-A9B7-D778C6A17F82%7D:2.09.1-signed
FF - prefs.js..extensions.enabledAddons: ramback%40pavlov.net:1.0.1-signed
FF - prefs.js..extensions.enabledAddons: mozilla_cc2%40internetdownloadmanager.com:6.23.19
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.77
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:3.6
FF - prefs.js..extensions.enabledAddons: %7B5e594888-3e8e-47da-b2c6-b0b545112f84%7D:1.3.18
FF - prefs.js..extensions.enabledAddons: rikaichan-jpen%40polarcloud.com:2.01.160101
FF - prefs.js..extensions.enabledAddons: rikaichan-jpnames%40polarcloud.com:2.01.160101
FF - prefs.js..extensions.enabledAddons: %7B77d2ed30-4cd2-11e0-b8af-0800200c9a66%7D:14beta3
FF - prefs.js..network.proxy.http: "122.219.134.221"
FF - prefs.js..network.proxy.http_port: 8081
FF - prefs.js..services.sync.prefs.sync.browser.search.selectedEngine: true
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.66.2: C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2: C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.66.2: C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2: C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HeroCorruptor66\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 25.8.1\extensions\\Components: C:\PROGRAM FILES\PALE MOON\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 25.8.1\extensions\\Plugins: C:\PROGRAM FILES\PALE MOON\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2016/01/05 09:48:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016/01/05 09:48:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 41.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 41.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/11/03 20:01:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/11/03 20:01:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015/08/14 18:36:02 | 000,029,742 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\HeroCorruptor66\AppData\Roaming\IDM\idmmzcc5 [2015/08/22 02:16:18 | 000,000,000 | ---D | M]
 
[2014/07/24 16:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\Extensions
[2016/01/06 07:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\Firefox\Profiles\mcxypkkc.default\extension-data
[2016/01/05 06:01:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\Firefox\Profiles\mcxypkkc.default\extensions
[2015/05/29 17:34:41 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\Firefox\Profiles\mcxypkkc.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2015/11/09 04:56:30 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\Firefox\Profiles\mcxypkkc.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2015/05/29 17:34:41 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\Firefox\Profiles\mcxypkkc.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2015/12/20 16:19:28 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\Firefox\Profiles\mcxypkkc.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2016/01/03 20:59:23 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\Firefox\Profiles\mcxypkkc.default\extensions\[email protected]
[2016/01/04 05:51:00 | 000,000,000 | ---D | M] (Rikaichan Japanese Names Dictionary File) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\Firefox\Profiles\mcxypkkc.default\extensions\[email protected]
[2015/07/03 09:25:59 | 000,033,639 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\[email protected]
[2015/05/29 16:22:40 | 000,029,746 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\[email protected]
[2015/12/19 21:05:14 | 000,676,067 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\[email protected]
[2015/04/25 22:05:10 | 000,031,720 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\[email protected]
[2015/12/30 21:04:35 | 001,955,324 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\[email protected]
[2015/12/22 18:03:04 | 004,825,111 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\[email protected]
[2015/05/29 17:34:42 | 000,082,034 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\[email protected]
[2015/10/26 03:19:57 | 000,052,267 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\[email protected]
[2016/01/05 06:01:20 | 000,063,590 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\[email protected]
[2015/12/13 20:22:40 | 000,791,867 | R--- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\[email protected]
[2015/12/17 21:04:39 | 000,055,995 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\[email protected]
[2015/09/24 18:19:00 | 000,191,773 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\[email protected]
[2015/05/29 17:34:42 | 000,557,749 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\[email protected]
[2015/07/03 09:37:33 | 000,012,256 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\[email protected]
[2015/05/29 17:34:42 | 000,073,252 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\[email protected]
[2015/12/28 21:04:37 | 001,405,202 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\[email protected]
[2015/12/05 23:59:12 | 000,082,491 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\[email protected]
[2015/05/27 16:22:51 | 000,060,015 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\{065ee92a-ad57-42a2-b6d5-466b6fd8e24d}.xpi
[2015/12/21 21:05:37 | 000,540,031 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
[2015/05/29 17:34:41 | 000,025,114 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2015/05/29 17:34:41 | 000,022,758 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\{4a313247-8330-4a81-948e-b79936516f78}.xpi
[2015/12/15 19:20:11 | 000,090,134 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}.xpi
[2015/05/29 17:34:41 | 000,038,159 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2015/05/29 17:34:41 | 000,116,706 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\{992791ee-61dc-7b98-a8fd-dc49b7deeee9}.xpi
[2015/05/29 17:34:40 | 000,084,992 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2015/05/30 16:22:43 | 000,009,703 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi
[2015/12/15 21:04:31 | 000,989,188 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/11/22 05:41:47 | 000,356,897 | ---- | M] () (No name found) -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/07/24 18:30:46 | 000,006,057 | ---- | M] () -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\searchplugins\bingp.xml
[2015/01/23 21:23:45 | 000,001,006 | ---- | M] () -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\searchplugins\danbooru.xml
[2015/11/12 05:04:47 | 000,003,122 | ---- | M] () -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\searchplugins\desustorage.xml
[2014/08/01 06:04:06 | 000,001,122 | ---- | M] () -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\searchplugins\deviantart-where-art-meets-application.xml
[2015/01/31 09:32:00 | 000,000,683 | ---- | M] () -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\searchplugins\download-music-movies-games-software-the-pirate-bay---the-ga-1.xml
[2015/10/25 21:58:05 | 000,001,529 | ---- | M] () -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\searchplugins\duckduckgo-.xml
[2015/01/25 23:26:39 | 000,002,492 | ---- | M] () -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\searchplugins\gelbooru.xml
[2015/02/25 11:30:43 | 000,000,572 | ---- | M] () -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\searchplugins\internet-archive-wayback-machine.xml
[2014/08/01 06:05:14 | 000,000,745 | ---- | M] () -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\searchplugins\niconico-douga-ginza.xml
[2014/08/01 15:04:51 | 000,001,777 | ---- | M] () -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\searchplugins\nt--browse.xml
[2014/08/01 06:03:02 | 000,001,386 | ---- | M] () -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\searchplugins\pixiv.xml
[2014/08/01 06:19:46 | 000,001,019 | ---- | M] () -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\searchplugins\tumblr.xml
[2014/08/01 06:02:34 | 000,001,043 | ---- | M] () -- C:\Users\HeroCorruptor66\AppData\Roaming\mozilla\firefox\profiles\mcxypkkc.default\searchplugins\youtube.xml
[2015/10/15 08:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/12/31 02:21:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/08/14 18:36:02 | 000,029,742 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\INTERNET DOWNLOAD MANAGER\IDMMZCC2.XPI
[2015/10/01 04:47:00 | 000,225,976 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfdjglobiolninfgldchakgfldifphic\0.4_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\cellaaeoekimmemgdheibaibbaoeefbl\3.20.14_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii\2.1.2_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.3.3_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\1.5.2_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecoahjklhopckkiefihjloeidikepdh\0.4.2_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm\2.2.3_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm\3.0.0_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.210_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp\0.8.9_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.5.0.9082_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg\0.98.84_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.23.15_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhlfmheblhjhkmacldlhdnbgbaiigba\3.0.0_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdhfcagdlpjbpfldpabhkdibdcbaiih\3.4_0\
CHR - Extension: No name found = C:\Users\HeroCorruptor66\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
 
O1 HOSTS File: ([2015/01/20 05:30:29 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TSSSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TssSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [1.TPUReg] C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe (TOSHIBA)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [Andy] C:\Program Files\Andy\HandyAndy.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TSVU] c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe (TOSHIBA)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\SMART BRO\UIExec.exe ()
O4 - HKU\S-1-5-21-3368743618-531305195-2325762822-1002..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3368743618-531305195-2325762822-1002..\Run: [CallBackReminder] C:\Program Files (x86)\Ecsow Dialer\callbackreminder.exe (EuroTech AE Co., Ltd.)
O4 - HKU\S-1-5-21-3368743618-531305195-2325762822-1002..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3368743618-531305195-2325762822-1002..\Run: [DAEMON Tools Ultra Agent] C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-3368743618-531305195-2325762822-1002..\Run: [KakaoTalk] C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe (Daum Kakao Corp. )
O4 - HKU\S-1-5-21-3368743618-531305195-2325762822-1002..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3368743618-531305195-2325762822-1002..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()
O4 - HKU\S-1-5-21-3368743618-531305195-2325762822-1002..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Users\HeroCorruptor66\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\javaplus.vbs ()
O4 - Startup: C:\Users\HeroCorruptor66\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65F1F85C-BDCB-4455-BF3D-290FC7EC5A34}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC09D3F2-8360-48CC-8B7B-D0A6D4580979}: DhcpNameServer = 10.4.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C73718AB-49F9-4043-985B-387AF70CD40D}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE246B7D-9DBA-4E40-BE40-BAE4D650AC53}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5bbc1888-135c-11e4-825e-28e3475de606}\Shell - "" = AutoRun
O33 - MountPoints2\{5bbc1888-135c-11e4-825e-28e3475de606}\Shell\AutoRun\command - "" = "E:\setup.exe"
O33 - MountPoints2\{5bbc190b-135c-11e4-825e-28e3475de606}\Shell - "" = AutoRun
O33 - MountPoints2\{5bbc190b-135c-11e4-825e-28e3475de606}\Shell\AutoRun\command - "" = "F:\FalloutNewVegasDLC_setup.exe"
O33 - MountPoints2\{5bbc190f-135c-11e4-825e-28e3475de606}\Shell - "" = AutoRun
O33 - MountPoints2\{5bbc190f-135c-11e4-825e-28e3475de606}\Shell\AutoRun\command - "" = "H:\autorun.exe"
O33 - MountPoints2\{5e6a53e1-4de1-11e4-8265-28e3475de606}\Shell - "" = AutoRun
O33 - MountPoints2\{5e6a53e1-4de1-11e4-8265-28e3475de606}\Shell\AutoRun\command - "" = "E:\AutoRun.exe"
O33 - MountPoints2\{a4eebe1f-965d-11e5-82cf-28e3475de606}\Shell - "" = AutoRun
O33 - MountPoints2\{a4eebe1f-965d-11e5-82cf-28e3475de606}\Shell\AutoRun\command - "" = "F:\Lenovo_Suite.exe"
O33 - MountPoints2\{b499898a-a656-11e4-827d-28e3475de606}\Shell - "" = AutoRun
O33 - MountPoints2\{b499898a-a656-11e4-827d-28e3475de606}\Shell\AutoRun\command - "" = "E:\Autorun.exe"
O33 - MountPoints2\{b97454fc-2861-11e4-8263-28e3475de606}\Shell - "" = AutoRun
O33 - MountPoints2\{b97454fc-2861-11e4-8263-28e3475de606}\Shell\AutoRun\command - "" = "E:\Autorun.exe"
O33 - MountPoints2\{e9648d85-1723-11e4-8260-28e3475de606}\Shell - "" = AutoRun
O33 - MountPoints2\{e9648d85-1723-11e4-8260-28e3475de606}\Shell\AutoRun\command - "" = "I:\autorun.exe"
O33 - MountPoints2\{fdbae1ec-dca8-11e4-8289-28e3475de606}\Shell - "" = AutoRun
O33 - MountPoints2\{fdbae1ec-dca8-11e4-8289-28e3475de606}\Shell\AutoRun\command - "" = "E:\Autorun.exe"
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016/01/06 06:17:09 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/01/06 06:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/01/06 06:16:46 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016/01/06 06:16:46 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016/01/06 06:16:46 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016/01/06 06:16:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016/01/06 06:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016/01/05 09:42:36 | 000,386,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2016/01/05 09:42:27 | 000,043,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2015/12/17 21:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2015/12/17 21:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2015/12/17 21:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2015/12/17 03:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/12/17 03:39:54 | 000,097,888 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2015/12/17 03:14:22 | 000,000,000 | ---D | C] -- C:\Users\HeroCorruptor66\AppData\Roaming\Tencent
[2015/12/15 00:01:04 | 000,000,000 | ---D | C] -- C:\Users\HeroCorruptor66\AppData\Roaming\gambatte
[2015/12/14 15:40:12 | 000,000,000 | ---D | C] -- C:\Users\HeroCorruptor66\AppData\Local\CEF
[2015/12/10 17:34:58 | 000,000,000 | ---D | C] -- C:\Users\HeroCorruptor66\AppData\Roaming\Shuame
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2016/01/06 07:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/01/06 06:45:45 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/01/06 06:42:00 | 000,001,002 | ---- | M] () -- C:\Users\HeroCorruptor66\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
[2016/01/06 06:41:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/01/06 06:41:39 | 000,002,080 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2016/01/06 06:41:39 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/01/06 06:41:39 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016/01/06 06:41:20 | 000,002,270 | ---- | M] () -- C:\Users\HeroCorruptor66\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2016/01/06 06:41:20 | 000,001,693 | ---- | M] () -- C:\Users\HeroCorruptor66\Application Data\Microsoft\Internet Explorer\Quick Launch\BROFORCE_Beta.lnk
[2016/01/06 06:41:20 | 000,001,447 | ---- | M] () -- C:\Users\HeroCorruptor66\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2016/01/06 06:41:20 | 000,001,170 | ---- | M] () -- C:\Users\HeroCorruptor66\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2016/01/06 06:41:20 | 000,001,136 | ---- | M] () -- C:\Users\HeroCorruptor66\Application Data\Microsoft\Internet Explorer\Quick Launch\KakaoTalk.lnk
[2016/01/06 06:41:20 | 000,001,127 | ---- | M] () -- C:\Users\HeroCorruptor66\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2016/01/06 06:41:20 | 000,001,125 | ---- | M] () -- C:\Users\HeroCorruptor66\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2016/01/06 06:41:20 | 000,001,026 | ---- | M] () -- C:\Users\HeroCorruptor66\Application Data\Microsoft\Internet Explorer\Quick Launch\Fotosizer.lnk
[2016/01/06 06:41:20 | 000,000,986 | ---- | M] () -- C:\Users\HeroCorruptor66\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2016/01/06 06:41:20 | 000,000,927 | ---- | M] () -- C:\Users\HeroCorruptor66\Application Data\Microsoft\Internet Explorer\Quick Launch\CDisplayEx.lnk
[2016/01/06 06:41:20 | 000,000,352 | ---- | M] () -- C:\Users\HeroCorruptor66\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2016/01/06 06:41:20 | 000,000,334 | ---- | M] () -- C:\Users\HeroCorruptor66\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2016/01/06 06:40:43 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/01/06 06:39:54 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016/01/06 06:39:52 | 785,211,391 | -HS- | M] () -- C:\hiberfil.sys
[2016/01/06 06:35:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/01/05 09:43:52 | 000,451,040 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2016/01/05 09:43:51 | 000,097,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswmonflt.sys
[2016/01/05 09:42:34 | 000,273,784 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswVmm.sys
[2016/01/05 09:42:34 | 000,155,304 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2016/01/05 09:42:34 | 000,065,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2016/01/05 09:42:33 | 000,386,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2016/01/05 09:42:33 | 000,093,528 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2016/01/05 09:42:33 | 000,028,656 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2016/01/05 09:42:27 | 000,043,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2016/01/05 09:42:06 | 001,055,560 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2015/12/30 00:00:22 | 009,479,872 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2015/12/29 02:20:21 | 000,863,592 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/12/29 02:20:21 | 000,722,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/12/29 02:20:21 | 000,135,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/12/24 20:00:18 | 000,000,132 | ---- | M] () -- C:\Users\HeroCorruptor66\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2015/12/17 03:41:47 | 000,110,176 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2015/12/17 03:39:38 | 000,097,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2016/01/06 06:33:28 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016/01/06 06:16:49 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/01/05 09:51:03 | 000,001,763 | ---- | C] () -- C:\Users\HeroCorruptor66\javaplus.vbs
[2015/11/04 21:05:49 | 000,000,218 | ---- | C] () -- C:\Users\HeroCorruptor66\AppData\Local\recently-used.xbel
[2015/10/08 07:03:36 | 037,882,488 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2015/08/08 10:30:07 | 000,000,132 | ---- | C] () -- C:\Users\HeroCorruptor66\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2015/05/22 01:14:10 | 000,740,775 | ---- | C] () -- C:\ProgramData\AndyDrivers.zip
[2015/04/30 22:43:56 | 000,000,132 | ---- | C] () -- C:\Users\HeroCorruptor66\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2015/01/20 05:33:35 | 000,000,132 | ---- | C] () -- C:\Users\HeroCorruptor66\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014/12/10 13:26:47 | 001,809,520 | ---- | C] () -- C:\Windows\ampa.exe
[2014/12/10 13:26:47 | 000,017,008 | ---- | C] () -- C:\Windows\SysWow64\ampa.sys
 
========== ZeroAccess Check ==========
 
[2014/07/25 02:37:50 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/22 20:40:00 | 021,192,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/22 13:25:39 | 018,634,248 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 17:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 10:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 17:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2013/08/22 19:31:58 | 000,207,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/08/22 19:34:22 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2013/08/22 17:53:13 | 000,092,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2013/08/22 18:19:14 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2013/08/22 17:56:54 | 000,827,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/08/22 17:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2013/08/22 10:48:12 | 000,044,032 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 17:40:30 | 000,468,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2013/08/22 10:38:29 | 000,329,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2013/08/22 18:00:58 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/08/22 18:01:39 | 000,129,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2013/08/22 17:50:00 | 000,761,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2013/08/22 18:04:13 | 000,353,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2013/08/22 10:55:17 | 000,285,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2013/08/22 18:05:11 | 000,255,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2013/08/22 17:44:18 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:64bit: - [2013/08/22 19:34:06 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2013/08/22 12:05:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2013/08/22 17:34:33 | 000,433,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2013/08/22 17:35:27 | 000,403,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2013/08/22 17:23:23 | 000,716,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2013/08/22 17:54:27 | 000,070,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2013/08/22 17:05:22 | 000,254,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2013/08/22 17:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 17:35:48 | 000,387,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2013/08/22 21:25:35 | 000,029,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2013/08/22 19:35:42 | 000,124,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2013/08/22 17:10:12 | 000,798,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:64bit: - [2013/08/22 19:22:30 | 000,101,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2013/08/22 17:18:58 | 000,534,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2013/08/22 17:50:00 | 000,761,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2013/08/22 19:32:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/08/22 21:25:35 | 000,045,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2013/08/22 17:12:56 | 000,133,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2013/08/22 17:48:09 | 000,324,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2013/08/22 17:24:27 | 000,629,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2013/08/22 10:27:04 | 000,564,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2013/08/22 17:07:32 | 001,212,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2013/08/22 18:55:30 | 000,306,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2013/08/22 11:33:38 | 000,248,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2013/08/22 18:00:18 | 000,050,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2013/08/22 17:47:43 | 000,220,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2013/08/22 17:19:19 | 001,436,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2013/08/22 17:23:08 | 000,835,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:64bit: - [2013/08/22 17:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
No service found with a name of SDRSVC
SRV:64bit: - [2013/08/22 20:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 17:44:27 | 001,669,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:64bit: - [2013/08/22 17:23:55 | 000,878,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2013/08/22 18:39:20 | 000,634,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2013/08/22 19:23:10 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2013/08/22 11:56:51 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2013/08/22 17:48:04 | 000,220,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2013/08/22 17:17:38 | 003,524,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2013/08/22 18:30:45 | 000,258,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2013/08/22 17:23:05 | 001,500,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:64bit: - [2013/08/22 17:54:22 | 000,284,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< set /c >
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\HeroCorruptor66\AppData\Roaming
asl.log=Destination=file
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=LORDKUROWPC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\HeroCorruptor66
LOCALAPPDATA=C:\Users\HeroCorruptor66\AppData\Local
LOGONSERVER=\\MicrosoftAccount
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\OpenVPN\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=3c03
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\HEROCO~1\AppData\Local\Temp
TMP=C:\Users\HEROCO~1\AppData\Local\Temp
USERDOMAIN=LORDKUROWPC
USERDOMAIN_ROAMINGPROFILE=LORDKUROWPC
USERNAME=HeroCorruptor66
USERPROFILE=C:\Users\HeroCorruptor66
VBOX_MSI_INSTALL_PATH=C:\Program Files\Oracle\VirtualBox\
windir=C:\Windows
__COMPAT_LAYER=Installer
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 111 bytes -> C:\Users\HeroCorruptor66\SkyDrive:ms-properties

< End of report >
 

OTL Extras logfile created on: 1/6/2016 7:04:30 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\HeroCorruptor66\Downloads\Programs
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16384)
Locale: 00003409 | Country: Philippines | Language: ENP | Date Format: M/d/yyyy
 
5.91 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 32.39% Memory free
9.89 Gb Paging File | 5.72 Gb Available in Paging File | 57.77% Paging File free
Paging file location(s): c:\pagefile.sys 4074 4074 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.75 Gb Total Space | 522.39 Gb Free Space | 56.74% Space Free | Partition Type: NTFS
 
Computer Name: LORDKUROWPC | User Name: HeroCorruptor66 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3368743618-531305195-2325762822-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24C0F6D4-F7E7-44FB-94B6-963FCF566334}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{30A95A28-387E-4B88-9909-CABD9E6ADCD1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{594B1FDA-A983-4C51-87A6-610A82226383}" = lport=138 | protocol=17 | dir=in | app=system |
"{6C30A374-53F9-45C7-BDFF-E6752FBAEDBB}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{6D844672-42A8-4FD2-8CFD-2111125C7777}" = lport=139 | protocol=6 | dir=in | app=system |
"{6E66A6A1-86C0-4A32-8DDF-3FF4F92D3FA1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BDA56B4-7783-4E45-80A8-022A72A67AF7}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{8E895075-573B-4A1D-BBCA-08DAD34B39CB}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe |
"{95F325C6-C742-485B-9057-D582BB670BCD}" = lport=137 | protocol=17 | dir=in | app=system |
"{9D02B72F-F731-4407-89E3-7A043654DB93}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{A8C1EF1E-4661-4699-8B1A-50526CD799C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{AD9BA446-8C5A-468D-929F-CEAF0DE6A737}" = lport=445 | protocol=6 | dir=in | app=system |
"{BC060AD2-3CA6-4B05-AFBA-63576B0774D9}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{C084557B-5D53-4F83-9859-B720B6725BE6}" = rport=139 | protocol=6 | dir=out | app=system |
"{C63EE049-EFA8-42DF-B040-54AD27752464}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{CF1CAF31-639E-4211-AECB-F625F6ABC77B}" = rport=137 | protocol=17 | dir=out | app=system |
"{D8E67D5F-93F1-4E0B-AB8E-D8189A83D412}" = rport=138 | protocol=17 | dir=out | app=system |
"{E44DC4B4-3AD6-4D37-805B-5A1BC44C1069}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{E7F62251-19AE-4EC4-B56B-BE08609EB05B}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{FDAEEFB2-8E87-43C5-8D87-C2C4E0567DAA}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F6C7ED-B278-4C2C-B06A-E512429532B2}" = protocol=17 | dir=in | app=c:\vidyagaems\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe |
"{04478DA5-D6B9-42BF-B6DC-81337719A401}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{058D87FD-3F63-4B8D-A316-5DA7AB86C094}" = dir=in | name=skype |
"{0CE0F750-384D-4AA3-86A9-FD1A1097C739}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3688\agent.exe |
"{0F323856-A0D9-4AA5-BC81-4A1A5CD17F25}" = dir=out | [email protected]{microsoft.bingsports_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{117F9EB9-2D4A-49C7-B232-DB1E0DFA9F66}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{14CB1DDA-D9D3-4E3E-B540-EEC8B8DD0563}" = dir=in | name=evernote touch |
"{153F7D71-01EA-4DD2-B75F-D1F9368D01B2}" = dir=in | name=evernote touch |
"{1C22B38D-7F45-4530-96F5-AC45659CC539}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1C3B4D56-FCD8-4406-B6A1-72856DF8D144}" = protocol=17 | dir=in | app=c:\program files (x86)\bdwm\clipsync server\clipsync server.exe |
"{1CB12289-8B3E-4308-AC3D-480D4B5F7CCC}" = dir=out | name=fresh paint |
"{1D2677F3-3038-4954-BF59-806EBCB0A9A7}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{1D4D2DFC-6BA4-4F51-8BDF-EAA1B6686651}" = dir=out | [email protected]{microsoft.binghealthandfitness_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{2B8DEE81-025C-4E8F-B558-C1ADE204012B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{2D560A19-4AD4-47FB-A946-23325680F083}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{357B307F-F394-46AD-90B6-21668B3679E9}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{384F7D04-0E9E-46C4-B526-4B1273AF85BE}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{38A0B4C1-244B-4C97-B5F7-DA15C5F74AE9}" = protocol=1 | dir=in | [email protected],-28543 |
"{3AAF61C2-92DE-4CFC-9125-19B2610242AB}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{3F3B9AD8-0579-4736-B997-DA2F3F08B4B9}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |
"{40B57CA9-6466-4451-AAD9-14E572F44F4D}" = dir=out | name=evernote touch |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{442B42AF-21E4-460E-B9FD-13BEAD33EBC5}" = dir=out | [email protected]{microsoft.bingnews_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{444CC532-39BF-4D3A-9C37-3F8211394F62}" = dir=in | name=evernote touch |
"{44AE3298-DCF2-4A70-8668-18CE63B444BD}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{44B7C979-7FF2-469D-8488-E7EA6B0936B5}" = dir=in | name=toshiba media player by smedio truelink+ |
"{459E3DC6-5A5D-44F5-8098-9F8E0422BC48}" = protocol=58 | dir=in | [email protected],-28545 |
"{491C4553-6F4B-4B6F-9594-1EAE71430C3E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4E09100F-23FE-45C5-A9D1-9FE76210AF9A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{55ECE051-E74A-41BE-A651-2C18EA693257}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{56E53349-1806-4F46-B919-2EB3CE6AA810}" = protocol=58 | dir=out | [email protected],-28546 |
"{5799CFCF-7209-405B-8201-A2A699D59327}" = dir=out | name=skype |
"{57E37624-4B24-4A0C-80A0-48FE6DD013CE}" = protocol=6 | dir=in | app=c:\vidyagaems\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe |
"{59080BCF-A0CD-4BEA-BD5E-DAD3EA3C0AD2}" = protocol=6 | dir=in | app=c:\program files\andy\andy.exe |
"{5A9C4BD7-3402-4143-9B78-F2C4B3819AC2}" = dir=out | [email protected]{microsoft.bingtravel_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{5EE5B36C-F545-49FE-88B6-9ACFB4FDFC5F}" = dir=out | [email protected]{microsoft.bingfinance_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{616155C8-A5F5-4E22-B86F-FAF13322BF30}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{63808FCC-94F0-4047-BBC4-0A2D11B4D894}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3715\agent.exe |
"{64AF06AE-485C-4D7F-B5C5-8DEA593BA704}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{671E7549-19E5-4F35-B4AA-CCB505614113}" = protocol=6 | dir=in | app=c:\program files (x86)\bdwm\clipsync server\clipsync server.exe |
"{676F7995-D77B-4988-A1EE-9F21CAA6C4C3}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe |
"{6BBF0D94-ACBD-442C-B9D3-8FE92BBE9B90}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{6D8D71DD-D344-4681-B668-C4E762C3C389}" = dir=out | name=adera - lite |
"{6F66BBDA-7B07-4FCC-A4E8-A09670971AA0}" = dir=out | name=shark dash |
"{70239C21-8C66-456E-AB74-52C5A275450C}" = protocol=17 | dir=in | app=c:\vidyagaems\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon.exe |
"{7088FC53-AD63-44BB-BFFB-52E9BDFA4F53}" = dir=out | [email protected]{microsoft.zunemusic_2.6.672.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{72125353-CECF-4609-B1A4-F21B09AE5C68}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{789DAC2B-3799-4813-B3E3-EA4F4EBB28FB}" = dir=out | [email protected]{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{7EDE8AEE-5902-4339-A48B-409296004EE6}" = protocol=6 | dir=in | app=c:\vidyagaems\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon.exe |
"{86B24980-8187-4A52-A4EB-79897CADB270}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{88576957-B6D4-471D-BB8C-DF4E5A8CFF6A}" = dir=out | name=skitch touch |
"{9334F565-4F0B-445B-BD26-395531D0B757}" = dir=out | [email protected]{microsoft.bingweather_3.0.4.337_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{98DDAFA2-9D3B-4251-98A6-EE2A94333BAB}" = dir=out | name=windows_ie_ac_001 |
"{9E2BA043-5EC0-4CC3-A89A-3A503B433AA1}" = protocol=17 | dir=in | app=c:\vidyagaems\goat simulator\binaries\win32\goatgame-win32-shipping.exe |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A021D11B-7BE9-424F-A56E-CB0EF13C91F4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3715\agent.exe |
"{A25AD18E-0278-4167-82BC-345EE7581512}" = protocol=6 | dir=in | app=c:\vidyagaems\goat simulator\binaries\win32\goatgame-win32-shipping.exe |
"{A40BF979-C254-49BB-A87B-5553BA28C296}" = dir=out | [email protected]{microsoft.zunevideo_2.6.446.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{A48E8EB8-7C57-4233-9C44-A8DC0F7E06D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3688\agent.exe |
"{A5D6AC78-AA6E-415A-9BF9-67D01D3E03A0}" = protocol=1 | dir=out | [email protected],-28544 |
"{A78D2041-A452-4031-83D9-19CBA95C8EBC}" = protocol=17 | dir=in | app=c:\users\herocorruptor66\downloads\programs\imgdownload\fourchan-dl.exe |
"{ACBA11C1-5D95-4524-8AB7-688BC2B96503}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B0524085-2A4C-4FCA-AA56-0E5BDE370B07}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B2DCF6D4-8905-4A5E-BD85-B55931D86800}" = dir=in | [email protected]{microsoft.windowsreadinglist_6.3.9654.20947_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{B6367874-DB00-4E01-9BF3-B92D1AFE2026}" = dir=out | name=- games app - |
"{BB572C1F-7A8A-429E-A14D-DCB72AE3E0FF}" = dir=out | [email protected]{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{BB7A77E4-8154-45E9-A7C3-076E5027AE27}" = dir=out | [email protected]{microsoft.windowsreadinglist_6.3.9654.20947_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{CA8A0C8C-5ACE-4659-B2F8-E195B041EDE0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CEE1E50F-DA26-4773-A436-E968442F100D}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{D27EDDC0-4290-4873-BEC2-DA840CA154DD}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{D468AAFD-94D8-4D2D-8CC4-50C53BD78DEE}" = dir=out | name=toshiba media player by smedio truelink+ |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D8540AE0-59E3-45EC-8A0C-C779A17EF78A}" = dir=out | name=nerokwik |
"{D890014B-4F30-4949-A994-269C38EFCC89}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3688\agent.exe |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DDCAE516-8B2D-42F1-9949-1A5B91773707}" = protocol=6 | dir=in | app=c:\vidyagaems\ubisoft\far cry 3 blood dragon\bin\fc3bdupdater.exe |
"{DF727E7E-9FAF-4BDF-9C52-2A36BC683677}" = protocol=17 | dir=in | app=c:\vidyagaems\ubisoft\far cry 3 blood dragon\bin\fc3bdupdater.exe |
"{E4E545E5-88EF-43B1-B4F1-0FE94711C034}" = dir=out | name=evernote touch |
"{E51A0482-D10F-4689-9AE3-168A28B0D189}" = dir=in | name=nerokwik |
"{E58DA479-FC26-4828-8A0C-50E45496BF75}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3688\agent.exe |
"{E87150B5-8455-4D19-AC35-A6CC21221C85}" = protocol=17 | dir=in | app=c:\program files\andy\andy.exe |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F7B574A3-AB97-4DFA-978A-59E4C25BB3A8}" = dir=out | [email protected]{microsoft.bingfoodanddrink_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{FD52C0D3-0C2C-45EC-BD14-887ED71A3B7B}" = protocol=6 | dir=in | app=c:\users\herocorruptor66\downloads\programs\imgdownload\fourchan-dl.exe |
"TCP Query User{1590FE66-5D17-48BD-A361-B0F3DFE6A90F}C:\vidyagaems\goat simulator\binaries\win32\goatgame-win32-shipping.exe" = protocol=6 | dir=in | app=c:\vidyagaems\goat simulator\binaries\win32\goatgame-win32-shipping.exe |
"TCP Query User{2454284F-78F6-47F8-86BA-45C2560A5DE1}C:\program files (x86)\deluge\deluge.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deluge\deluge.exe |
"TCP Query User{31F64B7F-E089-4375-BA74-98D83B988843}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{3562CECD-D056-4755-AC52-D7DE7833DB78}C:\users\herocorruptor66\downloads\programs\imgdownload\fourchan-dl.exe" = protocol=6 | dir=in | app=c:\users\herocorruptor66\downloads\programs\imgdownload\fourchan-dl.exe |
"TCP Query User{3E9DDDCE-5333-4FCC-885C-0066F6F2C4CD}C:\program files (x86)\bdwm\clipsync server\clipsync server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bdwm\clipsync server\clipsync server.exe |
"TCP Query User{A17A53B8-59D8-452D-9C76-DBCA87CD3C56}C:\vidyagaems\r.g. mechanics\dying light\dyinglightgame.exe" = protocol=6 | dir=in | app=c:\vidyagaems\r.g. mechanics\dying light\dyinglightgame.exe |
"TCP Query User{CE21BA9A-CCA0-42F6-8DF3-EB77A43215F0}C:\program files\andy\andy.exe" = protocol=6 | dir=in | app=c:\program files\andy\andy.exe |
"UDP Query User{05603C95-1079-4FF5-AB34-D50B9C1DE9DD}C:\vidyagaems\goat simulator\binaries\win32\goatgame-win32-shipping.exe" = protocol=17 | dir=in | app=c:\vidyagaems\goat simulator\binaries\win32\goatgame-win32-shipping.exe |
"UDP Query User{1949A51D-B0C0-4464-B669-C1E7A6C5B45D}C:\vidyagaems\r.g. mechanics\dying light\dyinglightgame.exe" = protocol=17 | dir=in | app=c:\vidyagaems\r.g. mechanics\dying light\dyinglightgame.exe |
"UDP Query User{3944D926-E0AD-4E93-9C84-5CA20BB3B6B8}C:\users\herocorruptor66\downloads\programs\imgdownload\fourchan-dl.exe" = protocol=17 | dir=in | app=c:\users\herocorruptor66\downloads\programs\imgdownload\fourchan-dl.exe |
"UDP Query User{394B8438-78B7-446D-B319-A7E67E4AD595}C:\program files (x86)\bdwm\clipsync server\clipsync server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bdwm\clipsync server\clipsync server.exe |
"UDP Query User{3BAD3A36-32C5-4742-AA5E-0BC515A9BE78}C:\program files\andy\andy.exe" = protocol=17 | dir=in | app=c:\program files\andy\andy.exe |
"UDP Query User{8D351055-B040-486F-B1E2-DC5CEC6A1733}C:\program files (x86)\deluge\deluge.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deluge\deluge.exe |
"UDP Query User{E5EBB098-D5DF-4F0C-B26D-589C43170D51}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1515F5E3-29EA-4CD1-A981-032D88880F09}" = TOSHIBA Audio Enhancement
"{16562A90-71BC-41A0-B890-D91B0C267120}" = TOSHIBA Function Key
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0922-000001000000}" = 7-Zip 9.22 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86418060F0}" = Java 8 Update 60 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86418066F0}" = Java 8 Update 66 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{34FE5428-54F4-3883-9372-AD81FFD14F69}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.20617
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{588A747E-CFF6-46B3-9207-CD754F9473AF}" = IDT Audio Driver
"{5944B9D4-3C2A-48DE-931E-26B31714A2F7}" = TOSHIBA eco Utility
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1" = Genymotion version 2.5.4
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}" = Classic Shell
"{84FA4D2D-4273-4C66-BD3D-ADD3FE48DFA2}" = TOSHIBA Display Utility
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCF8C8F-4ADA-3395-BF10-A3437F9929D4}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.20617
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{93F692D4-0C4D-4EED-9BFE-657C1D5959FE}" = Intel® Rapid Storage Technology
"{95CCACF0-010D-45F0-82BF-858643D8BC02}" = TOSHIBA Desktop Assist
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 358.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 358.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.5.14.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 2.5.14.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.15.0428
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.5.14.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.5.14.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.31
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}" = Vegas Pro 13.0 (64-bit)
"{D10D0851-CCC6-11E3-9ED2-F04DA23A5C58}" = MSVCRT Redists
"{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}" = TOSHIBA HDD Accelerator
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}" = TOSHIBA Service Station
"{FC191F32-1A67-4231-91D0-0059A57C99A8}" = Oracle VM VirtualBox 5.0.4
"{FF07604E-C860-40E9-A230-E37FA41F103A}" = TOSHIBA VIDEO PLAYER
"CCleaner" = CCleaner
"CDisplayEx_is1" = CDisplayEx 1.10.29
"Combined Community Codec Pack 64bit_is1" = Combined Community Codec Pack 64bit 2015-10-18
"Defraggler" = Defraggler
"File Shredder_is1" = File Shredder 2.5
"Icaros_is1" = Icaros 2.2.7
"Pale Moon 25.8.1 (x64 en-US)" = Pale Moon 25.8.1 (x64 en-US)
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TAP-Windows" = TAP-Windows 9.9.2
"Unlocker" = Unlocker 1.9.2
"WinRAR archiver" = WinRAR 5.21 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1" = AOMEI Partition Assistant Standard Edition 5.6
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05A55927-DB9B-4E26-BA44-828EBFF829F0}" = TOSHIBA System Settings
"{083EF76E-0760-4D7A-9508-0B88A3AF1889}" = HexEdit
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1B8CE8F2-4D3C-4014-B63F-034E0A638717}}_is1" = Fallout New Vegas DLCs
"{1E6A96A1-2BAB-43EF-8087-30437593C66C}" = TOSHIBA System Driver
"{1EE65D14-6927-405F-A640-43ECBC9AB85C}" = Terrordrome_Final
"{1F2DC3EA-9682-3AAA-BB63-D9BC1AC17960}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.20617
"{1f407217-9aec-4146-8504-e64ac959c534}" = Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.21
"{26A24AE4-039D-4CA4-87B4-2F83218060F0}" = Java 8 Update 60
"{26A24AE4-039D-4CA4-87B4-2F83218066F0}" = Java 8 Update 66
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic ™
"{2E0AA616-4129-4F22-99BF-03C9B8D84FEC}" = Angry Birds Star Wars II
"{2E4AB750-27D1-4D7E-BD37-BC69FD8D341E}" = ClipSync Server
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{34927EBC-98D4-4D53-98BE-510DF5999F50}" = Adobe AIR
"{3792811C-832F-4392-B44A-24092901EDDC}" = BlueStacks Notification Center
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = piaip AppLocale
"{420ED767-62A5-462F-9DDA-AE3A95D4BF32}" = Alcor Micro USB Card Reader
"{448652c1-f5f3-4230-98c6-68c10c88b1fb}" = Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{703E9CCF-0578-4AF0-B1F7-90368CFDC8DD}" = Viber
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74D52476-2E1E-3F1B-8460-E4ECF2FB6491}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.20617
"{78931270-BC9E-441A-A52B-73ECD4ACFAB5}" = TOSHIBA Password Utility
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = TOSHIBA Manuals
"{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1" = HF pAppLoc version 1.1.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9395F41D-0F80-432E-9A59-B8E477E7E163}" = OpenOffice 4.1.1
"{95615D0F-8568-4C1A-B8EF-65C4F526DDD8}}_is1" = Fallout New Vegas
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A071F478-73E0-4143-AE55-4DD6BABD74F5}" = Far Cry 3 Blood Dragon
"{A56F495B-7075-4510-AC91-485416140DA2}" = ILLUSION ジンコウガクエン2 きゃらめいく
"{A5E92823-5726-4733-AF09-EF64CC8C3B42}_is1" = Ikaruga version Gouki
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = SMART BRO
"{AC76BA86-0804-1033-1959-001824161310}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1" = Kingo ROOT version 1.4.0.2390
"{AF83EF7D-353A-4E0C-9919-C4E4BCB5F742}" = ILLUSION ジンコウガクエン2
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C10E441B-6E77-48B5-B8C3-2CEDAAE93549}_is1" = 東方紅輝心
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3848ADA-B107-47E2-816C-C84A51E333CF}_is1" = Astebreed version 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F89CDED6-B1F1-489F-BA44-698BF6A737C2}" = System Requirements Lab
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"1207664823_is1" = Shovel Knight
"1207665033_is1" = OlliOlli
"1427985242_is1" = Titan Souls
"1430123043_is1" = Chroma Squad
"Adobe AIR" = Adobe AIR
"Adobe Flash Player NPAPI" = Adobe Flash Player 20 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.2
"AmUStor" = Alcor Micro USB Card Reader
"Andy OS" = Andy OS
"Audacity_is1" = Audacity 2.0.6
"Avast" = Avast Free Antivirus
"Betternet" = Betternet
"BlueStacks App Player" = BlueStacks App Player
"BroForce: October Update2598" = BroForce: October Update
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2014-07-13
"DAEMON Tools Ultra" = DAEMON Tools Ultra
"Deluge" = Deluge 1.3.12
"Dolphin" = Dolphin
"foobar2000" = foobar2000 v1.3.7
"Fotosizer" = Fotosizer 2.09
"Fraps" = Fraps (remove only)
"Goat Simulator Update v1.2.34870_is1" = Goat Simulator Update v1.2.34870
"GOGPACKSUPERPUZZLEPLATFORMERDX_is1" = Super Puzzle Platformer Deluxe
"Google Chrome" = Google Chrome
"Half Minute Hero Super Mega Neo Climax Ultimate Boy_is1" = Half Minute Hero Super Mega Neo Climax Ultimate Boy
"HandBrake" = HandBrake 0.10.2
"iFunbox_is1" = iFunbox (v2.8.2414.748), iFunbox DevTeam
"InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}" = TOSHIBA Password Utility
"Internet Download Manager" = Internet Download Manager
"IrfanView" = IrfanView (remove only)
"KakaoTalk" = KakaoTalk
"LAME_is1" = LAME v3.99.3 (for Windows)
"LINE" = LINE
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.0.1024
"Messenger Plus! for Skype" = Messenger Plus! for Skype
"Metal Gear Rising Revengeance_is1" = Metal Gear Rising Revengeance
"Mobile Broadband HL Service" = Mobile Broadband HL Service
"Mozilla Firefox 43.0.3 (x86 en-US)" = Mozilla Firefox 43.0.3 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Nokia X Manager 1.1.0.0" = Nokia X Manager 1.1.0.0
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.3.6-I001
"Photo Background Remover_is1" = Photo Background Remover 1.1
"Pidgin" = Pidgin
"Pokemon Showdown" = Pokemon Showdown
"Puzzle Quest1.01" = Puzzle Quest
"Settings Manager" = Settings Manager
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"Terrordrome_Final V2.9.5" = Terrordrome_Final V2.9.5
"Transformers  Devastation_is1" = Transformers  Devastation
"Trillian" = Trillian
"Uplay" = Uplay
"VirtuallTek Font Factory_is1" = Font Factory 1.1.0.2005
"Winamp" = Winamp
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"幻想人形演舞_is1" = 幻想人形演舞
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3368743618-531305195-2325762822-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{e577cb09-2068-44fb-8eed-cfcc1617b010}" = Viber
"AIM" = AIM for Windows
"Bad Piggies RePack" = Bad Piggies RePack
"CopyTrans Suite" = CopyTrans Control Center Uninstall Only
"deedbad90e6fdcb3" = Uno Tag Team Patcher
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/20/2015 9:24:38 AM | Computer Name = LordKurowPC | Source = Application Hang | ID = 1002
Description = The program LiveComm.exe version 17.5.9600.20911 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 185c    Start
 Time: 01d0db4abdb566c8    Termination Time: 4294967295    Application Path: C:\Program
Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report
 Id: b3c082a5-473e-11e5-82b1-28e3475de606    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting
 package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1  
 
Error - 8/20/2015 11:18:22 AM | Computer Name = LordKurowPC | Source = .NET Runtime | ID = 1022
Description =
 
Error - 8/20/2015 11:18:26 AM | Computer Name = LordKurowPC | Source = .NET Runtime | ID = 1026
Description =
 
Error - 8/20/2015 11:18:29 AM | Computer Name = LordKurowPC | Source = .NET Runtime | ID = 1022
Description =
 
Error - 8/20/2015 11:18:29 AM | Computer Name = LordKurowPC | Source = .NET Runtime | ID = 1026
Description =
 
Error - 8/20/2015 11:18:30 AM | Computer Name = LordKurowPC | Source = .NET Runtime | ID = 1022
Description =
 
Error - 8/20/2015 11:18:30 AM | Computer Name = LordKurowPC | Source = .NET Runtime | ID = 1026
Description =
 
Error - 8/20/2015 11:18:30 AM | Computer Name = LordKurowPC | Source = .NET Runtime | ID = 1022
Description =
 
Error - 8/20/2015 11:18:30 AM | Computer Name = LordKurowPC | Source = .NET Runtime | ID = 1026
Description =
 
Error - 8/20/2015 7:06:44 PM | Computer Name = LordKurowPC | Source = .NET Runtime | ID = 1026
Description =
 
[ System Events ]
Error - 1/5/2016 8:03:27 AM | Computer Name = LordKurowPC | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
 code is 70. The Windows SChannel error state is 11.
 
Error - 1/5/2016 6:06:37 PM | Computer Name = LordKurowPC | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
 code is 10. The Windows SChannel error state is 10.
 
Error - 1/5/2016 6:06:39 PM | Computer Name = LordKurowPC | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
 code is 10. The Windows SChannel error state is 10.
 
Error - 1/5/2016 6:06:41 PM | Computer Name = LordKurowPC | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
 code is 10. The Windows SChannel error state is 10.
 
Error - 1/5/2016 6:08:24 PM | Computer Name = LordKurowPC | Source = Service Control Manager | ID = 7031
Description = The Avast Antivirus service terminated unexpectedly.  It has done
this 1 time(s).  The following corrective action will be taken in 5000 milliseconds:
 Restart the service.
 
Error - 1/5/2016 6:19:12 PM | Computer Name = LordKurowPC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
 
Error - 1/5/2016 6:19:20 PM | Computer Name = LordKurowPC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
 
Error - 1/5/2016 6:38:41 PM | Computer Name = LordKurowPC | Source = DCOM | ID = 10016
Description =
 
Error - 1/5/2016 6:38:58 PM | Computer Name = LordKurowPC | Source = DCOM | ID = 10010
Description =
 
Error - 1/5/2016 6:40:09 PM | Computer Name = LordKurowPC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
 
 
< End of report >
 

 

What do I do?


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I will need you to run a different analyser for me

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
LordKurow

LordKurow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Here.

 

A couple things to note.

 

It actually stopped showing up for around more than 12 hours or so, then only popped up again a few minutes ago, but only once. The earliest times, it showed 2-4 warning popups per appearance.

Attached Files


Edited by LordKurow, 06 January 2016 - 10:32 AM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did this happen after you used a USB stick ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Startup: C:\Users\HeroCorruptor66\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\javaplus.vbs [2015-11-21] ()
FF NetworkProxy: "http", "122.219.134.221"
FF NetworkProxy: "http_port", 8081
Task: {E188C45C-2C0C-43A8-8C98-3184F27278FE} - System32\Tasks\WindowsUpda2ta => C:\Users\HeroCorruptor66\javaplus.vbs [2015-11-21] () <==== ATTENTION
Task: {4737E0F0-700B-4197-BF73-B6DD9571F8EA} - System32\Tasks\WindowsUpda2ta => C:\Users\HeroCorruptor66\javaplus.vbs [2015-11-21] () <==== ATTENTION
C:\Users\HeroCorruptor66\javaplus.vbs
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download Anti VBS/VBE to your desktop
  • download the appropriate version (32 bit or 64 bit) and double click the file to run it.
  • After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
  • Post that report
Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run

FINALLY

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#5
LordKurow

LordKurow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

No USB

Attached Files


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The alerts should now be history
  • 0

#7
LordKurow

LordKurow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Thanks!


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have you run AdwCleaner ? Any further problems ?
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP