CVac

The problem seems to have disappeared for now, I'll bring it up on the Firefox help forum. On startup, I am getting a js error box, likely due to the dll that I deleted. Nothing seems to be wrong, but if system instability becomes evident, I will attempt to restore the file.

UPDATE: I have located js3260.dll as well as update.exe in C:\Program Files (x86)\Common Files\sysobject and will proceed to make a system restore point before deleting the two objects from my system. I scanned them with Bitdefender and MBAM, but both scans turned up clean. It may be that when I uninstalled Firefox, all files were not properly deleted.

(bump)

Problem is still recurring :/ this time after I woke my PC from sleep mode, the error messages started popping up one after another.

ComboFix Log: ComboFix 13-11-03.02 - Admin 11/03/2013 10:20:56.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.5624 [GMT -5:00] Running from: c:\users\Admin\Desktop\ComboFix.exe AV: Bitdefender Antivirus *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C} FW: Bitdefender Firewall *Enabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7} SP: Bitdefender Antispyware *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files\PrivacySafeGuard\PrIVacysafeguard.dll c:\programdata\1338546611.bdinstall.bin c:\programdata\1338546713.bdinstall.bin c:\programdata\1338547561.bdinstall.bin c:\programdata\ntuser.dat c:\users\Admin\AppData\Roaming\0ad c:\users\Admin\AppData\Roaming\0ad\config\user.cfg c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk c:\users\Admin\AppData\Roaming\poclbm c:\users\Admin\AppData\Roaming\poclbm\poclbm.ini c:\windows\SysWow64\frapsvid.dll c:\windows\wininit.ini E:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2013-10-03 to 2013-11-03 ))))))))))))))))))))))))))))))) . . 2013-11-03 15:36 . 2013-11-03 15:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-11-03 15:36 . 2013-11-03 15:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-03 15:36 . 2013-11-03 15:36 -------- d-----w- c:\users\Mcx1-VICETHAL-X1\AppData\Local\temp 2013-11-01 19:30 . 2013-11-01 19:31 -------- d-----w- C:\AdwCleaner 2013-11-01 19:28 . 2013-11-01 19:28 -------- d-----w- c:\programdata\YTD Video Downloader 2013-11-01 19:13 . 2013-11-01 19:13 -------- d-----w- c:\windows\ERUNT 2013-10-24 18:56 . 2013-10-24 18:56 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes 2013-10-24 18:56 . 2013-10-24 18:56 -------- d-----w- c:\programdata\Malwarebytes 2013-10-24 18:56 . 2013-10-24 18:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-10-24 18:56 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-10-22 13:04 . 2013-10-22 13:04 -------- d-----w- c:\programdata\Oracle 2013-10-22 13:01 . 2013-10-22 13:01 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-10-22 13:01 . 2013-10-08 11:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-18 20:19 . 2013-10-18 20:19 -------- d-----w- c:\program files (x86)\MTA San Andreas 1.3 2013-10-18 20:19 . 2013-10-18 20:19 -------- d-----w- c:\programdata\MTA San Andreas All 2013-10-18 13:41 . 2013-10-18 17:57 -------- d-----w- c:\programdata\Yahoo! 2013-10-18 13:40 . 2013-10-18 18:09 -------- d-----w- c:\program files (x86)\Yahoo! 2013-10-17 14:30 . 2013-10-17 14:42 -------- d-----w- c:\program files (x86)\xpadder_gamepad_profiler 2013-10-17 13:53 . 2013-10-17 14:23 -------- d-----w- c:\program files (x86)\Joy2Key 2013-10-15 20:54 . 2013-10-15 20:54 589600 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-10-14 03:53 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-10-14 03:53 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-10-14 03:53 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-10-14 03:53 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-10-14 03:53 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-10-14 03:53 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-10-14 03:53 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-10-13 15:55 . 2013-06-25 22:55 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-10-13 15:54 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll 2013-10-13 15:51 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll 2013-10-11 07:17 . 2013-10-11 07:17 -------- d-----w- c:\windows\SysWow64\RTCOM 2013-10-11 07:17 . 2013-10-11 07:17 -------- d-----w- c:\program files\Realtek 2013-10-11 07:17 . 2013-03-20 17:16 2102040 ----a-w- c:\windows\system32\WavesGUILib64.dll 2013-10-11 07:17 . 2009-11-24 13:55 518896 ----a-w- c:\windows\system32\SRSTSX64.dll 2013-10-11 07:17 . 2009-11-24 13:55 211184 ----a-w- c:\windows\system32\SRSTSH64.dll 2013-10-11 07:17 . 2009-11-24 13:55 198896 ----a-w- c:\windows\system32\SRSHP64.dll 2013-10-11 07:17 . 2009-11-24 13:55 155888 ----a-w- c:\windows\system32\SRSWOW64.dll 2013-10-11 07:17 . 2013-03-26 18:38 1659464 ----a-w- c:\windows\system32\RTSnMg64.cpl 2013-10-11 07:17 . 2013-03-26 21:06 2797128 ----a-w- c:\windows\system32\RtPgEx64.dll 2013-10-11 07:17 . 2011-12-20 19:32 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll 2013-10-11 07:17 . 2013-03-30 01:42 3379272 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys 2013-10-11 07:15 . 2013-02-28 17:10 2032408 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll 2013-10-11 07:15 . 2013-03-20 17:16 910104 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll 2013-10-11 07:15 . 2010-09-27 13:34 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll 2013-10-11 07:15 . 2013-03-26 21:04 2734624 ----a-w- c:\windows\system32\FMAPO64.dll 2013-10-11 07:15 . 2012-06-20 21:26 110592 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll 2013-10-11 07:14 . 2013-03-23 07:43 208072 ----a-w- c:\windows\system32\AERTAC64.dll 2013-10-11 07:14 . 2012-03-08 15:47 108640 ----a-w- c:\windows\system32\AERTAR64.dll 2013-10-11 07:12 . 2006-02-07 19:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe 2013-10-11 07:12 . 2006-02-07 19:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2013-10-11 07:12 . 2006-02-07 19:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2013-10-11 07:12 . 2006-02-07 19:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2013-10-11 07:12 . 2006-02-07 19:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2013-10-11 07:12 . 2005-11-14 03:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2013-10-11 07:12 . 2013-10-11 07:12 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2013-10-11 07:12 . 2013-10-11 07:12 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2013-10-10 01:05 . 2013-10-10 01:05 -------- d-----w- c:\program files (x86)\Realtek 2013-10-10 00:18 . 2013-10-10 00:29 -------- d-----w- c:\users\Admin\Valley 2013-10-04 19:49 . 2013-10-04 19:49 -------- d-----w- C:\Riot Games 2013-10-04 19:47 . 2013-10-05 03:21 -------- d-----w- c:\users\Admin\AppData\Local\PMB Files 2013-10-04 19:47 . 2013-10-05 03:21 -------- d-----w- c:\programdata\PMB Files 2013-10-04 19:47 . 2013-10-04 19:47 -------- d-----w- c:\program files (x86)\Pando Networks 2013-10-04 19:46 . 2013-10-04 19:47 -------- d-----w- c:\users\Admin\AppData\Roaming\Riot Games . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-18 13:44 . 2012-05-07 20:57 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-10-18 13:44 . 2012-04-29 21:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-16 00:48 . 2013-05-19 00:55 3067560 ----a-w- c:\windows\system32\nvapi64.dll 2013-10-16 00:48 . 2013-05-19 00:55 2694664 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-10-16 00:48 . 2013-05-19 00:55 15244272 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-10-16 00:48 . 2013-05-19 00:55 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-10-16 00:48 . 2013-05-19 00:39 61216 ----a-w- c:\windows\system32\OpenCL.dll 2013-10-16 00:48 . 2013-05-19 00:39 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-10-15 21:47 . 2013-05-19 00:57 6665504 ----a-w- c:\windows\system32\nvcpl.dll 2013-10-15 21:47 . 2013-05-19 00:57 3489568 ----a-w- c:\windows\system32\nvsvc64.dll 2013-10-15 21:47 . 2013-05-19 00:57 922912 ----a-w- c:\windows\system32\nvvsvc.exe 2013-10-15 21:47 . 2013-05-19 00:57 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-10-15 21:47 . 2013-05-19 00:57 219424 ----a-w- c:\windows\system32\nvmctray.dll 2013-10-13 21:42 . 2012-06-24 16:25 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-10-13 21:42 . 2012-05-21 10:18 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-10-13 21:42 . 2012-05-21 10:18 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-10-13 15:57 . 2012-05-01 10:25 80541720 ----a-w- c:\windows\system32\MRT.exe 2013-10-08 19:14 . 2013-05-19 00:57 3398914 ----a-w- c:\windows\system32\nvcoproc.bin 2013-10-06 16:51 . 2012-05-21 10:18 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2013-09-19 01:42 . 2012-05-17 08:59 57584 ----a-w- c:\windows\system32\iolobtdfg.exe 2013-09-19 01:42 . 2012-05-17 08:59 26184 ----a-w- c:\windows\system32\smrgdf.exe 2013-09-19 01:24 . 2012-12-29 05:27 2155152 ----a-w- c:\windows\system32\Incinerator64.dll 2013-09-19 01:24 . 2012-05-17 09:00 2097984 ----a-w- c:\windows\SysWow64\Incinerator32.dll 2013-09-12 08:58 . 2013-09-19 20:51 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll 2013-09-12 08:58 . 2013-09-19 20:51 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll 2013-08-29 01:48 . 2013-10-13 15:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-20 13:33 . 2013-09-15 20:37 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2013-08-20 13:32 . 2013-09-15 20:37 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll 2013-08-20 13:32 . 2013-09-15 20:37 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\users\Admin\Games\Steam\steam.exe" [2013-10-30 1820584] "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616] "FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarmClock.exe" [2012-04-25 1328976] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640] "Dxtory Update Checker 2.0"="c:\program files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696] "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "TaskMngr"="wscript.exe" [2009-07-14 141824] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-10-01 2345296] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-01 152392] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "{90140000-0011-0000-1000-0000000FF1CE}"="del" [X] "{90140000-001A-0409-1000-0000000FF1CE}"="del" [X] . c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968] Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN247546M205PJ;CONNECTION=NW;MONITOR=1; [2009-7-13 45568] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x] R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x] R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x] R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x] R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys [x] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x] S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x] S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x] S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x] S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x] S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [x] S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x] S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x] S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys;c:\program files (x86)\EVGA Precision\RTCore64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 13:44] . 2013-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 19:34] . 2013-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 19:34] . 2013-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-223215813-1355463031-3474482751-1000Core.job - c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29 20:17] . 2013-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-223215813-1355463031-3474482751-1000UA.job - c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29 20:17] . 2013-11-03 c:\windows\Tasks\HP Photo Creations Messager.job - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}] 2012-08-08 04:08 105472 ----a-w- c:\program files\PrivacySafeGuard\PrivacySafeGuard-x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320] "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-12-12 1091200] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896] "Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536] "Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704] "Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288] . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE "%1" . - - - - ORPHANS REMOVED - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-223215813-1355463031-3474482751-1000\Software\SecuROM\License information*] "datasecu"=hex:ec,57,53,5a,26,16,a6,2a,b6,60,b2,d1,25,82,9a,59,3e,2d,8e,02,56, 4d,42,57,48,fa,6d,d2,a9,03,56,ac,ca,ca,12,21,15,2b,bf,f0,bd,09,cc,8b,2b,89,\ "rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\05\03\09\0a\126^" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-11-03 10:41:16 ComboFix-quarantined-files.txt 2013-11-03 15:41 . Pre-Run: 67,492,491,264 bytes free Post-Run: 67,585,126,400 bytes free . - - End Of File - - 9D98461ACB1061CA61222D77DE343444 A36C5E4F47E84449FF07ED3517B43A31

Extras.txt: OTL Extras logfile created on: 11/2/2013 3:11:12 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16721)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.98 Gb Total Physical Memory | 5.64 Gb Available Physical Memory | 70.68% Memory free15.96 Gb Paging File | 12.76 Gb Available in Paging File | 79.94% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 465.76 Gb Total Space | 63.43 Gb Free Space | 13.62% Space Free | Partition Type: NTFSDrive D: | 2.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive E: | 10.00 Gb Total Space | 1.90 Gb Free Space | 18.94% Space Free | Partition Type: NTFSDrive F: | 797.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: VICETHAL-X1 | User Name: Admin | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 0"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 0"DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{00C89F58-6D23-4F62-A250-3FE2EE321CBF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{061EF0FD-1CA9-4397-A6D2-F2DC50143CE4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{09ACF7EE-4E71-4D7D-AF0C-3A056E7B67ED}" = lport=3390 | protocol=6 | dir=in | app=system | "{1093747A-1AE3-491C-A865-9975F1AE8765}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{19D08D32-A459-45ED-848C-7FCB741A5A8C}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{1AF60F20-C404-4E5B-B1DC-87FF5C847EBE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1F0C51DB-79D5-4CDF-9BE3-D257E3A01BBE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{21F3D806-742F-4EDA-A3AE-4015DC29918F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{33C0C320-BD2A-4881-A7E9-6287E81D36D7}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{3AA2A232-6898-4D88-B847-5F493EF365E2}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{3CC189E1-7343-4498-BEA4-DCD0005014FA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{3FB812F9-F8B3-49B4-9263-10DF7D7E34EB}" = lport=2869 | protocol=6 | dir=in | app=system | "{415BC376-31FA-492A-8FD4-83FBCE66757D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4EE49CCA-CD2C-45D3-A9A8-69D9C10B82BD}" = lport=137 | protocol=17 | dir=in | app=system | "{50CBE249-79F1-4779-9C6A-23F147214E79}" = lport=445 | protocol=6 | dir=in | app=system | "{537240F1-8DC3-4716-902D-6745133F1E7E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{542D5963-3910-4534-8259-B5BE9F9488B5}" = rport=138 | protocol=17 | dir=out | app=system | "{54F8A74E-A917-43AE-B1BB-47D3B0799C35}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{55029334-8529-49FA-8C29-9204F7EF8C20}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{556DE56C-4BFD-44E7-9DE9-C37DE5B51F00}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{5A82DF1E-715A-4345-A43A-C7A29DE10FFD}" = rport=137 | protocol=17 | dir=out | app=system | "{5AABD941-1C76-4018-B7E2-26641F8CD949}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5B8440C6-D25D-4DBA-B46C-67990C2EFA1C}" = lport=2869 | protocol=6 | dir=in | app=system | "{5D0BE7A5-D5F8-407B-A7D3-62E7CB5F30D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5D3CFCF0-4C83-4674-9022-F2A9C7AE6937}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5D7C9B37-D93B-4991-A094-E30691606DD7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{65F66495-ECC5-4383-9E38-C80D200BAB1F}" = lport=3390 | protocol=6 | dir=in | app=system | "{695C15F9-059B-4B0F-B36F-BAF8013E9A86}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{72058272-76B7-4D27-BA63-1C4E4A0663E4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{74E53A24-EC6D-4B3B-AFD6-33BC158E3954}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{76FB30AD-1FC0-4643-900C-6B971D71EADF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{77C0E79B-68AF-4874-8C9F-31B743FC4CFA}" = lport=10244 | protocol=6 | dir=in | app=system | "{7A578C80-8823-4F41-9E6D-E725FE5F9B14}" = lport=139 | protocol=6 | dir=in | app=system | "{7BE4B269-D213-41A3-938E-4270ABBD8628}" = lport=7777 | protocol=17 | dir=in | name=terraria host 2 | "{7C198D57-7B28-4CD1-80F4-4F1B97F3DF34}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{8022C3A6-CFFA-46DE-BD00-17F64533BB7E}" = lport=10244 | protocol=6 | dir=in | app=system | "{8428B0C6-1302-4267-BC16-CBCCEB2ACCB3}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{85A8F0FF-9145-4069-86C0-69CED2AC29B5}" = lport=2869 | protocol=6 | dir=in | app=system | "{89B6825D-56C0-47FF-9528-96100DC851FC}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{8E325F89-F485-48D9-98EA-4B7E8954F724}" = rport=10243 | protocol=6 | dir=out | app=system | "{93C54C33-39F2-406F-B732-BF2D832D0D09}" = lport=138 | protocol=17 | dir=in | app=system | "{942095FC-CEDC-4142-ABEC-A1E0A3D5889E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{95D1EBA1-7387-4210-B986-29BE5D4A53ED}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{96E48C62-49C7-485D-BE73-8E81F36B6B38}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9724B16D-8347-4FD5-B38A-D628DD4FB964}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A1516180-EB41-4101-B0B3-89A739385282}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ADDF436F-DA60-4F85-9F75-AB2890666A42}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{B010840B-225F-4EE2-81F1-B2017B2EFFDC}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B18BA20F-3F45-4F97-8253-1483061B08ED}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{BC3BB215-D127-4656-AB22-3A1827B7C39B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BDE162E6-59FE-4683-87EB-DE3913DBC1BB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C043BC7F-E01B-4630-BEA5-2EBFF92EF4DC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C8BA3C41-3DE9-4E71-8D5D-008E5EC9DBD9}" = lport=10243 | protocol=6 | dir=in | app=system | "{C90C31F9-4C98-4DA1-89D4-9491978B0F23}" = lport=7777 | protocol=6 | dir=in | name=terraria host 1 | "{CE4F4312-5B7C-4C96-BE96-B450A6295607}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CEBD40F8-0620-4937-813E-A51C1189F9EF}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{D450229B-DD6E-487B-B9BA-8BD5C83F8C6D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{D5441A05-B01C-4009-8C3A-6B191C4E489F}" = rport=445 | protocol=6 | dir=out | app=system | "{DD113650-AA16-41D7-B0A6-345A87F03F24}" = rport=139 | protocol=6 | dir=out | app=system | "{E64FB772-6165-4581-9E0C-AA04C0C29104}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{EB50CCD6-379C-4E5B-90AE-CF82262B4839}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{F0A134AF-5133-4078-8555-C8A89415117B}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{FECDE0F3-658C-4215-ADF8-055F5651CBC0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{FF39632B-6647-4F76-8C9F-6B27C6F08FDA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FF660E60-AB8E-41BE-9574-5EC0BCC0A13A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{01A75B23-C2AB-4F27-9905-EF1E68076B28}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\the walking dead\walkingdead101.exe | "{02F156A6-94FA-43F1-BB36-D5DC73564CA8}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\papersplease\papersplease.exe | "{034549ED-4F54-4458-9FF5-25D94F095BB8}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{06F07DF8-A324-4488-8292-F3C4A4A4DF68}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{07C81D60-365A-4E86-A70B-52522B315078}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{07FDDB3A-FA29-45C9-B83A-1DECD567FF9B}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\terraria\terraria.exe | "{08BA5FDF-C201-4B3E-8CC6-A867B7193D1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{094DF0C9-BE7E-4DCB-BA6C-707667181694}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\terraria\terraria.exe | "{09C2618C-A778-4081-A401-E353F824B7CD}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | "{0A0DA4A4-D811-4DD0-9936-E88C08452441}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{0B31FE82-4EBA-4A44-909A-ABD5D27D6CDC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{0C154038-B8B0-4303-B994-25C53EEACB53}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\kerbal space program\ksp.exe | "{0D234A14-B9C6-45EF-B73F-35C7B71DC4EC}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\prison architect\prison architect.exe | "{0D6C5C70-39FE-4434-AD3E-AC6EB630F326}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{0DECD88A-FC0C-4709-BA6F-5632C1DE34CF}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\age of empires 3\bin\age3y.exe | "{0F70EAA1-94B5-4A24-B8B6-00688B4C0C58}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{102B1516-DD2D-43D5-B64B-B73A96E609AD}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\endless space\endlessspace.exe | "{10D7AD3D-5329-4BE3-93C6-4D8EEF45CC6B}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{11FBE5D8-13AB-456E-A28A-3C750A20A24C}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\rome total war gold\rometw-bi.exe | "{1211AD83-A9F2-4967-B851-20E9ABDDB5A6}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | "{12D4002A-943B-46F5-B777-10A52C3383B0}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\kerbal space program\ksp.exe | "{1302200A-1041-4B87-9B37-53E4D468B1A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{133976A7-E734-49BB-AD64-F2E59DE6A065}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\the binding of isaac\isaac.exe | "{13A61C74-7DEB-459F-BCF4-B2E236A0C3C9}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\waking mars\mars-pc.exe | "{14DF9EA4-5626-4C97-945E-09BCD9828F5A}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{150C5025-35AF-441B-A163-F48E0AD91870}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{1597DDF7-88A2-4268-ADB3-2C39A32B947C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{15BAF268-9180-440D-9117-0DD83C9E47A7}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\payday 2\payday2_win32_release.exe | "{1603C0D1-9E84-49D3-B8D7-1735CF169AF8}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | "{162D3F07-3103-460E-8433-CFCA4E9AC2B7}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | "{16603FC2-1754-4235-8EF2-8BFE706700EA}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\age2hd\launcher.exe | "{17012380-627E-49CC-BA95-9EC52BEB866B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{17882798-6F3D-46DF-9707-9778F19276A6}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\terraria\terraria.exe | "{1A9D5CEA-4447-4C7C-BBE6-C405FBA17BB6}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\endless space\endlessspace.exe | "{1CBD1082-A82C-47D4-A178-E4F83F2F26DC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{1DB84257-8866-4159-890E-E53B48BF54D2}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\multiwinia\multiwinia.exe | "{1DCEAC2A-C49A-4BF3-942E-C0AC2A53CA6A}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\garrysmod\hl2.exe | "{1FA69652-42A3-4348-90CD-561C5BA6F420}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{225B8EB7-5A86-4456-B499-5C8B95F466FB}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\chivalry_ded_server\binaries\win32\udk.exe | "{2288C556-7E18-4272-9483-EC88BE27B86A}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\rome total war gold\rometw-bi.exe | "{22E7B23E-B887-40E6-B023-D54ECE56E02D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{2336B040-7F9D-41E4-ABA6-A5E24F049C4A}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\dota 2 beta\dota.exe | "{244B5E26-6A30-45B8-B2BB-AAA17D109924}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{251466DF-3B36-443A-8EB6-AECEFD397F54}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{2522755A-707C-40DD-AC2C-00B190139D6A}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\papersplease\papersplease.exe | "{257BF2B8-D6FB-41B8-A3CF-674DC7AF7F11}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\team fortress 2\hl2.exe | "{258C86C7-DC2C-4B82-9EBE-A54A573CCDB5}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\command and conquer red alert 3\runme.exe | "{2603C52A-EB1B-473B-9DFB-5C178E22E4F3}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | "{2A4CF06A-128A-4E1A-9BCC-8C4621A4F826}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2AEB3CAA-1E37-466C-AD99-D54F007CF61D}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{2CBAC3A5-A46C-4A17-8192-08D363B96F88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{31B9D0EE-B13B-4FC2-861F-5D22AB8129B1}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{31EDABF5-0175-4D9D-9435-73DF3BA9EC66}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\call of duty black ops ii\t6sp.exe | "{343AABF6-51F6-4619-AD72-4EA53E571609}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\payday 2\payday2_win32_release.exe | "{344B1E31-1B12-46D4-89F3-90B2F415D10C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{34676C04-97A1-4CDC-BE4D-4603A044E189}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{354510B9-C9CF-454C-95A5-969E5241ACAC}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\uplink\uplink.exe | "{380ED9D3-03E5-4522-9520-A7023389FCC9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{38BB1505-6421-4269-83DC-0D449155842D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | "{39B70400-CF1B-45ED-BDF4-03F840887D1E}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\alien swarm\swarm.exe | "{3D6C1AF7-F91B-40F9-8500-58F47D5571FD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3E687A12-00AD-4CFB-B4CC-CDFC7CF16274}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | "{3EF4F6B0-EDA3-45CE-ADA3-FE1B2A1FD050}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{4010E75D-A7DF-4A11-8739-7D4D1AE032C3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{41C7932F-CB53-4B79-A9DE-8DBBA6E59CD1}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{425F9824-7B54-477C-AA3E-651F11664E19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{4441D657-0075-4292-9F3A-B744AF089A30}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4543E311-020A-4027-AC46-10857927210E}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\alien swarm\swarm.exe | "{45E035BC-523D-4ED2-A85F-395CD394A396}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe | "{473DB107-736B-44D0-BD6A-B02673D26479}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{48A6C35E-3994-4B5F-B315-96E9E730BF1F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{49ED66E4-AB2D-4530-B618-2A8D55B02581}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4E051BF6-A3DE-4320-A7D2-6A7F39163370}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{50C65771-04F7-41A0-810A-BC749001983A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{516F95CE-2156-44E0-B769-779A07206E7D}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\alien swarm\srcds.exe | "{51B36D7D-19BB-4E3B-848F-383D12EDD0B2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{52AE92A9-E7D8-4975-A506-17082DAD7008}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\nba2k13\nba2k13.exe | "{54E1C35A-70D5-416D-903A-EC6F4C6EC11D}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4 beta\bf4.exe | "{562FA017-298F-40B7-8BB8-2900464502DC}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\rome total war gold\rometw.exe | "{587AD8E4-FB11-4315-B3B4-660DF3844CA7}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\age of empires 3\bin\age3.exe | "{58D95AA4-153A-4746-86CC-80B52DABE180}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\age of empires 3\bin\age3x.exe | "{59070992-B93F-49A7-9936-DC8D5608F904}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\dota 2 beta\dota.exe | "{5B5CAA77-683E-4A17-B282-59FC741C5055}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | "{5C00E47C-A40D-417C-B82A-0DDB87393B9A}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\trialspc\datapack\trialsfmx.exe | "{5C3FF3BB-836C-456B-86C7-CB16D70EA024}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | "{5C6E0296-1D68-469E-A549-02C8939C97FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe | "{5CE37DE2-B284-4EED-A867-DC8CC8A16B67}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\terraria\terraria.exe | "{5DCB04B7-1A10-4291-8E83-E098EBB880B1}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | "{5E23416F-EFBE-4601-A38A-17AF0DE852DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame european escalation\wargame.exe | "{5E7C97B1-5797-4A04-8208-0B7A9F656A4F}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | "{5ECB7F6E-B2E5-4AE6-8932-88ABB002784F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{5EEB0880-8DE5-496D-84DD-521FFE761B8C}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\wargame airland battle\wargame2.exe | "{5FA4AB15-C553-435C-9A30-F6D94F5A3B9D}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\team fortress 2\hl2.exe | "{614DDF08-C5D7-44B5-9C97-9A81EDEE574C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{62643F02-CD62-4DC8-AACF-2F8721C03AF8}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\age2hd\launcher.exe | "{633CF0D0-0D8F-47E0-9981-A04282C798BB}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | "{64A8EEB5-E6AF-4390-92AA-17DF247BAC79}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\the binding of isaac\isaac.exe | "{66C2431A-F013-45B9-92DA-500317380C75}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{67B01047-61E8-416B-9D52-017C950F5DCA}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\age of empires 3\bin\age3.exe | "{67CC9219-F184-4966-90F7-A2B18857023B}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{681E62F9-645A-4D23-A60A-24C77C048056}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\tropico 4\tropico4.exe | "{685D5D19-4DDD-48A7-8400-830385291EE6}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{6CE41935-689D-4A27-B351-11C2C4BDCAB8}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{6D9A85DE-842A-4ED4-88A7-7DCA1C671C30}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | "{6DE157B8-26B8-4B69-B74F-9969BFADDFD4}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{6EA74955-0029-4A04-88DA-485C963F4F69}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\shank 2\bin\shank2.exe | "{6F631FBB-B186-42D8-B3D4-A527EC038080}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{70C5FCDA-2F33-422E-9E49-229C9640374E}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | "{716CB326-B5D1-4265-8769-6FE753B5D0F1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{76BE4BD2-845E-4993-8474-76AD79A0D038}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\garrysmod\hl2.exe | "{77A2AB2E-3C30-4FF8-8A89-9358E236917C}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | "{77A8361E-D047-491F-A6AF-D87735DE7BFF}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | "{7B3D0A5B-3540-4E33-83D1-811BDCECD094}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{7CE8B780-530A-4CFD-B4BE-604C88D003F3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7D88EE8B-F83D-4030-9F98-7B258F538200}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\anno 2070\anno5.exe | "{7EC29657-E394-47F1-B73F-C41BF4192D7F}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\aceallahninja\garrysmod\hl2.exe | "{8057E089-50D4-486A-89B7-3736683D4363}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{80D804B1-55BB-43ED-8849-97A7D8CFC484}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\trialspc\datapack\trialsfmx.exe | "{821C3216-A7BE-40FF-B653-589D08E649AE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\sysobject\update.exe | "{83AF5983-C627-4B2D-BC78-BD82ED2E13FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{84A7DFD3-7608-4D82-96CF-38B8925C9D18}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{87C16D9B-4108-4628-A3A4-E9331F80B8F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{881F3960-4A4D-468B-A0E6-50D09E6B0407}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\waking mars\mars-pc.exe | "{8A9220B1-EA70-4C84-BD92-81DB519733AD}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\payday 2 beta\payday2_win32_release.exe | "{8B7E766E-9A68-49CD-AA98-70542B47AD34}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{8B7F957C-80AD-4CBE-8A15-F4532B2CF11E}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\anno 2070\anno5.exe | "{8BB93BB5-134C-43C5-8C88-295D89020821}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8C1D68B6-9E55-4F49-9BF1-1EE3C0D6AC75}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | "{8DB89DE9-625A-4B61-9878-0706899804C2}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\rogue legacy\roguelegacy.exe | "{8E7EFCCE-9714-4111-9A19-C0DA79196AF9}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steam.exe | "{8F86B282-7374-4CDB-A143-4D778956589B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8FB961AB-93E1-4EBB-98FA-5BDA48C00AA3}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{90324F99-A319-4A97-AF43-3102FF5318C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame european escalation\wargame.exe | "{925B6C53-BE24-408E-9946-D49FAA1FB4B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{92E739A8-A64D-4582-8400-044627E00461}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\darwinia\darwinia.exe | "{955BC8C5-3A8F-496B-909F-07C6E61FC25A}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\wargame airland battle\wargame2.exe | "{9687A2DD-BF87-4DA5-9305-0066F6A4AD89}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | "{97A02FEC-DEE9-4E8E-8884-D273C1D683D7}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | "{97E1B6A2-F3E6-4995-874D-834E31514EF8}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | "{9A1A0DE0-964C-4C6E-88DE-27E30342386A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{9B0347AA-2E2A-4AAD-9140-0CC2282C95B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9B0D6123-FCAE-4E20-B810-555854406B26}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | "{9DDAFFA2-B151-4510-86AB-128B89D9FFF9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{9E88CDFF-C241-428E-A5EC-D2FEF0713667}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\wargame european escalation\wargame.exe | "{9ED0CB93-4173-4516-A6D2-458EFC2B7322}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\command and conquer red alert 3\runme.exe | "{9F6CADBD-0F95-4128-BD92-29597193CC71}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\wargame european escalation\wargame.exe | "{9FE20917-EA16-442A-868B-079CFA80AFBC}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe | "{A0E04494-AB43-44FE-B6D8-3C908116BF32}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\payday 2\payday2_win32_release.exe | "{A1D0DFFD-42A9-47F8-BC2F-05CE3194AB9B}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\garrysmod\hl2.exe | "{A2501FF0-62AC-4125-A690-B0C0680450B7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{A3DDD8EF-099D-4F88-A8AB-3CBCD1D34770}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\alien swarm\srcds.exe | "{A4348775-E60D-448E-9BA4-BF5C2DF43D07}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{A5346A76-5FC3-4016-9E48-2F8785F7D519}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\defcon\defcon.exe | "{A66A6295-9D0D-4A90-91A6-E061D68A1CF3}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{A69F1B58-816A-4751-B5C7-A0C33F9C7537}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | "{A7BBCB8E-D745-48EF-8AFB-E139A14AE3AD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{A90D8542-0597-41DB-BC79-10DD408122C0}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\mountblade warband\mb_warband.exe | "{A96DC2E6-1AAD-42D9-BFD6-CD7DE9D9022C}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\wargame airland battle\wargame2.exe | "{AB11A670-6574-47BB-9D6D-71B05FE5EE00}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe | "{AB78EE20-ACD1-4CF5-8551-F1408D4DB92F}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steam.exe | "{AC30751C-FC6E-400B-9793-8C0AE9E1F2C5}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm | "{ADAE9540-6019-41FD-BC66-E9793A51E257}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | "{AE92285A-E7F0-4004-851A-26BD1E137ED7}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{B185CE75-13B1-43DA-BD78-E9FF404EB6A4}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\rome total war gold\rometw.exe | "{B2848437-19F7-49B1-B904-CF6CE6552660}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\trialspc\datapack\trialsfmx.exe | "{B466F546-AB49-4582-8CA4-2FE54E4B1564}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\rogue legacy\roguelegacy.exe | "{B5BA26EB-DD3B-4E8E-9C49-AD0D3B732E52}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\payday 2\payday2_win32_release.exe | "{B6ACB31C-7667-40A8-B387-8D1B1377492D}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\tropico 4\tropico4.exe | "{B713B5EF-301B-45EF-AAD6-14C2B2519C72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | "{B7F686D1-2385-41E5-A45A-4EFD5B4C4CD7}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\payday 2 beta\payday2_win32_release.exe | "{B83A4F74-576D-40E3-AD90-7F0C91CB7259}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{BBD39D4F-92D3-4535-82E0-2FA2843D7371}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | "{BC16D868-5DB6-42B4-8AEE-E6E1A1518DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{BDE1FF88-E244-492A-829A-96354D8CB8E7}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\darwinia\darwinia.exe | "{BDE2804C-C4C7-4EC2-82A9-5F928E25E3A7}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\the binding of isaac\isaac.exe | "{BEDFF3EC-B72E-49A4-BCA9-9A336BC0CA3F}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{BFC12E5E-5248-4DB6-8BCF-F42548395C54}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\garrysmod\hl2.exe | "{C108191F-B0E0-4C60-99B0-90CC58322E08}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{C1B94DEB-CBFD-4819-88B9-15D7492DC183}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{C2741E61-9FEE-4AF6-9D7A-FAFA04F66366}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\age of empires 3\bin\age3x.exe | "{C5075136-B5CA-4847-9FAA-F57C5DC3B469}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{C55F21E6-F154-46F0-BF91-7538F00AADE9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C6218FCB-C5C4-48DD-A68E-5FE5FBCA89A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe | "{C78174B7-B877-48A7-BAED-97F24B57ED68}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\uplink\uplink.exe | "{C7DD8A23-AF74-4F89-A845-2B4C8619C9E1}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\age of empires 3\bin\age3y.exe | "{C87C3CF1-4A47-4099-9E06-3EFD94BDEF66}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\multiwinia\multiwinia.exe | "{C965A928-4091-495C-9F18-C32773717393}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{C97D7D14-C088-4163-B97B-972D68043C7C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{C9EE0C7A-6E37-447C-A15B-D2AEAF577D23}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm | "{CADF2CAE-1194-47F3-85CC-51D26ADAC994}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{CD55F5CF-E59C-4CED-9C06-D524F2C55642}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\prison architect\prison architect.exe | "{CF2B76A4-80BB-42A0-BE2D-A4EC5EC5A8A7}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe | "{CF346A96-F706-4644-90E9-7DC2021F0AAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CFC0F141-AB96-40A8-9CB6-C046F0082A2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{D0C81769-10E2-4742-9E6B-EF6478AB25D9}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{D0F6B01B-EB43-43A9-BF7A-EE6DE9B5459F}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{D130FD41-D61B-4F2D-8F89-295AFFA48BA7}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe | "{D3232DA7-C739-4623-8861-D6B08446D109}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\the walking dead\walkingdead101.exe | "{D37CEA98-47FC-410F-9EA7-B91F1C28637A}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\aceallahninja\garrysmod\hl2.exe | "{D4078D2F-166C-4C32-826E-63CA08DEDBE7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{D4F3E1D5-32DD-4F71-B965-098F9E5CFC19}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{D7396632-72E7-43A0-A2A1-C2B6D9A580E2}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{D76806CE-E244-42C5-AF5A-15F9EF30B58B}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe | "{D8F8BB84-7593-430A-A4AC-B000C5CEB8F8}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\prison architect\prison architect.exe | "{D98BCF6D-EDAD-4FC4-80DA-8C7048EEA9CD}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\defcon\defcon.exe | "{DB1AB935-3B33-4208-8C3E-5F51EF79EBD7}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4 beta\bf4.exe | "{DC013E7B-678A-487A-AFA2-3324ACDEFEAE}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{DD9160B3-7B1A-4ED3-AD21-82DE3E96F4A3}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\the binding of isaac\isaac.exe | "{DDBB4295-A3FC-4E6F-9155-4A4C06D0D8ED}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{DDBE2D78-27CA-481D-9A4C-17E93C71F7BE}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{E0DD6D96-E940-4D11-9FB0-31C1CF7FB626}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E17531AF-B455-4062-A02D-D9F84C71FBA2}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | "{E31CEB48-79F6-4E8A-A576-EF0570D9DC39}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{E66EDCC4-2AC1-4E9A-A999-616D134E0EB1}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\napoleon total war\napoleon.exe | "{E709B903-A68C-41A9-9E4E-BBE27DCA8E18}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\just cause 2\justcause2.exe | "{E786E11D-6AB6-45B5-87EE-7F4908B9C9FA}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\trialspc\datapack\trialsfmx.exe | "{E7D1D413-D9F9-495C-992F-D9A2E32420CB}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe | "{E8ABE944-CE25-420F-AAFF-8157D64EC270}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{E8F2726D-725F-466A-8E51-726DDA76D9CE}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\shank 2\bin\shank2.exe | "{E928D003-2000-41DF-B3EB-41F6BDC94FB3}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{EAD6E590-86A4-4A65-8CAE-1B69EE971F4A}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{EAE4E89A-9E1E-4AAF-BF6C-3ED06A11F589}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe | "{ECA19D4E-04E5-4DBB-98AA-00F8D47ACE7D}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{ED8D569B-C753-4C50-B86D-747691FEAA30}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\call of duty black ops ii\t6sp.exe | "{EDCF68E1-2181-431F-9ECF-565CA6F506FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{EF64F08A-82F3-466B-A7BC-390EE7A5934A}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{F01A771E-03B4-471B-BC00-F11DDD9E5465}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\nba2k13\nba2k13.exe | "{F021615C-A412-4ED7-949C-A36F19786FA0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F121BDDD-C772-47C2-AA1B-5700268C5BC4}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\prison architect\prison architect.exe | "{F248D2BA-CB89-4862-8FAB-06F2F5F79E60}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\just cause 2\justcause2.exe | "{F25DD6BB-134C-43AB-920C-BC8B5E6EEB37}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{F2799932-D409-4B1F-A867-1A6FB27CD9A8}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\mountblade warband\mb_warband.exe | "{F35B742D-6575-41C5-828F-C270AE8C7A39}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{F3619BAC-B505-4682-8CDA-520F01A2EFBF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F55F1B65-38AB-4C83-8386-4A36793C3DCA}" = protocol=6 | dir=out | app=system | "{F5F880F7-7E97-4D63-AAB8-5A2A2ECE4498}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{F62A841F-28AC-40D0-8E32-26449C2E1002}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\wargame airland battle\wargame2.exe | "{F701323B-86BB-4826-8A60-9EC2BE39E7FA}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\chivalry_ded_server\binaries\win32\udk.exe | "{F73E9D43-F2AD-44FB-9B2B-A04391E1DD1E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\sysobject\update.exe | "{F8F902B1-9A3C-415E-8E25-9BA4C4FE13DB}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | "{FDF33D27-6FAF-4391-BCFF-26439E679DBF}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\napoleon total war\napoleon.exe | "{FEC97970-DD6A-4F84-9DF9-AD5725F07757}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | "TCP Query User{19180BED-A016-4847-9E7F-00934BDFD7B7}C:\program files (x86)\steam\steamapps\aceallahninja\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\aceallahninja\team fortress 2\hl2.exe | "TCP Query User{54742444-C725-41FF-93E2-41D2FE986272}C:\users\admin\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "TCP Query User{696C2990-AECD-4C09-A5B0-1FAD86448A6E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{4D6E51DA-1398-4270-815D-11360C468251}C:\program files (x86)\steam\steamapps\aceallahninja\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\aceallahninja\team fortress 2\hl2.exe | "UDP Query User{770A6ECA-7A75-421D-AD5D-7123BE62D0C9}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{DEA9F50E-E229-41AF-815B-87B9FAF64D66}C:\users\admin\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)"{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Internet Security 2012"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{710D4D91-1924-4A6B-8659-9CDE02DC7207}" = HP Deskjet 3050A J611 series Product Improvement Study"{72EF03F5-0507-4861-9A44-D99FD4C41418}" = Paint.NET v3.5.11"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{A535111D-95C8-487F-869E-CE4C239972D2}" = iTunes"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.58"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.58"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.58"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6.1"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.58"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 8.3.14"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.5"{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.1"{BF9FD124-1112-4C8D-8F79-779A11C6287D}" = Logitech GamePanel Software 3.05.151"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64"{EE45F85E-ED91-11E2-9CD7-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)"{F17E4000-ED91-11E2-B3BD-F04DA23A5C58}" = MSVCRT Redists"{FB555BCF-9202-4886-9203-88C9A210D727}" = HP Deskjet 3050A J611 series Basic Device Software"Bitdefender" = Bitdefender Internet Security 2012"C-Media Oxygen HD Audio Driver" = ASUS Xonar DG Audio Driver"NVIDIA Drivers" = NVIDIA Drivers"Office14.PROPLUS" = Microsoft Office Professional Plus 2010"Pyware 3D v7" = Pyware 3D v7"TeamSpeak 3 Client" = TeamSpeak 3 Client"WinRAR archiver" = WinRAR 4.11 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam"{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin"{24E34264-D483-477C-A9A0-4E53F69834CF}" = Façade"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater"{2EF34761-F147-4984-8AF1-BB9F8DA76CDD}_is1" = Star wars Battlefront II version 1.3"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT"{42B1BDFC-9AF7-42C4-BC3C-EAED79D4DBEB}" = SmartMusic"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0722.1"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9"{53466613-9260-4814-AE66-7F3A3FA978D3}" = Livestream for Producers"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker"{5D13804A-67B7-49DA-9B15-65B70A83B9C3}" = Python 2.7 pygame-1.9.1"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform"{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}" = Vegas Pro 11.0"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.7.0"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3"{99A016E1-0840-43AE-8434-A18CEDFA833B}" = LogMeIn Hamachi"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials"{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}" = Python 2.7.3"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common"{CFAB3721-549D-4827-A4E8-7F90192114AB}" = Battlefield 4™ Beta"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common"{DB93E2C2-851F-44B2-B09C-351D2C624AE1}" = Camtasia Studio 8"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E362724E-9320-4946-AF34-874E7B6B2927}" = System Requirements Lab CYRI"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1" = Ezvid"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery"{FC9F924E-9472-45F1-980D-8267E47AA054}" = Poke"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 12.0"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15"ASIO4ALL" = ASIO4ALL"Audacity_is1" = Audacity 2.0"Cheat Engine 6.2_is1" = Cheat Engine 6.2"DAEMON Tools Lite" = DAEMON Tools Lite"Desura" = Desura"Dishonored_is1" = Dishonored"DivX Setup" = DivX Setup"Dxtory2.0_is1" = Dxtory version 2.0.122"ESN Sonar-0.70.4" = ESN Sonar"EVE" = EVE Online (remove only)"Fallout New Vegas_is1" = Fallout New Vegas"Faster Than Light_is1" = Faster Than Light"FL Studio 10" = FL Studio 10"Fraps" = Fraps (remove only)"HP Photo Creations" = HP Photo Creations"IL Download Manager" = IL Download Manager"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0722.1"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X"KLiteCodecPack_is1" = K-Lite Codec Pack 10.0.0 Full"League of Legends 3.0.0" = League of Legends"LogMeIn Hamachi" = LogMeIn Hamachi"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"MTA:SA 1.3" = MTA:SA v1.3.4"MuseScore" = MuseScore 1.3"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver"OpenAL" = OpenAL"OpenTTD" = OpenTTD 1.2.3"Origin" = Origin"Precision" = EVGA Precision 2.0.2"PunkBusterSvc" = PunkBuster Services"Razer Game Booster_is1" = Razer Game Booster"RocketDock_is1" = RocketDock 1.3.5"Rockstar Games Social Club" = Rockstar Games Social Club"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X"SmartMusic 2012c" = SmartMusic 2012c"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1"StarTopia_is1" = StarTopia"Steam App 102840" = Shank 2"Steam App 113200" = The Binding of Isaac"Steam App 1500" = Darwinia"Steam App 1510" = Uplink"Steam App 1520" = DEFCON"Steam App 1530" = Multiwinia"Steam App 200510" = XCOM: Enemy Unknown"Steam App 202970" = Call of Duty: Black Ops II"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer"Steam App 207610" = The Walking Dead"Steam App 209080" = Guns of Icarus Online"Steam App 214560" = Mark of the Ninja"Steam App 215" = Source SDK Base 2006"Steam App 219600" = NBA 2K13"Steam App 219740" = Don't Starve"Steam App 220070" = Chivalry: Medieval Warfare Dedicated Server"Steam App 220160" = Trials Evolution Gold Edition"Steam App 220200" = Kerbal Space Program"Steam App 221380" = Age of Empires II: HD Edition"Steam App 222750" = Wargame: AirLand Battle"Steam App 227200" = Waking Mars"Steam App 233450" = Prison Architect"Steam App 239030" = Papers, Please"Steam App 241600" = Rogue Legacy"Steam App 246210" = PAYDAY 2 Beta"Steam App 4000" = Garry's Mod"Steam App 49520" = Borderlands 2"Steam App 730" = Counter-Strike: Global Offensive"Steam App 8190" = Just Cause 2"Sumotori Dreams" = Sumotori Dreams"Sumotori Full Version" = Sumotori Full Version"Switch" = Switch Sound File Converter"SynthFont_is1" = SynthFont"Uplay" = Uplay"Viena" = Viena"WinLiveSuite" = Windows Live Essentials"Xvid Video Codec 1.3.2" = Xvid Video Codec ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-223215813-1355463031-3474482751-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"0 A.D." = 0 A.D."Bitcoin" = Bitcoin"Dropbox" = Dropbox"Google Chrome" = Google Chrome"Haunt 1.0 64bit" = Haunt 1.0 64bit"UnityWebPlayer" = Unity Web Player ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-223215813-1355463031-3474482751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"0 A.D." = 0 A.D."Bitcoin" = Bitcoin"Dropbox" = Dropbox"Google Chrome" = Google Chrome"Haunt 1.0 64bit" = Haunt 1.0 64bit"UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 11/2/2013 11:39:42 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448, time stamp: 0x4f563b00 Faulting module name: js3260.dll_unloaded, version: 0.0.0.0, time stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x03cfda0c Faulting process id: 0x1fa8 Faulting application start time: 0x01ced7e1bb0e6204 Faulting application path: C:\Program Files (x86)\Common Files\sysobject\update.exe Faulting module path: js3260.dll Report Id: fd1fdd44-43d4-11e3-82d1-50e549d9fe14 Error - 11/2/2013 11:40:17 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448, time stamp: 0x4f563b00 Faulting module name: js3260.dll_unloaded, version: 0.0.0.0, time stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x0423da0c Faulting process id: 0x1db8 Faulting application start time: 0x01ced7e1d136af64 Faulting application path: C:\Program Files (x86)\Common Files\sysobject\update.exe Faulting module path: js3260.dll Report Id: 1283f044-43d5-11e3-82d1-50e549d9fe14 Error - 11/2/2013 11:42:26 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448, time stamp: 0x4f563b00 Faulting module name: js3260.dll_unloaded, version: 0.0.0.0, time stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x04ecda0c Faulting process id: 0x1930 Faulting application start time: 0x01ced7e1e8f1f8d4 Faulting application path: C:\Program Files (x86)\Common Files\sysobject\update.exe Faulting module path: js3260.dll Report Id: 5eefd7a4-43d5-11e3-82d1-50e549d9fe14 Error - 11/2/2013 11:43:04 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448, time stamp: 0x4f563b00 Faulting module name: js3260.dll_unloaded, version: 0.0.0.0, time stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x0465da0c Faulting process id: 0x704 Faulting application start time: 0x01ced7e2331ddb44 Faulting application path: C:\Program Files (x86)\Common Files\sysobject\update.exe Faulting module path: js3260.dll Report Id: 75aee6c4-43d5-11e3-82d1-50e549d9fe14 Error - 11/2/2013 11:44:05 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448, time stamp: 0x4f563b00 Faulting module name: js3260.dll_unloaded, version: 0.0.0.0, time stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x03e6da0c Faulting process id: 0x14b8 Faulting application start time: 0x01ced7e24c1eeb24 Faulting application path: C:\Program Files (x86)\Common Files\sysobject\update.exe Faulting module path: js3260.dll Report Id: 99ea6a04-43d5-11e3-82d1-50e549d9fe14 Error - 11/2/2013 11:45:33 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448, time stamp: 0x4f563b00 Faulting module name: js3260.dll_unloaded, version: 0.0.0.0, time stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x042cda0c Faulting process id: 0x74 Faulting application start time: 0x01ced7e26f2c9cc4 Faulting application path: C:\Program Files (x86)\Common Files\sysobject\update.exe Faulting module path: js3260.dll Report Id: ce8bc5b4-43d5-11e3-82d1-50e549d9fe14 Error - 11/2/2013 11:46:54 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448, time stamp: 0x4f563b00 Faulting module name: js3260.dll_unloaded, version: 0.0.0.0, time stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x04f9da0c Faulting process id: 0x17d8 Faulting application start time: 0x01ced7e2a3273124 Faulting application path: C:\Program Files (x86)\Common Files\sysobject\update.exe Faulting module path: js3260.dll Report Id: ff1ca234-43d5-11e3-82d1-50e549d9fe14 Error - 11/2/2013 11:47:35 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448, time stamp: 0x4f563b00 Faulting module name: js3260.dll_unloaded, version: 0.0.0.0, time stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x0409da0c Faulting process id: 0xd34 Faulting application start time: 0x01ced7e2d512bba4 Faulting application path: C:\Program Files (x86)\Common Files\sysobject\update.exe Faulting module path: js3260.dll Report Id: 17561c54-43d6-11e3-82d1-50e549d9fe14 Error - 11/2/2013 11:49:51 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448, time stamp: 0x4f563b00 Faulting module name: js3260.dll_unloaded, version: 0.0.0.0, time stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x040fda0c Faulting process id: 0x19bc Faulting application start time: 0x01ced7e2ed7e4244 Faulting application path: C:\Program Files (x86)\Common Files\sysobject\update.exe Faulting module path: js3260.dll Report Id: 6890c9d4-43d6-11e3-82d1-50e549d9fe14 Error - 11/2/2013 11:50:26 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448, time stamp: 0x4f563b00 Faulting module name: js3260.dll_unloaded, version: 0.0.0.0, time stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x0446da0c Faulting process id: 0x21c Faulting application start time: 0x01ced7e33bbaf204 Faulting application path: C:\Program Files (x86)\Common Files\sysobject\update.exe Faulting module path: js3260.dll Report Id: 7d246d74-43d6-11e3-82d1-50e549d9fe14 [ System Events ]Error - 11/2/2013 11:34:40 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 11/2/2013 11:34:40 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 11/2/2013 11:34:41 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 11/2/2013 11:34:41 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 11/2/2013 11:34:42 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 11/2/2013 11:35:04 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 11/2/2013 11:35:05 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 11/2/2013 11:35:05 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 11/2/2013 11:35:06 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk2\DR2. Error - 11/2/2013 11:35:06 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk2\DR2. < End of report > (The driver errors at the end are interesting, but probably not malware, my USB hub is just really cheap)

OTL.txt: OTL logfile created on: 11/2/2013 3:11:12 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16721)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.98 Gb Total Physical Memory | 5.64 Gb Available Physical Memory | 70.68% Memory free15.96 Gb Paging File | 12.76 Gb Available in Paging File | 79.94% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 465.76 Gb Total Space | 63.43 Gb Free Space | 13.62% Space Free | Partition Type: NTFSDrive D: | 2.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSDrive E: | 10.00 Gb Total Space | 1.90 Gb Free Space | 18.94% Space Free | Partition Type: NTFSDrive F: | 797.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: VICETHAL-X1 | User Name: Admin | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/11/02 15:10:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exePRC - [2013/10/30 15:25:54 | 001,820,584 | ---- | M] (Valve Corporation) -- C:\Users\Admin\Games\Steam\Steam.exePRC - [2013/10/15 16:54:02 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exePRC - [2013/10/06 12:51:37 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exePRC - [2013/10/01 15:51:14 | 002,345,296 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exePRC - [2013/09/18 21:22:28 | 001,164,328 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exePRC - [2013/09/18 14:26:34 | 001,529,944 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Razer Game Booster\main.exePRC - [2013/09/18 12:51:02 | 000,106,472 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exePRC - [2013/08/27 17:16:14 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exePRC - [2013/08/27 17:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exePRC - [2013/08/27 17:15:37 | 001,213,216 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exePRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exePRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2013/02/12 22:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exePRC - [2012/11/27 18:31:34 | 000,899,584 | ---- | M] () -- C:\Program Files\Logitech\GamePanel Software\Applets\SkypetoLCD\S2L.exePRC - [2012/04/25 09:27:00 | 001,328,976 | ---- | M] (Comfort Software Group) -- C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exePRC - [2012/03/06 10:26:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Common Files\sysobject\update.exePRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exePRC - [2011/05/12 16:50:03 | 001,990,656 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exePRC - [2011/01/31 02:40:00 | 000,355,432 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exePRC - [2010/11/20 23:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exePRC - [2008/07/11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exePRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe ========== Modules (No Company Name) ========== MOD - [2013/10/30 15:25:56 | 001,123,240 | ---- | M] () -- C:\Users\Admin\Games\Steam\bin\chromehtml.dllMOD - [2013/10/30 15:25:56 | 000,121,256 | ---- | M] () -- C:\Users\Admin\Games\Steam\bin\audio.dllMOD - [2013/10/24 13:45:32 | 000,691,200 | ---- | M] () -- C:\Users\Admin\Games\Steam\SDL2.dllMOD - [2013/10/23 16:07:26 | 020,625,832 | ---- | M] () -- C:\Users\Admin\Games\Steam\bin\libcef.dllMOD - [2013/10/14 00:17:10 | 003,191,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.28b9ef5a#\3a13993425764c96b2686f8205e34f4e\System.Web.Extensions.ni.dllMOD - [2013/10/14 00:15:24 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\72843576b9bfad66be46d6eb445b76fa\System.Xml.Linq.ni.dllMOD - [2013/10/13 12:06:36 | 013,320,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\51c959815de499d10456ec684abf02bf\System.Web.ni.dllMOD - [2013/10/13 12:06:25 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\5b44a8db5b70143f27fb695b5f72930d\System.Runtime.Remoting.ni.dllMOD - [2013/10/13 12:06:22 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c5db04fde4893300ff28045ce4f7567d\System.Windows.Forms.ni.dllMOD - [2013/10/13 12:06:21 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\18e76c3868d682a7c065bccd142eeec1\WindowsBase.ni.dllMOD - [2013/10/13 12:06:18 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d913e7d0b1d32187e0c234f8a1a581fc\System.Core.ni.dllMOD - [2013/10/13 12:06:16 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\be5f0f2e208bbb3c647acfbc33434251\System.Runtime.Serialization.ni.dllMOD - [2013/10/13 12:06:14 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\edb27e2c25837f79902054965d6813cd\System.Configuration.ni.dllMOD - [2013/10/02 06:36:07 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\d187afdee972b70222b76bd6aed1f742\PresentationFramework-SystemXml.ni.dllMOD - [2013/10/02 06:36:07 | 000,013,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\9010845c58c17f145b3e39c2d28c4869\PresentationFramework-SystemXmlLinq.ni.dllMOD - [2013/10/02 06:34:56 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\f16e993b7058b005bbf273007fadf95b\UIAutomationTypes.ni.dllMOD - [2013/10/02 06:23:18 | 001,920,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\2e7b344eb30202c336687f3230940cb2\Microsoft.VisualBasic.ni.dllMOD - [2013/10/02 06:23:17 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\cceaf9d7891fc325a90473aa9a661661\System.Drawing.ni.dllMOD - [2013/10/02 06:22:20 | 018,545,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\775d60de39c6f0b49f1640c4e6c8de09\PresentationFramework.ni.dllMOD - [2013/10/02 06:22:09 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f4fff5d6e716c439b944025d3994170d\System.Xaml.ni.dllMOD - [2013/10/02 06:22:04 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8e3d6080e8eaaaf28389f3742ff9acdd\PresentationCore.ni.dllMOD - [2013/10/02 06:22:04 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7dd4cd3e4768d2aa55af60c838790088\PresentationFramework.Aero.ni.dllMOD - [2013/10/02 06:21:58 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\82d58d49946f82eb56bae40f3b097784\System.Xml.ni.dllMOD - [2013/10/02 06:21:57 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\72227d58a04b80252053352dead3b9a3\System.ServiceModel.Internals.ni.dllMOD - [2013/10/02 06:21:57 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\176ea254700896ee68956986b947ea9b\SMDiagnostics.ni.dllMOD - [2013/10/02 06:21:52 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ac79b74f022d9a096de2b884f4249543\System.ni.dllMOD - [2013/10/02 06:20:01 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\20a513f26ee88412303b36dc8c8f7533\System.Management.ni.dllMOD - [2013/10/02 06:19:45 | 001,614,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\65c71372e0cecdd46e984739a283f98c\Microsoft.CSharp.ni.dllMOD - [2013/10/02 06:19:45 | 000,389,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\3fd353d6d6c1c4a0a76efe390265f128\System.Dynamic.ni.dllMOD - [2013/10/02 06:19:29 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf2ecabcd96ec8238dc385b0a3ffa084\mscorlib.ni.dllMOD - [2013/08/11 09:44:10 | 000,458,752 | ---- | M] () -- C:\Program Files (x86)\Common Files\sysobject\js3260.dllMOD - [2013/06/14 19:49:16 | 000,153,088 | ---- | M] () -- C:\Users\Admin\Games\Steam\bin\mssvoice.asiMOD - [2013/06/14 19:49:16 | 000,071,680 | ---- | M] () -- C:\Users\Admin\Games\Steam\bin\mssmp3.asiMOD - [2013/06/14 19:49:12 | 001,100,800 | ---- | M] () -- C:\Users\Admin\Games\Steam\bin\avcodec-53.dllMOD - [2013/06/14 19:49:12 | 000,192,000 | ---- | M] () -- C:\Users\Admin\Games\Steam\bin\avformat-53.dllMOD - [2013/06/14 19:49:12 | 000,124,416 | ---- | M] () -- C:\Users\Admin\Games\Steam\bin\avutil-51.dllMOD - [2013/03/18 14:53:52 | 007,477,262 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Game Booster\avcodec-54.dllMOD - [2013/03/18 14:53:52 | 001,191,950 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Game Booster\avformat-54.dllMOD - [2013/03/18 14:53:52 | 000,333,326 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Game Booster\swscale-2.dllMOD - [2013/03/18 14:53:48 | 000,156,174 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Game Booster\keutil-51.dllMOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Dropbox\bin\libcef.dllMOD - [2013/02/12 22:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dllMOD - [2013/02/12 22:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exeMOD - [2012/11/27 18:31:34 | 000,899,584 | ---- | M] () -- C:\Program Files\Logitech\GamePanel Software\Applets\SkypetoLCD\S2L.exeMOD - [2012/11/20 16:13:44 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Game Booster\D3DX8Wrapper.dllMOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dllMOD - [2012/05/04 21:50:32 | 008,797,856 | ---- | M] () -- C:\Program Files (x86)\Common Files\sysobject\plugins\NPSWF32_11_2_202_235.dllMOD - [2012/03/06 10:26:50 | 001,014,744 | ---- | M] () -- C:\Program Files (x86)\Common Files\sysobject\js3250.dllMOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2011/04/19 14:56:58 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dllMOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODFMOD - [2011/01/31 02:40:00 | 000,355,432 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exeMOD - [2011/01/18 02:17:50 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\RTMUI.dllMOD - [2011/01/18 02:17:46 | 000,270,336 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\RTHAL.dllMOD - [2011/01/18 02:17:32 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\RTCore.dllMOD - [2011/01/18 02:17:20 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\RTUI.dllMOD - [2011/01/18 02:17:12 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\RTFC.dllMOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dllMOD - [2010/07/27 16:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\RTTSH.dllMOD - [2008/07/11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exeMOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exeMOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/08/27 17:17:13 | 014,997,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2012/12/12 19:00:30 | 001,957,912 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)SRV:64bit: - [2012/08/28 16:13:59 | 000,067,904 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)SRV:64bit: - [2011/10/14 23:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)SRV - [2013/10/18 09:44:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/10/15 16:54:02 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)SRV - [2013/10/06 12:51:37 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)SRV - [2013/10/01 15:51:14 | 002,746,704 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)SRV - [2013/09/21 14:35:00 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2013/09/18 21:22:28 | 001,164,328 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)SRV - [2013/09/18 12:51:02 | 000,106,472 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe -- (RzKLService)SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013/08/27 17:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2012/10/27 22:32:01 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2012/05/24 14:32:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/08/20 09:33:40 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)DRV:64bit: - [2013/06/16 08:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2013/03/30 02:44:32 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/12/12 19:01:06 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)DRV:64bit: - [2012/12/12 19:00:35 | 000,705,552 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)DRV:64bit: - [2012/12/12 19:00:32 | 000,587,024 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)DRV:64bit: - [2012/08/28 16:13:54 | 000,093,160 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/07/26 10:01:28 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)DRV:64bit: - [2012/04/17 08:25:02 | 000,031,432 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)DRV:64bit: - [2012/01/18 02:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)DRV:64bit: - [2011/11/17 17:38:34 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)DRV:64bit: - [2011/11/14 20:16:38 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)DRV:64bit: - [2011/10/27 15:07:05 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)DRV:64bit: - [2011/08/16 14:59:12 | 000,442,088 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)DRV:64bit: - [2011/08/02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/03/10 03:44:16 | 002,725,376 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)DRV:64bit: - [2011/01/10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/08/12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)DRV:64bit: - [2010/01/19 19:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)DRV - [2012/11/23 09:54:12 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)DRV - [2012/05/01 06:30:20 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)DRV - [2012/04/30 20:55:17 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)DRV - [2011/01/31 02:39:58 | 000,014,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64)DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usIE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 13 CA B3 44 26 CD 01 [binary data]IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SRIE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\..\SearchScopes\{2C8E2F11-D998-41BC-A35E-2A56C96AD791}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\..\SearchScopes\{41763978-E4EA-4aa4-8268-3A22D0041EB7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLHIE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\..\SearchScopes\{949B4ABF-0920-40d1-AD4B-101C3ACB70D2}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\..\SearchScopes\{D2069F25-015F-4a3d-A252-BBBA4B1B4A56}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSVIE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usIE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 13 CA B3 44 26 CD 01 [binary data]IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SRIE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\..\SearchScopes\{2C8E2F11-D998-41BC-A35E-2A56C96AD791}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\..\SearchScopes\{41763978-E4EA-4aa4-8268-3A22D0041EB7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLHIE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\..\SearchScopes\{949B4ABF-0920-40d1-AD4B-101C3ACB70D2}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\..\SearchScopes\{D2069F25-015F-4a3d-A252-BBBA4B1B4A56}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSVIE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: File not foundFF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2012/06/01 06:47:28 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/08/25 16:45:56 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/06/01 06:47:28 | 000,000,000 | ---D | M] [2013/10/28 18:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},CHR - Extension: Google Drive = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: Google Drive = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag\1.0.0.271_0\CHR - Extension: AdBlock = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\CHR - Extension: AdBlock = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_1\CHR - Extension: AdBlock = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.11_0\CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmffdimoneaieldiddcmajhbjijmnggi\0.5.0_0\CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifallpipodahhpbnemkhiddofdkhlekg\0.0.4_0\CHR - Extension: Google Wallet = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/07/16 05:41:11 | 000,000,926 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 65.52.240.48O1 - Hosts: 127.0.0.1 activation.cloud.techsmith.comO2:64bit: - BHO: (Privacy Safeguard BHO) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivacySafeguard)O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O4:64bit: - HKLM..\Run: [bDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)O4 - HKLM..\Run: [TaskMngr] C:\Program Files (x86)\Common Files\sysobject\data.js ()O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1000..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1000..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1000..\Run: [steam] C:\Users\Admin\Games\Steam\steam.exe (Valve Corporation)O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1006..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1006..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1006..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1006..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1006..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1006..\Run: [steam] C:\Users\Admin\Games\Steam\steam.exe (Valve Corporation)O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1006..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()O4 - HKU\.DEFAULT..\RunOnce: [{90140000-0011-0000-1000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)O4 - HKU\.DEFAULT..\RunOnce: [{90140000-001A-0409-1000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)O4 - HKU\S-1-5-18..\RunOnce: [{90140000-0011-0000-1000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)O4 - HKU\S-1-5-18..\RunOnce: [{90140000-001A-0409-1000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O7 - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FA290AD-847F-4E26-9BBA-9294834D65BE}: DhcpNameServer = 69.78.96.14 66.174.95.44O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BD70F33-5868-467D-9F98-715B97CEED64}: DhcpNameServer = 192.168.2.1O18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\ms-help - No CLSID value foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O32 - AutoRun File - [2013/09/18 18:38:24 | 000,016,747 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]O32 - AutoRun File - [2004/04/30 21:01:00 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ NTFS ]O33 - MountPoints2\F\Shell - "" = AutoRunO33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exeO34 - HKLM BootExecute: ("autocheck autochk *")O34 - HKLM BootExecute: (t侐ʰⶐጚ)O34 - HKLM BootExecute: (ጢ愠ދ읐Dz)O34 - HKLM BootExecute: ("`")O34 - HKLM BootExecute: (茹ࢉҰ)O34 - HKLM BootExecute: (x bytes in each allocation unit.)O34 - HKLM BootExecute: (l)O34 - HKLM BootExecute: (.)O34 - HKLM BootExecute: (⛑ᑠҰ)O34 - HKLM BootExecute: (M)O34 - HKLM BootExecute: (SYSTEM\BDSandBox\Admin\machine\SYSTEM\ControlSet001\Control\SecurityProviders)O34 - HKLM BootExecute: (ጱጱጱጱ)O34 - HKLM BootExecute: (潩䙮昙ࡈጱ)O34 - HKLM BootExecute: (ᴘጔ)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/11/02 15:10:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe[2013/11/01 15:30:22 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2013/11/01 15:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader[2013/11/01 15:13:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/10/28 18:47:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla[2013/10/24 14:56:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes[2013/10/24 14:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/10/24 14:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/10/24 14:56:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013/10/24 14:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2013/10/22 09:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle[2013/10/22 09:01:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java[2013/10/22 08:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java[2013/10/18 16:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3[2013/10/18 16:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All[2013/10/18 16:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MTA San Andreas 1.3[2013/10/18 09:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo![2013/10/18 09:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo![2013/10/17 10:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xpadder_gamepad_profiler[2013/10/17 09:53:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Joy2Key[2013/10/17 09:48:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\GTA San Andreas User Files[2013/10/11 03:17:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM[2013/10/11 03:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek[2013/10/11 03:17:09 | 002,102,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll[2013/10/11 03:17:07 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll[2013/10/11 03:17:07 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll[2013/10/11 03:17:07 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll[2013/10/11 03:17:07 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll[2013/10/11 03:16:50 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll[2013/10/11 03:16:50 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll[2013/10/11 03:16:50 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll[2013/10/11 03:16:49 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll[2013/10/11 03:16:46 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll[2013/10/11 03:16:45 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll[2013/10/11 03:15:42 | 002,032,408 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll[2013/10/11 03:15:38 | 000,910,104 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll[2013/10/11 03:15:36 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll[2013/10/11 03:15:14 | 002,734,624 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll[2013/10/11 03:15:01 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll[2013/10/09 21:05:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek[2013/10/09 20:38:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Battlefield 4 Beta[2013/10/09 20:18:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\Valley[2013/10/06 13:27:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Battlefield 4[2013/10/06 12:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4™ Beta[2013/10/04 15:49:01 | 000,000,000 | ---D | C] -- C:\Riot Games[2013/10/04 15:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends[2013/10/04 15:47:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\PMB Files[2013/10/04 15:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files[2013/10/04 15:47:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks[2013/10/04 15:46:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Riot Games[2013/10/04 06:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes[2013/10/04 06:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2013/10/04 06:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2013/10/04 06:52:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes[2013/10/04 06:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/11/02 15:10:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe[2013/11/02 15:01:00 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job[2013/11/02 14:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/11/02 14:19:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-223215813-1355463031-3474482751-1000UA.job[2013/11/02 14:19:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/11/02 11:19:09 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/11/02 11:19:09 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/11/02 11:12:20 | 000,001,954 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk[2013/11/02 11:11:55 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/11/02 11:11:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/11/02 11:10:59 | 2133,692,415 | -HS- | M] () -- C:\hiberfil.sys[2013/11/01 15:14:29 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-223215813-1355463031-3474482751-1000Core.job[2013/10/29 19:52:50 | 000,799,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/10/29 19:52:50 | 000,674,766 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/10/29 19:52:50 | 000,126,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/10/24 14:56:45 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk[2013/10/18 16:19:44 | 000,002,080 | ---- | M] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk[2013/10/18 10:30:24 | 000,002,367 | ---- | M] () -- C:\Users\Admin\Desktop\Google Chrome.lnk[2013/10/18 05:14:39 | 000,000,000 | ---- | M] () -- C:\Cookies[2013/10/15 20:48:05 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll[2013/10/15 20:48:05 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll[2013/10/15 20:48:05 | 000,023,287 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb[2013/10/13 17:42:29 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr[2013/10/13 17:42:29 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe[2013/10/13 17:42:20 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0[2013/10/13 12:14:27 | 000,452,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/10/13 12:05:41 | 000,791,496 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2013/10/11 16:44:14 | 120,921,426 | ---- | M] () -- C:\Users\Admin\Documents\OFFICIAL50SUBS.mp4[2013/10/11 16:36:11 | 000,105,616 | ---- | M] () -- C:\Users\Admin\Documents\OFFICIAL50SUBS.veg[2013/10/09 20:26:51 | 000,002,756 | ---- | M] () -- C:\Users\Admin\Unigine_Valley_Benchmark_1.0_20131009_2026.html[2013/10/09 20:17:59 | 001,065,984 | ---- | M] () -- C:\Users\Admin\AppData\Local\file__0.localstorage[2013/10/08 15:14:15 | 003,398,914 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin[2013/10/06 13:41:05 | 000,001,307 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk[2013/10/06 12:52:44 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk[2013/10/06 12:51:37 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe[2013/10/04 15:49:01 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk[2013/10/04 06:52:51 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/10/24 14:56:45 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk[2013/10/18 16:19:44 | 000,002,080 | ---- | C] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk[2013/10/18 05:14:39 | 000,000,000 | ---- | C] () -- C:\Cookies[2013/10/11 16:11:23 | 120,921,426 | ---- | C] () -- C:\Users\Admin\Documents\OFFICIAL50SUBS.mp4[2013/10/11 06:35:30 | 000,105,616 | ---- | C] () -- C:\Users\Admin\Documents\OFFICIAL50SUBS.veg[2013/10/11 03:16:46 | 000,449,481 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT[2013/10/09 20:26:51 | 000,002,756 | ---- | C] () -- C:\Users\Admin\Unigine_Valley_Benchmark_1.0_20131009_2026.html[2013/10/09 20:17:44 | 001,065,984 | ---- | C] () -- C:\Users\Admin\AppData\Local\file__0.localstorage[2013/10/06 13:41:05 | 000,001,307 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk[2013/10/06 12:52:44 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk[2013/10/04 15:49:01 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk[2013/10/04 06:52:51 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk[2013/09/06 15:34:08 | 000,081,920 | ---- | C] () -- C:\Windows\portaudio.dll[2013/09/01 16:28:22 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll[2013/09/01 16:28:21 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll[2013/09/01 16:02:03 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll[2013/07/15 23:07:55 | 001,229,097 | ---- | C] () -- C:\Windows\unins000.exe[2013/07/15 23:07:55 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll[2013/07/15 23:07:55 | 000,076,336 | ---- | C] () -- C:\Windows\unins000.dat[2013/01/24 20:52:40 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Local\PUTTY.RND[2013/01/21 13:57:10 | 000,007,601 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg[2012/11/10 21:24:32 | 000,000,258 | RHS- | C] () -- C:\Users\Admin\ntuser.pol[2012/10/15 22:00:20 | 000,000,992 | ---- | C] () -- C:\Windows\wininit.ini[2012/08/01 00:06:39 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat[2012/07/05 13:08:00 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini[2012/07/04 10:21:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol[2012/07/04 09:53:09 | 000,380,928 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll[2012/06/29 16:22:01 | 000,009,728 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2012/06/24 12:24:16 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe[2012/06/05 07:02:00 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini[2012/06/01 06:48:19 | 000,195,798 | ---- | C] () -- C:\ProgramData\1338547561.bdinstall.bin[2012/06/01 06:31:59 | 000,022,637 | ---- | C] () -- C:\ProgramData\1338546713.bdinstall.bin[2012/06/01 06:31:37 | 000,156,897 | ---- | C] () -- C:\ProgramData\1338546611.bdinstall.bin[2012/05/21 06:18:41 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe[2012/05/21 06:18:39 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe[2012/05/21 06:18:39 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe[2012/05/17 04:59:04 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll[2012/05/11 02:06:20 | 000,187,612 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat[2012/05/10 22:33:30 | 000,207,322 | ---- | C] () -- C:\ProgramData\1336702994.bdinstall.bin[2012/05/10 22:21:54 | 000,810,277 | ---- | C] () -- C:\Users\Admin\AppData\Local\census.cache[2012/05/10 22:21:46 | 000,092,410 | ---- | C] () -- C:\Users\Admin\AppData\Local\ars.cache[2012/05/10 22:02:40 | 000,000,036 | ---- | C] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache[2012/05/07 00:10:29 | 000,791,496 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2012/05/03 21:12:56 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini[2012/04/29 16:06:35 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini[2012/04/29 16:06:34 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe[2012/04/29 16:06:31 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll[2012/04/29 16:06:25 | 000,084,914 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl[2012/04/29 16:06:06 | 000,000,880 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi[2012/04/29 16:06:03 | 000,005,060 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg[2012/04/29 15:52:59 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys[2012/04/29 15:38:12 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/03/12 12:55:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.minecraft[2013/01/23 00:34:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.mono[2013/01/24 04:02:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.techniclauncher[2012/12/16 14:04:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\0ad[2013/03/07 06:51:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\2K Sports[2013/08/10 21:40:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\3909[2013/06/06 15:50:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\3909 LLC[2012/05/24 06:44:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Amazon[2013/09/01 15:59:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AMozilla[2012/04/29 16:06:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ASUS[2013/11/02 15:04:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Audacity[2012/09/16 20:11:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Awesomium[2013/10/30 07:05:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Azureus[2013/07/13 02:51:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bioshock[2012/09/02 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bitcoin[2012/06/01 06:47:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bitdefender[2013/08/15 11:00:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite[2013/11/02 11:13:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox[2012/11/24 06:08:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Fatshark[2013/09/15 01:51:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ftblauncher[2012/05/14 01:31:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Image-Line[2012/08/09 01:28:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\iolo[2012/05/06 00:29:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Kalypso Media[2012/08/03 07:14:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech[2012/12/23 00:44:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Little Inferno[2013/03/06 15:49:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MakeMusic[2012/04/29 21:45:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mount&Blade Warband[2012/05/06 02:16:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mount&Blade With Fire and Sword[2013/06/06 22:02:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mumble[2012/05/07 06:27:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MusE[2012/07/05 06:29:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Swift Sound[2013/08/27 20:19:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Origin[2012/09/02 14:55:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\poclbm[2012/12/28 22:05:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Publish Providers[2012/05/10 22:23:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan[2012/07/05 13:08:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Red Alert 3[2012/05/10 22:01:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Reviversoft[2013/10/04 15:47:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Riot Games[2013/07/22 05:37:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Rogue Legacy[2012/07/09 11:00:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\six-updater[2012/07/09 10:03:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\six-zsync[2012/06/26 06:42:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SoftGrid Client[2013/08/16 05:16:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony[2013/08/16 08:14:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony Creative Software Inc[2012/08/20 14:52:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SPORE[2012/06/29 18:27:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SynthFont[2012/08/03 21:15:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SynthMaker[2012/07/22 12:31:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\System[2012/11/04 22:20:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SystemRequirementsLab[2013/07/16 05:51:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TechSmith[2012/06/19 00:25:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\The Creative Assembly[2012/06/26 05:29:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TP[2013/06/18 09:55:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Tropico 4[2013/07/09 03:22:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client[2012/09/07 05:24:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft[2013/08/22 00:35:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Unity[2012/08/15 13:02:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wargaming.net[2012/07/22 12:32:29 | 000,000,000 | -HSD | M] -- C:\Users\Admin\AppData\Roaming\wyUpdate AU[2012/07/04 10:22:16 | 000,000,000 | ---D | M] -- C:\Users\Mcx1-VICETHAL-X1\AppData\Roaming\Bitdefender[2012/07/04 10:22:19 | 000,000,000 | ---D | M] -- C:\Users\Mcx1-VICETHAL-X1\AppData\Roaming\dll-files.com[2012/07/04 10:23:00 | 000,000,000 | ---D | M] -- C:\Users\Mcx1-VICETHAL-X1\AppData\Roaming\Reviversoft ========== Purity Check ========== < End of report >

Though the software you gave me seems to have deleted many unnecessary files, the problem is still recurring. Also, I never had firefox installed in the first place, as my browser of choice is Chrome. I booted up my PC this morning and when I came back from the kitchen, there were upwards of 15 firefox error boxes stacked on top of one another.

1. Uninstalled Vuze 2. JRT log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.7 (10.15.2013:3)OS: Windows 7 Home Premium x64Ran by Admin on Fri 11/01/2013 at 15:13:33.95~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonicSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settingsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.comSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweakSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"Successfully deleted: [Folder] "C:\ProgramData\premium"Successfully deleted: [Folder] "C:\ProgramData\splashtop"Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\splashtop"Successfully deleted: [Folder] "C:\Users\Admin\appdata\locallow\boost_interprocess"Successfully deleted: [Folder] "C:\Program Files (x86)\free offers from freeze.com"Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\privacy safeguard"Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ Chrome Successfully deleted: [Folder] C:\Users\Admin\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmiedaSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 11/01/2013 at 15:23:25.13End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3. ADWcleaner log: # AdwCleaner v3.010 - Report created 01/11/2013 at 15:31:32# Updated 20/10/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Admin - VICETHAL-X1# Running from : C:\Users\Admin\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Deleted : HKLM\Software\PIP ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Google Chrome v [ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1547 octets] - [01/11/2013 15:30:32]AdwCleaner[s0].txt - [1474 octets] - [01/11/2013 15:31:32] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1534 octets] ########## 4. MBAM log: Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2013.11.01.05 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16721Admin :: VICETHAL-X1 [administrator] Protection: Enabled 11/1/2013 3:40:52 PMmbam-log-2013-11-01 (15-40-52).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 258309Time elapsed: 6 minute(s), 49 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) ----------------------- Sorry for attaching the files in the OP; I misread the instructions in the help topic. Thank you for the quick and polite support, I want to purchase the full version of MBAM when the trial has expired, it is a good product

There is, what I believe to be, a malicious program masquerading as firefox on my PC. I do not have any Mozilla product currently installed. The nature of the problem is sometimes, my fullscreen application will minimize and the window in focus will switch to an error message: . This only happens sometimes, seemingly at random, but when it does happen it will occur 10-20 times in a 30 minute period. Most of the time my PC runs without issues for hours on end. The error message also occurs when not running a fullscreen application, and likewise stays on top of whatever window I am currently viewing. Malwarebytes nor Bitdefender seem to be able to identify the problem, and browsing the Internet yielded no results. I tried to locate update.exe_Firefox and js3260.dll_unloaded myself, but could not find the files mentioned in the error report. Any help would be greatly appreciated. attach.txt dds.txt