Jump to content

update.exe_Firefox


CVac

Recommended Posts

There is, what I believe to be, a malicious program masquerading as firefox on my PC. I do not have any Mozilla product currently installed. The nature of the problem is sometimes, my fullscreen application will minimize and the window in focus will switch to an error message: post-147582-0-63164800-1383215829_thumb.. This only happens sometimes, seemingly at random, but when it does happen it will occur 10-20 times in a 30 minute period. Most of the time my PC runs without issues for hours on end. The error message also occurs when not running a fullscreen application, and likewise stays on top of whatever window I am currently viewing. 

 

Malwarebytes nor Bitdefender seem to be able to identify the problem, and browsing the Internet yielded no results. I tried to locate update.exe_Firefox and js3260.dll_unloaded myself, but could not find the files mentioned in the error report. Any help would be greatly appreciated.

attach.txt

dds.txt

Link to post
Share on other sites

Hello CVac! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall this application: Vuze

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Step 3

    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Clean.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[s1].txt as well.
    Step 4
    • Launch Malwarebytes' Anti-Malware
    • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
    • Go to Scanner tab and select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

    In your next reply, post the following log files:

    • Junkware Removal Tool log
    • AdwCleaner log
    • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

1. Uninstalled Vuze

2. JRT log: 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Admin on Fri 11/01/2013 at 15:13:33.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\ProgramData\splashtop"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\splashtop"
Successfully deleted: [Folder] "C:\Users\Admin\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files (x86)\free offers from freeze.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\privacy safeguard"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Admin\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/01/2013 at 15:23:25.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
3. ADWcleaner log:
 
# AdwCleaner v3.010 - Report created 01/11/2013 at 15:31:32
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin - VICETHAL-X1
# Running from : C:\Users\Admin\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\Software\PIP
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1547 octets] - [01/11/2013 15:30:32]
AdwCleaner[s0].txt - [1474 octets] - [01/11/2013 15:31:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1534 octets] ##########
 
4. MBAM log:
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.01.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Admin :: VICETHAL-X1 [administrator]
 
Protection: Enabled
 
11/1/2013 3:40:52 PM
mbam-log-2013-11-01 (15-40-52).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258309
Time elapsed: 6 minute(s), 49 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
-----------------------
 

Sorry for attaching the files in the OP; I misread the instructions in the help topic.

Thank you for the quick and polite support, I want to purchase the full version of MBAM when the trial has expired, it is a good product  :)

Link to post
Share on other sites

Though the software you gave me seems to have deleted many unnecessary files, the problem is still recurring. Also, I never had firefox installed in the first place, as my browser of choice is Chrome. I booted up my PC this morning and when I came back from the kitchen, there were upwards of 15 firefox error boxes stacked on top of one another. :(

Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

OTL.txt: 

 

OTL logfile created on: 11/2/2013 3:11:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 5.64 Gb Available Physical Memory | 70.68% Memory free
15.96 Gb Paging File | 12.76 Gb Available in Paging File | 79.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 63.43 Gb Free Space | 13.62% Space Free | Partition Type: NTFS
Drive D: | 2.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 10.00 Gb Total Space | 1.90 Gb Free Space | 18.94% Space Free | Partition Type: NTFS
Drive F: | 797.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: VICETHAL-X1 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/11/02 15:10:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2013/10/30 15:25:54 | 001,820,584 | ---- | M] (Valve Corporation) -- C:\Users\Admin\Games\Steam\Steam.exe
PRC - [2013/10/15 16:54:02 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/10/06 12:51:37 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/10/01 15:51:14 | 002,345,296 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/09/18 21:22:28 | 001,164,328 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2013/09/18 14:26:34 | 001,529,944 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Razer Game Booster\main.exe
PRC - [2013/09/18 12:51:02 | 000,106,472 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
PRC - [2013/08/27 17:16:14 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/08/27 17:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/08/27 17:15:37 | 001,213,216 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/12 22:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/11/27 18:31:34 | 000,899,584 | ---- | M] () -- C:\Program Files\Logitech\GamePanel Software\Applets\SkypetoLCD\S2L.exe
PRC - [2012/04/25 09:27:00 | 001,328,976 | ---- | M] (Comfort Software Group) -- C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
PRC - [2012/03/06 10:26:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Common Files\sysobject\update.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/05/12 16:50:03 | 001,990,656 | ---- | M] (CMedia) -- C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
PRC - [2011/01/31 02:40:00 | 000,355,432 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
PRC - [2010/11/20 23:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2008/07/11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/30 15:25:56 | 001,123,240 | ---- | M] () -- C:\Users\Admin\Games\Steam\bin\chromehtml.dll
MOD - [2013/10/30 15:25:56 | 000,121,256 | ---- | M] () -- C:\Users\Admin\Games\Steam\bin\audio.dll
MOD - [2013/10/24 13:45:32 | 000,691,200 | ---- | M] () -- C:\Users\Admin\Games\Steam\SDL2.dll
MOD - [2013/10/23 16:07:26 | 020,625,832 | ---- | M] () -- C:\Users\Admin\Games\Steam\bin\libcef.dll
MOD - [2013/10/14 00:17:10 | 003,191,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.28b9ef5a#\3a13993425764c96b2686f8205e34f4e\System.Web.Extensions.ni.dll
MOD - [2013/10/14 00:15:24 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\72843576b9bfad66be46d6eb445b76fa\System.Xml.Linq.ni.dll
MOD - [2013/10/13 12:06:36 | 013,320,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\51c959815de499d10456ec684abf02bf\System.Web.ni.dll
MOD - [2013/10/13 12:06:25 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\5b44a8db5b70143f27fb695b5f72930d\System.Runtime.Remoting.ni.dll
MOD - [2013/10/13 12:06:22 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c5db04fde4893300ff28045ce4f7567d\System.Windows.Forms.ni.dll
MOD - [2013/10/13 12:06:21 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\18e76c3868d682a7c065bccd142eeec1\WindowsBase.ni.dll
MOD - [2013/10/13 12:06:18 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d913e7d0b1d32187e0c234f8a1a581fc\System.Core.ni.dll
MOD - [2013/10/13 12:06:16 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\be5f0f2e208bbb3c647acfbc33434251\System.Runtime.Serialization.ni.dll
MOD - [2013/10/13 12:06:14 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\edb27e2c25837f79902054965d6813cd\System.Configuration.ni.dll
MOD - [2013/10/02 06:36:07 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\d187afdee972b70222b76bd6aed1f742\PresentationFramework-SystemXml.ni.dll
MOD - [2013/10/02 06:36:07 | 000,013,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\9010845c58c17f145b3e39c2d28c4869\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2013/10/02 06:34:56 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\f16e993b7058b005bbf273007fadf95b\UIAutomationTypes.ni.dll
MOD - [2013/10/02 06:23:18 | 001,920,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\2e7b344eb30202c336687f3230940cb2\Microsoft.VisualBasic.ni.dll
MOD - [2013/10/02 06:23:17 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\cceaf9d7891fc325a90473aa9a661661\System.Drawing.ni.dll
MOD - [2013/10/02 06:22:20 | 018,545,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\775d60de39c6f0b49f1640c4e6c8de09\PresentationFramework.ni.dll
MOD - [2013/10/02 06:22:09 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f4fff5d6e716c439b944025d3994170d\System.Xaml.ni.dll
MOD - [2013/10/02 06:22:04 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8e3d6080e8eaaaf28389f3742ff9acdd\PresentationCore.ni.dll
MOD - [2013/10/02 06:22:04 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7dd4cd3e4768d2aa55af60c838790088\PresentationFramework.Aero.ni.dll
MOD - [2013/10/02 06:21:58 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\82d58d49946f82eb56bae40f3b097784\System.Xml.ni.dll
MOD - [2013/10/02 06:21:57 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\72227d58a04b80252053352dead3b9a3\System.ServiceModel.Internals.ni.dll
MOD - [2013/10/02 06:21:57 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\176ea254700896ee68956986b947ea9b\SMDiagnostics.ni.dll
MOD - [2013/10/02 06:21:52 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ac79b74f022d9a096de2b884f4249543\System.ni.dll
MOD - [2013/10/02 06:20:01 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\20a513f26ee88412303b36dc8c8f7533\System.Management.ni.dll
MOD - [2013/10/02 06:19:45 | 001,614,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\65c71372e0cecdd46e984739a283f98c\Microsoft.CSharp.ni.dll
MOD - [2013/10/02 06:19:45 | 000,389,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\3fd353d6d6c1c4a0a76efe390265f128\System.Dynamic.ni.dll
MOD - [2013/10/02 06:19:29 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf2ecabcd96ec8238dc385b0a3ffa084\mscorlib.ni.dll
MOD - [2013/08/11 09:44:10 | 000,458,752 | ---- | M] () -- C:\Program Files (x86)\Common Files\sysobject\js3260.dll
MOD - [2013/06/14 19:49:16 | 000,153,088 | ---- | M] () -- C:\Users\Admin\Games\Steam\bin\mssvoice.asi
MOD - [2013/06/14 19:49:16 | 000,071,680 | ---- | M] () -- C:\Users\Admin\Games\Steam\bin\mssmp3.asi
MOD - [2013/06/14 19:49:12 | 001,100,800 | ---- | M] () -- C:\Users\Admin\Games\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 19:49:12 | 000,192,000 | ---- | M] () -- C:\Users\Admin\Games\Steam\bin\avformat-53.dll
MOD - [2013/06/14 19:49:12 | 000,124,416 | ---- | M] () -- C:\Users\Admin\Games\Steam\bin\avutil-51.dll
MOD - [2013/03/18 14:53:52 | 007,477,262 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Game Booster\avcodec-54.dll
MOD - [2013/03/18 14:53:52 | 001,191,950 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Game Booster\avformat-54.dll
MOD - [2013/03/18 14:53:52 | 000,333,326 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Game Booster\swscale-2.dll
MOD - [2013/03/18 14:53:48 | 000,156,174 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Game Booster\keutil-51.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/02/12 22:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/12 22:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/11/27 18:31:34 | 000,899,584 | ---- | M] () -- C:\Program Files\Logitech\GamePanel Software\Applets\SkypetoLCD\S2L.exe
MOD - [2012/11/20 16:13:44 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Game Booster\D3DX8Wrapper.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/05/04 21:50:32 | 008,797,856 | ---- | M] () -- C:\Program Files (x86)\Common Files\sysobject\plugins\NPSWF32_11_2_202_235.dll
MOD - [2012/03/06 10:26:50 | 001,014,744 | ---- | M] () -- C:\Program Files (x86)\Common Files\sysobject\js3250.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/19 14:56:58 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/01/31 02:40:00 | 000,355,432 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
MOD - [2011/01/18 02:17:50 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\RTMUI.dll
MOD - [2011/01/18 02:17:46 | 000,270,336 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\RTHAL.dll
MOD - [2011/01/18 02:17:32 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\RTCore.dll
MOD - [2011/01/18 02:17:20 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\RTUI.dll
MOD - [2011/01/18 02:17:12 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\RTFC.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/07/27 16:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\RTTSH.dll
MOD - [2008/07/11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/08/27 17:17:13 | 014,997,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/12 19:00:30 | 001,957,912 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV:64bit: - [2012/08/28 16:13:59 | 000,067,904 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2011/10/14 23:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2013/10/18 09:44:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/15 16:54:02 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/10/06 12:51:37 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/10/01 15:51:14 | 002,746,704 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/09/21 14:35:00 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/18 21:22:28 | 001,164,328 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2013/09/18 12:51:02 | 000,106,472 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe -- (RzKLService)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/27 17:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/27 22:32:01 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/05/24 14:32:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/08/20 09:33:40 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/06/16 08:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/30 02:44:32 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/12 19:01:06 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012/12/12 19:00:35 | 000,705,552 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2012/12/12 19:00:32 | 000,587,024 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2012/08/28 16:13:54 | 000,093,160 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/26 10:01:28 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV:64bit: - [2012/04/17 08:25:02 | 000,031,432 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 02:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/11/17 17:38:34 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
DRV:64bit: - [2011/11/14 20:16:38 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/10/27 15:07:05 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2011/08/16 14:59:12 | 000,442,088 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011/08/02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 03:44:16 | 002,725,376 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2011/01/10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/08/12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/01/19 19:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012/11/23 09:54:12 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/05/01 06:30:20 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012/04/30 20:55:17 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2011/01/31 02:39:58 | 000,014,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 13 CA B3 44 26 CD 01  [binary data]
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\..\SearchScopes\{2C8E2F11-D998-41BC-A35E-2A56C96AD791}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\..\SearchScopes\{41763978-E4EA-4aa4-8268-3A22D0041EB7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\..\SearchScopes\{949B4ABF-0920-40d1-AD4B-101C3ACB70D2}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\..\SearchScopes\{D2069F25-015F-4a3d-A252-BBBA4B1B4A56}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 13 CA B3 44 26 CD 01  [binary data]
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\..\SearchScopes\{2C8E2F11-D998-41BC-A35E-2A56C96AD791}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\..\SearchScopes\{41763978-E4EA-4aa4-8268-3A22D0041EB7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\..\SearchScopes\{949B4ABF-0920-40d1-AD4B-101C3ACB70D2}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\..\SearchScopes\{D2069F25-015F-4a3d-A252-BBBA4B1B4A56}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4:  File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2012/06/01 06:47:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/08/25 16:45:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/06/01 06:47:28 | 000,000,000 | ---D | M]
 
[2013/10/28 18:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Drive = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Drive = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag\1.0.0.271_0\
CHR - Extension: AdBlock = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: AdBlock = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_1\
CHR - Extension: AdBlock = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.11_0\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmffdimoneaieldiddcmajhbjijmnggi\0.5.0_0\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifallpipodahhpbnemkhiddofdkhlekg\0.0.4_0\
CHR - Extension: Google Wallet = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: No name found = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/07/16 05:41:11 | 000,000,926 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1                   65.52.240.48
O1 - Hosts: 127.0.0.1                   activation.cloud.techsmith.com
O2:64bit: - BHO: (Privacy Safeguard BHO) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivacySafeguard)
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [bDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [TaskMngr] C:\Program Files (x86)\Common Files\sysobject\data.js ()
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1000..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)
O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1000..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1000..\Run: [steam] C:\Users\Admin\Games\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1006..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1006..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)
O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1006..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1006..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1006..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1006..\Run: [steam] C:\Users\Admin\Games\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1006..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [{90140000-0011-0000-1000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [{90140000-001A-0409-1000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [{90140000-0011-0000-1000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [{90140000-001A-0409-1000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-223215813-1355463031-3474482751-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-223215813-1355463031-3474482751-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-223215813-1355463031-3474482751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FA290AD-847F-4E26-9BBA-9294834D65BE}: DhcpNameServer = 69.78.96.14 66.174.95.44
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BD70F33-5868-467D-9F98-715B97CEED64}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/09/18 18:38:24 | 000,016,747 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 21:01:00 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: ("autocheck autochk *")
O34 - HKLM BootExecute: (t侐ʰⶐጚ)
O34 - HKLM BootExecute: (ጢ愠ދ읐Dz)
O34 - HKLM BootExecute: ("`")
O34 - HKLM BootExecute: (茹ࢉҰ)
O34 - HKLM BootExecute: (x bytes in each allocation unit.)
O34 - HKLM BootExecute: (l)
O34 - HKLM BootExecute: (.)
O34 - HKLM BootExecute: (⛑ᑠҰ)
O34 - HKLM BootExecute: (M)
O34 - HKLM BootExecute: (SYSTEM\BDSandBox\Admin\machine\SYSTEM\ControlSet001\Control\SecurityProviders)
O34 - HKLM BootExecute: (ጱጱጱጱ)
O34 - HKLM BootExecute: (潩䙮昙ࡈጱ)
O34 - HKLM BootExecute: (ᴘጔ)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/02 15:10:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2013/11/01 15:30:22 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/01 15:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2013/11/01 15:13:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/28 18:47:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2013/10/24 14:56:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2013/10/24 14:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/24 14:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/24 14:56:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/24 14:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/22 09:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/22 09:01:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/22 08:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/18 16:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTA San Andreas 1.3
[2013/10/18 16:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All
[2013/10/18 16:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MTA San Andreas 1.3
[2013/10/18 09:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/10/18 09:40:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/10/17 10:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xpadder_gamepad_profiler
[2013/10/17 09:53:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Joy2Key
[2013/10/17 09:48:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\GTA San Andreas User Files
[2013/10/11 03:17:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013/10/11 03:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/10/11 03:17:09 | 002,102,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013/10/11 03:17:07 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013/10/11 03:17:07 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013/10/11 03:17:07 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013/10/11 03:17:07 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013/10/11 03:16:50 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013/10/11 03:16:50 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013/10/11 03:16:50 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013/10/11 03:16:49 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013/10/11 03:16:46 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013/10/11 03:16:45 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013/10/11 03:15:42 | 002,032,408 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2013/10/11 03:15:38 | 000,910,104 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013/10/11 03:15:36 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013/10/11 03:15:14 | 002,734,624 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013/10/11 03:15:01 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013/10/09 21:05:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/10/09 20:38:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Battlefield 4 Beta
[2013/10/09 20:18:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\Valley
[2013/10/06 13:27:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Battlefield 4
[2013/10/06 12:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4™ Beta
[2013/10/04 15:49:01 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013/10/04 15:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2013/10/04 15:47:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\PMB Files
[2013/10/04 15:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/10/04 15:47:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/10/04 15:46:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Riot Games
[2013/10/04 06:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/04 06:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/04 06:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/04 06:52:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/10/04 06:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/02 15:10:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2013/11/02 15:01:00 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2013/11/02 14:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/02 14:19:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-223215813-1355463031-3474482751-1000UA.job
[2013/11/02 14:19:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/02 11:19:09 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/02 11:19:09 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/02 11:12:20 | 000,001,954 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk
[2013/11/02 11:11:55 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/02 11:11:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/02 11:10:59 | 2133,692,415 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/01 15:14:29 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-223215813-1355463031-3474482751-1000Core.job
[2013/10/29 19:52:50 | 000,799,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/29 19:52:50 | 000,674,766 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/29 19:52:50 | 000,126,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/24 14:56:45 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2013/10/18 16:19:44 | 000,002,080 | ---- | M] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
[2013/10/18 10:30:24 | 000,002,367 | ---- | M] () -- C:\Users\Admin\Desktop\Google Chrome.lnk
[2013/10/18 05:14:39 | 000,000,000 | ---- | M] () -- C:\Cookies
[2013/10/15 20:48:05 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013/10/15 20:48:05 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013/10/15 20:48:05 | 000,023,287 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/10/13 17:42:29 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/10/13 17:42:29 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/10/13 17:42:20 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/10/13 12:14:27 | 000,452,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/13 12:05:41 | 000,791,496 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/11 16:44:14 | 120,921,426 | ---- | M] () -- C:\Users\Admin\Documents\OFFICIAL50SUBS.mp4
[2013/10/11 16:36:11 | 000,105,616 | ---- | M] () -- C:\Users\Admin\Documents\OFFICIAL50SUBS.veg
[2013/10/09 20:26:51 | 000,002,756 | ---- | M] () -- C:\Users\Admin\Unigine_Valley_Benchmark_1.0_20131009_2026.html
[2013/10/09 20:17:59 | 001,065,984 | ---- | M] () -- C:\Users\Admin\AppData\Local\file__0.localstorage
[2013/10/08 15:14:15 | 003,398,914 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/10/06 13:41:05 | 000,001,307 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013/10/06 12:52:44 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk
[2013/10/06 12:51:37 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/10/04 15:49:01 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/10/04 06:52:51 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/10/24 14:56:45 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2013/10/18 16:19:44 | 000,002,080 | ---- | C] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
[2013/10/18 05:14:39 | 000,000,000 | ---- | C] () -- C:\Cookies
[2013/10/11 16:11:23 | 120,921,426 | ---- | C] () -- C:\Users\Admin\Documents\OFFICIAL50SUBS.mp4
[2013/10/11 06:35:30 | 000,105,616 | ---- | C] () -- C:\Users\Admin\Documents\OFFICIAL50SUBS.veg
[2013/10/11 03:16:46 | 000,449,481 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013/10/09 20:26:51 | 000,002,756 | ---- | C] () -- C:\Users\Admin\Unigine_Valley_Benchmark_1.0_20131009_2026.html
[2013/10/09 20:17:44 | 001,065,984 | ---- | C] () -- C:\Users\Admin\AppData\Local\file__0.localstorage
[2013/10/06 13:41:05 | 000,001,307 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013/10/06 12:52:44 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk
[2013/10/04 15:49:01 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/10/04 06:52:51 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/06 15:34:08 | 000,081,920 | ---- | C] () -- C:\Windows\portaudio.dll
[2013/09/01 16:28:22 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/09/01 16:28:21 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/09/01 16:02:03 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/07/15 23:07:55 | 001,229,097 | ---- | C] () -- C:\Windows\unins000.exe
[2013/07/15 23:07:55 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2013/07/15 23:07:55 | 000,076,336 | ---- | C] () -- C:\Windows\unins000.dat
[2013/01/24 20:52:40 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Local\PUTTY.RND
[2013/01/21 13:57:10 | 000,007,601 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2012/11/10 21:24:32 | 000,000,258 | RHS- | C] () -- C:\Users\Admin\ntuser.pol
[2012/10/15 22:00:20 | 000,000,992 | ---- | C] () -- C:\Windows\wininit.ini
[2012/08/01 00:06:39 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2012/07/05 13:08:00 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2012/07/04 10:21:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/07/04 09:53:09 | 000,380,928 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012/06/29 16:22:01 | 000,009,728 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/24 12:24:16 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012/06/05 07:02:00 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/06/01 06:48:19 | 000,195,798 | ---- | C] () -- C:\ProgramData\1338547561.bdinstall.bin
[2012/06/01 06:31:59 | 000,022,637 | ---- | C] () -- C:\ProgramData\1338546713.bdinstall.bin
[2012/06/01 06:31:37 | 000,156,897 | ---- | C] () -- C:\ProgramData\1338546611.bdinstall.bin
[2012/05/21 06:18:41 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/05/21 06:18:39 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/05/21 06:18:39 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/17 04:59:04 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/05/11 02:06:20 | 000,187,612 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/05/10 22:33:30 | 000,207,322 | ---- | C] () -- C:\ProgramData\1336702994.bdinstall.bin
[2012/05/10 22:21:54 | 000,810,277 | ---- | C] () -- C:\Users\Admin\AppData\Local\census.cache
[2012/05/10 22:21:46 | 000,092,410 | ---- | C] () -- C:\Users\Admin\AppData\Local\ars.cache
[2012/05/10 22:02:40 | 000,000,036 | ---- | C] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2012/05/07 00:10:29 | 000,791,496 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/03 21:12:56 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2012/04/29 16:06:35 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2012/04/29 16:06:34 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2012/04/29 16:06:31 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2012/04/29 16:06:25 | 000,084,914 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2012/04/29 16:06:06 | 000,000,880 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2012/04/29 16:06:03 | 000,005,060 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2012/04/29 15:52:59 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/04/29 15:38:12 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/12 12:55:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.minecraft
[2013/01/23 00:34:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.mono
[2013/01/24 04:02:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.techniclauncher
[2012/12/16 14:04:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\0ad
[2013/03/07 06:51:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\2K Sports
[2013/08/10 21:40:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\3909
[2013/06/06 15:50:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\3909 LLC
[2012/05/24 06:44:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Amazon
[2013/09/01 15:59:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AMozilla
[2012/04/29 16:06:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ASUS
[2013/11/02 15:04:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Audacity
[2012/09/16 20:11:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Awesomium
[2013/10/30 07:05:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Azureus
[2013/07/13 02:51:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bioshock
[2012/09/02 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bitcoin
[2012/06/01 06:47:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bitdefender
[2013/08/15 11:00:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2013/11/02 11:13:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox
[2012/11/24 06:08:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Fatshark
[2013/09/15 01:51:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ftblauncher
[2012/05/14 01:31:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Image-Line
[2012/08/09 01:28:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\iolo
[2012/05/06 00:29:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Kalypso Media
[2012/08/03 07:14:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2012/12/23 00:44:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Little Inferno
[2013/03/06 15:49:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MakeMusic
[2012/04/29 21:45:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mount&Blade Warband
[2012/05/06 02:16:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mount&Blade With Fire and Sword
[2013/06/06 22:02:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mumble
[2012/05/07 06:27:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MusE
[2012/07/05 06:29:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Swift Sound
[2013/08/27 20:19:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Origin
[2012/09/02 14:55:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\poclbm
[2012/12/28 22:05:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Publish Providers
[2012/05/10 22:23:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan
[2012/07/05 13:08:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Red Alert 3
[2012/05/10 22:01:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Reviversoft
[2013/10/04 15:47:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Riot Games
[2013/07/22 05:37:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Rogue Legacy
[2012/07/09 11:00:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\six-updater
[2012/07/09 10:03:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\six-zsync
[2012/06/26 06:42:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SoftGrid Client
[2013/08/16 05:16:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony
[2013/08/16 08:14:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony Creative Software Inc
[2012/08/20 14:52:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SPORE
[2012/06/29 18:27:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SynthFont
[2012/08/03 21:15:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SynthMaker
[2012/07/22 12:31:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\System
[2012/11/04 22:20:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SystemRequirementsLab
[2013/07/16 05:51:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TechSmith
[2012/06/19 00:25:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\The Creative Assembly
[2012/06/26 05:29:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TP
[2013/06/18 09:55:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Tropico 4
[2013/07/09 03:22:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2012/09/07 05:24:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft
[2013/08/22 00:35:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Unity
[2012/08/15 13:02:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wargaming.net
[2012/07/22 12:32:29 | 000,000,000 | -HSD | M] -- C:\Users\Admin\AppData\Roaming\wyUpdate AU
[2012/07/04 10:22:16 | 000,000,000 | ---D | M] -- C:\Users\Mcx1-VICETHAL-X1\AppData\Roaming\Bitdefender
[2012/07/04 10:22:19 | 000,000,000 | ---D | M] -- C:\Users\Mcx1-VICETHAL-X1\AppData\Roaming\dll-files.com
[2012/07/04 10:23:00 | 000,000,000 | ---D | M] -- C:\Users\Mcx1-VICETHAL-X1\AppData\Roaming\Reviversoft
 
========== Purity Check ==========
 
 
 
< End of report >
Link to post
Share on other sites

Extras.txt:
 
OTL Extras logfile created on: 11/2/2013 3:11:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 5.64 Gb Available Physical Memory | 70.68% Memory free
15.96 Gb Paging File | 12.76 Gb Available in Paging File | 79.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 63.43 Gb Free Space | 13.62% Space Free | Partition Type: NTFS
Drive D: | 2.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 10.00 Gb Total Space | 1.90 Gb Free Space | 18.94% Space Free | Partition Type: NTFS
Drive F: | 797.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: VICETHAL-X1 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C89F58-6D23-4F62-A250-3FE2EE321CBF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{061EF0FD-1CA9-4397-A6D2-F2DC50143CE4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{09ACF7EE-4E71-4D7D-AF0C-3A056E7B67ED}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{1093747A-1AE3-491C-A865-9975F1AE8765}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{19D08D32-A459-45ED-848C-7FCB741A5A8C}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{1AF60F20-C404-4E5B-B1DC-87FF5C847EBE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1F0C51DB-79D5-4CDF-9BE3-D257E3A01BBE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{21F3D806-742F-4EDA-A3AE-4015DC29918F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{33C0C320-BD2A-4881-A7E9-6287E81D36D7}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{3AA2A232-6898-4D88-B847-5F493EF365E2}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{3CC189E1-7343-4498-BEA4-DCD0005014FA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{3FB812F9-F8B3-49B4-9263-10DF7D7E34EB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{415BC376-31FA-492A-8FD4-83FBCE66757D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4EE49CCA-CD2C-45D3-A9A8-69D9C10B82BD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{50CBE249-79F1-4779-9C6A-23F147214E79}" = lport=445 | protocol=6 | dir=in | app=system | 
"{537240F1-8DC3-4716-902D-6745133F1E7E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{542D5963-3910-4534-8259-B5BE9F9488B5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{54F8A74E-A917-43AE-B1BB-47D3B0799C35}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{55029334-8529-49FA-8C29-9204F7EF8C20}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{556DE56C-4BFD-44E7-9DE9-C37DE5B51F00}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5A82DF1E-715A-4345-A43A-C7A29DE10FFD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5AABD941-1C76-4018-B7E2-26641F8CD949}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5B8440C6-D25D-4DBA-B46C-67990C2EFA1C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5D0BE7A5-D5F8-407B-A7D3-62E7CB5F30D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5D3CFCF0-4C83-4674-9022-F2A9C7AE6937}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5D7C9B37-D93B-4991-A094-E30691606DD7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{65F66495-ECC5-4383-9E38-C80D200BAB1F}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{695C15F9-059B-4B0F-B36F-BAF8013E9A86}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{72058272-76B7-4D27-BA63-1C4E4A0663E4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{74E53A24-EC6D-4B3B-AFD6-33BC158E3954}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{76FB30AD-1FC0-4643-900C-6B971D71EADF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{77C0E79B-68AF-4874-8C9F-31B743FC4CFA}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{7A578C80-8823-4F41-9E6D-E725FE5F9B14}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7BE4B269-D213-41A3-938E-4270ABBD8628}" = lport=7777 | protocol=17 | dir=in | name=terraria host 2 | 
"{7C198D57-7B28-4CD1-80F4-4F1B97F3DF34}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{8022C3A6-CFFA-46DE-BD00-17F64533BB7E}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{8428B0C6-1302-4267-BC16-CBCCEB2ACCB3}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{85A8F0FF-9145-4069-86C0-69CED2AC29B5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{89B6825D-56C0-47FF-9528-96100DC851FC}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{8E325F89-F485-48D9-98EA-4B7E8954F724}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{93C54C33-39F2-406F-B732-BF2D832D0D09}" = lport=138 | protocol=17 | dir=in | app=system | 
"{942095FC-CEDC-4142-ABEC-A1E0A3D5889E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{95D1EBA1-7387-4210-B986-29BE5D4A53ED}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{96E48C62-49C7-485D-BE73-8E81F36B6B38}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9724B16D-8347-4FD5-B38A-D628DD4FB964}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A1516180-EB41-4101-B0B3-89A739385282}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ADDF436F-DA60-4F85-9F75-AB2890666A42}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{B010840B-225F-4EE2-81F1-B2017B2EFFDC}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B18BA20F-3F45-4F97-8253-1483061B08ED}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{BC3BB215-D127-4656-AB22-3A1827B7C39B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BDE162E6-59FE-4683-87EB-DE3913DBC1BB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C043BC7F-E01B-4630-BEA5-2EBFF92EF4DC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C8BA3C41-3DE9-4E71-8D5D-008E5EC9DBD9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C90C31F9-4C98-4DA1-89D4-9491978B0F23}" = lport=7777 | protocol=6 | dir=in | name=terraria host 1 | 
"{CE4F4312-5B7C-4C96-BE96-B450A6295607}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CEBD40F8-0620-4937-813E-A51C1189F9EF}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{D450229B-DD6E-487B-B9BA-8BD5C83F8C6D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{D5441A05-B01C-4009-8C3A-6B191C4E489F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DD113650-AA16-41D7-B0A6-345A87F03F24}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E64FB772-6165-4581-9E0C-AA04C0C29104}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{EB50CCD6-379C-4E5B-90AE-CF82262B4839}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{F0A134AF-5133-4078-8555-C8A89415117B}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{FECDE0F3-658C-4215-ADF8-055F5651CBC0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{FF39632B-6647-4F76-8C9F-6B27C6F08FDA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FF660E60-AB8E-41BE-9574-5EC0BCC0A13A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A75B23-C2AB-4F27-9905-EF1E68076B28}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\the walking dead\walkingdead101.exe | 
"{02F156A6-94FA-43F1-BB36-D5DC73564CA8}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\papersplease\papersplease.exe | 
"{034549ED-4F54-4458-9FF5-25D94F095BB8}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{06F07DF8-A324-4488-8292-F3C4A4A4DF68}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{07C81D60-365A-4E86-A70B-52522B315078}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{07FDDB3A-FA29-45C9-B83A-1DECD567FF9B}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\terraria\terraria.exe | 
"{08BA5FDF-C201-4B3E-8CC6-A867B7193D1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{094DF0C9-BE7E-4DCB-BA6C-707667181694}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\terraria\terraria.exe | 
"{09C2618C-A778-4081-A401-E353F824B7CD}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{0A0DA4A4-D811-4DD0-9936-E88C08452441}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{0B31FE82-4EBA-4A44-909A-ABD5D27D6CDC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{0C154038-B8B0-4303-B994-25C53EEACB53}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\kerbal space program\ksp.exe | 
"{0D234A14-B9C6-45EF-B73F-35C7B71DC4EC}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\prison architect\prison architect.exe | 
"{0D6C5C70-39FE-4434-AD3E-AC6EB630F326}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{0DECD88A-FC0C-4709-BA6F-5632C1DE34CF}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\age of empires 3\bin\age3y.exe | 
"{0F70EAA1-94B5-4A24-B8B6-00688B4C0C58}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{102B1516-DD2D-43D5-B64B-B73A96E609AD}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\endless space\endlessspace.exe | 
"{10D7AD3D-5329-4BE3-93C6-4D8EEF45CC6B}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{11FBE5D8-13AB-456E-A28A-3C750A20A24C}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\rome total war gold\rometw-bi.exe | 
"{1211AD83-A9F2-4967-B851-20E9ABDDB5A6}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{12D4002A-943B-46F5-B777-10A52C3383B0}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\kerbal space program\ksp.exe | 
"{1302200A-1041-4B87-9B37-53E4D468B1A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{133976A7-E734-49BB-AD64-F2E59DE6A065}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{13A61C74-7DEB-459F-BCF4-B2E236A0C3C9}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\waking mars\mars-pc.exe | 
"{14DF9EA4-5626-4C97-945E-09BCD9828F5A}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{150C5025-35AF-441B-A163-F48E0AD91870}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{1597DDF7-88A2-4268-ADB3-2C39A32B947C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{15BAF268-9180-440D-9117-0DD83C9E47A7}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\payday 2\payday2_win32_release.exe | 
"{1603C0D1-9E84-49D3-B8D7-1735CF169AF8}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{162D3F07-3103-460E-8433-CFCA4E9AC2B7}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{16603FC2-1754-4235-8EF2-8BFE706700EA}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\age2hd\launcher.exe | 
"{17012380-627E-49CC-BA95-9EC52BEB866B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{17882798-6F3D-46DF-9707-9778F19276A6}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\terraria\terraria.exe | 
"{1A9D5CEA-4447-4C7C-BBE6-C405FBA17BB6}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\endless space\endlessspace.exe | 
"{1CBD1082-A82C-47D4-A178-E4F83F2F26DC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{1DB84257-8866-4159-890E-E53B48BF54D2}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\multiwinia\multiwinia.exe | 
"{1DCEAC2A-C49A-4BF3-942E-C0AC2A53CA6A}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\garrysmod\hl2.exe | 
"{1FA69652-42A3-4348-90CD-561C5BA6F420}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{225B8EB7-5A86-4456-B499-5C8B95F466FB}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\chivalry_ded_server\binaries\win32\udk.exe | 
"{2288C556-7E18-4272-9483-EC88BE27B86A}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\rome total war gold\rometw-bi.exe | 
"{22E7B23E-B887-40E6-B023-D54ECE56E02D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{2336B040-7F9D-41E4-ABA6-A5E24F049C4A}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\dota 2 beta\dota.exe | 
"{244B5E26-6A30-45B8-B2BB-AAA17D109924}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{251466DF-3B36-443A-8EB6-AECEFD397F54}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{2522755A-707C-40DD-AC2C-00B190139D6A}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\papersplease\papersplease.exe | 
"{257BF2B8-D6FB-41B8-A3CF-674DC7AF7F11}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\team fortress 2\hl2.exe | 
"{258C86C7-DC2C-4B82-9EBE-A54A573CCDB5}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\command and conquer red alert 3\runme.exe | 
"{2603C52A-EB1B-473B-9DFB-5C178E22E4F3}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{2A4CF06A-128A-4E1A-9BCC-8C4621A4F826}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2AEB3CAA-1E37-466C-AD99-D54F007CF61D}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{2CBAC3A5-A46C-4A17-8192-08D363B96F88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{31B9D0EE-B13B-4FC2-861F-5D22AB8129B1}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{31EDABF5-0175-4D9D-9435-73DF3BA9EC66}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{343AABF6-51F6-4619-AD72-4EA53E571609}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\payday 2\payday2_win32_release.exe | 
"{344B1E31-1B12-46D4-89F3-90B2F415D10C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{34676C04-97A1-4CDC-BE4D-4603A044E189}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{354510B9-C9CF-454C-95A5-969E5241ACAC}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\uplink\uplink.exe | 
"{380ED9D3-03E5-4522-9520-A7023389FCC9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{38BB1505-6421-4269-83DC-0D449155842D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{39B70400-CF1B-45ED-BDF4-03F840887D1E}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\alien swarm\swarm.exe | 
"{3D6C1AF7-F91B-40F9-8500-58F47D5571FD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3E687A12-00AD-4CFB-B4CC-CDFC7CF16274}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | 
"{3EF4F6B0-EDA3-45CE-ADA3-FE1B2A1FD050}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{4010E75D-A7DF-4A11-8739-7D4D1AE032C3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{41C7932F-CB53-4B79-A9DE-8DBBA6E59CD1}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{425F9824-7B54-477C-AA3E-651F11664E19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{4441D657-0075-4292-9F3A-B744AF089A30}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4543E311-020A-4027-AC46-10857927210E}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\alien swarm\swarm.exe | 
"{45E035BC-523D-4ED2-A85F-395CD394A396}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe | 
"{473DB107-736B-44D0-BD6A-B02673D26479}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{48A6C35E-3994-4B5F-B315-96E9E730BF1F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{49ED66E4-AB2D-4530-B618-2A8D55B02581}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4E051BF6-A3DE-4320-A7D2-6A7F39163370}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{50C65771-04F7-41A0-810A-BC749001983A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{516F95CE-2156-44E0-B769-779A07206E7D}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\alien swarm\srcds.exe | 
"{51B36D7D-19BB-4E3B-848F-383D12EDD0B2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{52AE92A9-E7D8-4975-A506-17082DAD7008}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\nba2k13\nba2k13.exe | 
"{54E1C35A-70D5-416D-903A-EC6F4C6EC11D}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4 beta\bf4.exe | 
"{562FA017-298F-40B7-8BB8-2900464502DC}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\rome total war gold\rometw.exe | 
"{587AD8E4-FB11-4315-B3B4-660DF3844CA7}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\age of empires 3\bin\age3.exe | 
"{58D95AA4-153A-4746-86CC-80B52DABE180}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\age of empires 3\bin\age3x.exe | 
"{59070992-B93F-49A7-9936-DC8D5608F904}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\dota 2 beta\dota.exe | 
"{5B5CAA77-683E-4A17-B282-59FC741C5055}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | 
"{5C00E47C-A40D-417C-B82A-0DDB87393B9A}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\trialspc\datapack\trialsfmx.exe | 
"{5C3FF3BB-836C-456B-86C7-CB16D70EA024}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{5C6E0296-1D68-469E-A549-02C8939C97FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe | 
"{5CE37DE2-B284-4EED-A867-DC8CC8A16B67}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\terraria\terraria.exe | 
"{5DCB04B7-1A10-4291-8E83-E098EBB880B1}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5E23416F-EFBE-4601-A38A-17AF0DE852DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame european escalation\wargame.exe | 
"{5E7C97B1-5797-4A04-8208-0B7A9F656A4F}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{5ECB7F6E-B2E5-4AE6-8932-88ABB002784F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{5EEB0880-8DE5-496D-84DD-521FFE761B8C}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\wargame airland battle\wargame2.exe | 
"{5FA4AB15-C553-435C-9A30-F6D94F5A3B9D}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\team fortress 2\hl2.exe | 
"{614DDF08-C5D7-44B5-9C97-9A81EDEE574C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{62643F02-CD62-4DC8-AACF-2F8721C03AF8}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\age2hd\launcher.exe | 
"{633CF0D0-0D8F-47E0-9981-A04282C798BB}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{64A8EEB5-E6AF-4390-92AA-17DF247BAC79}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{66C2431A-F013-45B9-92DA-500317380C75}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{67B01047-61E8-416B-9D52-017C950F5DCA}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\age of empires 3\bin\age3.exe | 
"{67CC9219-F184-4966-90F7-A2B18857023B}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{681E62F9-645A-4D23-A60A-24C77C048056}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\tropico 4\tropico4.exe | 
"{685D5D19-4DDD-48A7-8400-830385291EE6}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{6CE41935-689D-4A27-B351-11C2C4BDCAB8}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{6D9A85DE-842A-4ED4-88A7-7DCA1C671C30}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | 
"{6DE157B8-26B8-4B69-B74F-9969BFADDFD4}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{6EA74955-0029-4A04-88DA-485C963F4F69}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\shank 2\bin\shank2.exe | 
"{6F631FBB-B186-42D8-B3D4-A527EC038080}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{70C5FCDA-2F33-422E-9E49-229C9640374E}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{716CB326-B5D1-4265-8769-6FE753B5D0F1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{76BE4BD2-845E-4993-8474-76AD79A0D038}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\garrysmod\hl2.exe | 
"{77A2AB2E-3C30-4FF8-8A89-9358E236917C}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{77A8361E-D047-491F-A6AF-D87735DE7BFF}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe | 
"{7B3D0A5B-3540-4E33-83D1-811BDCECD094}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{7CE8B780-530A-4CFD-B4BE-604C88D003F3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7D88EE8B-F83D-4030-9F98-7B258F538200}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\anno 2070\anno5.exe | 
"{7EC29657-E394-47F1-B73F-C41BF4192D7F}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\aceallahninja\garrysmod\hl2.exe | 
"{8057E089-50D4-486A-89B7-3736683D4363}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{80D804B1-55BB-43ED-8849-97A7D8CFC484}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\trialspc\datapack\trialsfmx.exe | 
"{821C3216-A7BE-40FF-B653-589D08E649AE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\sysobject\update.exe | 
"{83AF5983-C627-4B2D-BC78-BD82ED2E13FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{84A7DFD3-7608-4D82-96CF-38B8925C9D18}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{87C16D9B-4108-4628-A3A4-E9331F80B8F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{881F3960-4A4D-468B-A0E6-50D09E6B0407}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\waking mars\mars-pc.exe | 
"{8A9220B1-EA70-4C84-BD92-81DB519733AD}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\payday 2 beta\payday2_win32_release.exe | 
"{8B7E766E-9A68-49CD-AA98-70542B47AD34}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{8B7F957C-80AD-4CBE-8A15-F4532B2CF11E}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\anno 2070\anno5.exe | 
"{8BB93BB5-134C-43C5-8C88-295D89020821}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8C1D68B6-9E55-4F49-9BF1-1EE3C0D6AC75}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | 
"{8DB89DE9-625A-4B61-9878-0706899804C2}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\rogue legacy\roguelegacy.exe | 
"{8E7EFCCE-9714-4111-9A19-C0DA79196AF9}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steam.exe | 
"{8F86B282-7374-4CDB-A143-4D778956589B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8FB961AB-93E1-4EBB-98FA-5BDA48C00AA3}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{90324F99-A319-4A97-AF43-3102FF5318C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame european escalation\wargame.exe | 
"{925B6C53-BE24-408E-9946-D49FAA1FB4B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{92E739A8-A64D-4582-8400-044627E00461}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\darwinia\darwinia.exe | 
"{955BC8C5-3A8F-496B-909F-07C6E61FC25A}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\wargame airland battle\wargame2.exe | 
"{9687A2DD-BF87-4DA5-9305-0066F6A4AD89}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{97A02FEC-DEE9-4E8E-8884-D273C1D683D7}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{97E1B6A2-F3E6-4995-874D-834E31514EF8}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{9A1A0DE0-964C-4C6E-88DE-27E30342386A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9B0347AA-2E2A-4AAD-9140-0CC2282C95B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B0D6123-FCAE-4E20-B810-555854406B26}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{9DDAFFA2-B151-4510-86AB-128B89D9FFF9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{9E88CDFF-C241-428E-A5EC-D2FEF0713667}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\wargame european escalation\wargame.exe | 
"{9ED0CB93-4173-4516-A6D2-458EFC2B7322}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\command and conquer red alert 3\runme.exe | 
"{9F6CADBD-0F95-4128-BD92-29597193CC71}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\wargame european escalation\wargame.exe | 
"{9FE20917-EA16-442A-868B-079CFA80AFBC}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe | 
"{A0E04494-AB43-44FE-B6D8-3C908116BF32}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\payday 2\payday2_win32_release.exe | 
"{A1D0DFFD-42A9-47F8-BC2F-05CE3194AB9B}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\garrysmod\hl2.exe | 
"{A2501FF0-62AC-4125-A690-B0C0680450B7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{A3DDD8EF-099D-4F88-A8AB-3CBCD1D34770}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\alien swarm\srcds.exe | 
"{A4348775-E60D-448E-9BA4-BF5C2DF43D07}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{A5346A76-5FC3-4016-9E48-2F8785F7D519}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\defcon\defcon.exe | 
"{A66A6295-9D0D-4A90-91A6-E061D68A1CF3}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{A69F1B58-816A-4751-B5C7-A0C33F9C7537}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{A7BBCB8E-D745-48EF-8AFB-E139A14AE3AD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A90D8542-0597-41DB-BC79-10DD408122C0}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{A96DC2E6-1AAD-42D9-BFD6-CD7DE9D9022C}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\wargame airland battle\wargame2.exe | 
"{AB11A670-6574-47BB-9D6D-71B05FE5EE00}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe | 
"{AB78EE20-ACD1-4CF5-8551-F1408D4DB92F}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steam.exe | 
"{AC30751C-FC6E-400B-9793-8C0AE9E1F2C5}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm | 
"{ADAE9540-6019-41FD-BC66-E9793A51E257}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{AE92285A-E7F0-4004-851A-26BD1E137ED7}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{B185CE75-13B1-43DA-BD78-E9FF404EB6A4}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\rome total war gold\rometw.exe | 
"{B2848437-19F7-49B1-B904-CF6CE6552660}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\trialspc\datapack\trialsfmx.exe | 
"{B466F546-AB49-4582-8CA4-2FE54E4B1564}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\rogue legacy\roguelegacy.exe | 
"{B5BA26EB-DD3B-4E8E-9C49-AD0D3B732E52}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\payday 2\payday2_win32_release.exe | 
"{B6ACB31C-7667-40A8-B387-8D1B1377492D}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\tropico 4\tropico4.exe | 
"{B713B5EF-301B-45EF-AAD6-14C2B2519C72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{B7F686D1-2385-41E5-A45A-4EFD5B4C4CD7}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\payday 2 beta\payday2_win32_release.exe | 
"{B83A4F74-576D-40E3-AD90-7F0C91CB7259}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{BBD39D4F-92D3-4535-82E0-2FA2843D7371}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{BC16D868-5DB6-42B4-8AEE-E6E1A1518DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{BDE1FF88-E244-492A-829A-96354D8CB8E7}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\darwinia\darwinia.exe | 
"{BDE2804C-C4C7-4EC2-82A9-5F928E25E3A7}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{BEDFF3EC-B72E-49A4-BCA9-9A336BC0CA3F}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{BFC12E5E-5248-4DB6-8BCF-F42548395C54}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\garrysmod\hl2.exe | 
"{C108191F-B0E0-4C60-99B0-90CC58322E08}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C1B94DEB-CBFD-4819-88B9-15D7492DC183}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C2741E61-9FEE-4AF6-9D7A-FAFA04F66366}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\age of empires 3\bin\age3x.exe | 
"{C5075136-B5CA-4847-9FAA-F57C5DC3B469}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{C55F21E6-F154-46F0-BF91-7538F00AADE9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6218FCB-C5C4-48DD-A68E-5FE5FBCA89A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe | 
"{C78174B7-B877-48A7-BAED-97F24B57ED68}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\uplink\uplink.exe | 
"{C7DD8A23-AF74-4F89-A845-2B4C8619C9E1}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\age of empires 3\bin\age3y.exe | 
"{C87C3CF1-4A47-4099-9E06-3EFD94BDEF66}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\multiwinia\multiwinia.exe | 
"{C965A928-4091-495C-9F18-C32773717393}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{C97D7D14-C088-4163-B97B-972D68043C7C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C9EE0C7A-6E37-447C-A15B-D2AEAF577D23}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm | 
"{CADF2CAE-1194-47F3-85CC-51D26ADAC994}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{CD55F5CF-E59C-4CED-9C06-D524F2C55642}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\prison architect\prison architect.exe | 
"{CF2B76A4-80BB-42A0-BE2D-A4EC5EC5A8A7}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe | 
"{CF346A96-F706-4644-90E9-7DC2021F0AAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CFC0F141-AB96-40A8-9CB6-C046F0082A2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{D0C81769-10E2-4742-9E6B-EF6478AB25D9}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{D0F6B01B-EB43-43A9-BF7A-EE6DE9B5459F}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{D130FD41-D61B-4F2D-8F89-295AFFA48BA7}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe | 
"{D3232DA7-C739-4623-8861-D6B08446D109}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\the walking dead\walkingdead101.exe | 
"{D37CEA98-47FC-410F-9EA7-B91F1C28637A}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\aceallahninja\garrysmod\hl2.exe | 
"{D4078D2F-166C-4C32-826E-63CA08DEDBE7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D4F3E1D5-32DD-4F71-B965-098F9E5CFC19}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{D7396632-72E7-43A0-A2A1-C2B6D9A580E2}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{D76806CE-E244-42C5-AF5A-15F9EF30B58B}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe | 
"{D8F8BB84-7593-430A-A4AC-B000C5CEB8F8}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\prison architect\prison architect.exe | 
"{D98BCF6D-EDAD-4FC4-80DA-8C7048EEA9CD}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\defcon\defcon.exe | 
"{DB1AB935-3B33-4208-8C3E-5F51EF79EBD7}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4 beta\bf4.exe | 
"{DC013E7B-678A-487A-AFA2-3324ACDEFEAE}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{DD9160B3-7B1A-4ED3-AD21-82DE3E96F4A3}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{DDBB4295-A3FC-4E6F-9155-4A4C06D0D8ED}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{DDBE2D78-27CA-481D-9A4C-17E93C71F7BE}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{E0DD6D96-E940-4D11-9FB0-31C1CF7FB626}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E17531AF-B455-4062-A02D-D9F84C71FBA2}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | 
"{E31CEB48-79F6-4E8A-A576-EF0570D9DC39}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{E66EDCC4-2AC1-4E9A-A999-616D134E0EB1}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{E709B903-A68C-41A9-9E4E-BBE27DCA8E18}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\just cause 2\justcause2.exe | 
"{E786E11D-6AB6-45B5-87EE-7F4908B9C9FA}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\trialspc\datapack\trialsfmx.exe | 
"{E7D1D413-D9F9-495C-992F-D9A2E32420CB}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe | 
"{E8ABE944-CE25-420F-AAFF-8157D64EC270}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{E8F2726D-725F-466A-8E51-726DDA76D9CE}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\shank 2\bin\shank2.exe | 
"{E928D003-2000-41DF-B3EB-41F6BDC94FB3}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{EAD6E590-86A4-4A65-8CAE-1B69EE971F4A}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{EAE4E89A-9E1E-4AAF-BF6C-3ED06A11F589}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe | 
"{ECA19D4E-04E5-4DBB-98AA-00F8D47ACE7D}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{ED8D569B-C753-4C50-B86D-747691FEAA30}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{EDCF68E1-2181-431F-9ECF-565CA6F506FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EF64F08A-82F3-466B-A7BC-390EE7A5934A}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{F01A771E-03B4-471B-BC00-F11DDD9E5465}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\nba2k13\nba2k13.exe | 
"{F021615C-A412-4ED7-949C-A36F19786FA0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F121BDDD-C772-47C2-AA1B-5700268C5BC4}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\prison architect\prison architect.exe | 
"{F248D2BA-CB89-4862-8FAB-06F2F5F79E60}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\just cause 2\justcause2.exe | 
"{F25DD6BB-134C-43AB-920C-BC8B5E6EEB37}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F2799932-D409-4B1F-A867-1A6FB27CD9A8}" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{F35B742D-6575-41C5-828F-C270AE8C7A39}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F3619BAC-B505-4682-8CDA-520F01A2EFBF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F55F1B65-38AB-4C83-8386-4A36793C3DCA}" = protocol=6 | dir=out | app=system | 
"{F5F880F7-7E97-4D63-AAB8-5A2A2ECE4498}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{F62A841F-28AC-40D0-8E32-26449C2E1002}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\wargame airland battle\wargame2.exe | 
"{F701323B-86BB-4826-8A60-9EC2BE39E7FA}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\chivalry_ded_server\binaries\win32\udk.exe | 
"{F73E9D43-F2AD-44FB-9B2B-A04391E1DD1E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\sysobject\update.exe | 
"{F8F902B1-9A3C-415E-8E25-9BA4C4FE13DB}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{FDF33D27-6FAF-4391-BCFF-26439E679DBF}" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{FEC97970-DD6A-4F84-9DF9-AD5725F07757}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | 
"TCP Query User{19180BED-A016-4847-9E7F-00934BDFD7B7}C:\program files (x86)\steam\steamapps\aceallahninja\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\aceallahninja\team fortress 2\hl2.exe | 
"TCP Query User{54742444-C725-41FF-93E2-41D2FE986272}C:\users\admin\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\admin\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{696C2990-AECD-4C09-A5B0-1FAD86448A6E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{4D6E51DA-1398-4270-815D-11360C468251}C:\program files (x86)\steam\steamapps\aceallahninja\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\aceallahninja\team fortress 2\hl2.exe | 
"UDP Query User{770A6ECA-7A75-421D-AD5D-7123BE62D0C9}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{DEA9F50E-E229-41AF-815B-87B9FAF64D66}C:\users\admin\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\admin\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Internet Security 2012
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{710D4D91-1924-4A6B-8659-9CDE02DC7207}" = HP Deskjet 3050A J611 series Product Improvement Study
"{72EF03F5-0507-4861-9A44-D99FD4C41418}" = Paint.NET v3.5.11
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A535111D-95C8-487F-869E-CE4C239972D2}" = iTunes
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 8.3.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.5
"{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.1
"{BF9FD124-1112-4C8D-8F79-779A11C6287D}" = Logitech GamePanel Software 3.05.151
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EE45F85E-ED91-11E2-9CD7-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{F17E4000-ED91-11E2-B3BD-F04DA23A5C58}" = MSVCRT Redists
"{FB555BCF-9202-4886-9203-88C9A210D727}" = HP Deskjet 3050A J611 series Basic Device Software
"Bitdefender" = Bitdefender Internet Security 2012
"C-Media Oxygen HD Audio Driver" = ASUS Xonar DG Audio Driver
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pyware 3D v7" = Pyware 3D v7
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{24E34264-D483-477C-A9A0-4E53F69834CF}" = Façade
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{2EF34761-F147-4984-8AF1-BB9F8DA76CDD}_is1" = Star wars Battlefront II version 1.3
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{42B1BDFC-9AF7-42C4-BC3C-EAED79D4DBEB}" = SmartMusic
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0722.1
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{53466613-9260-4814-AE66-7F3A3FA978D3}" = Livestream for Producers
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5D13804A-67B7-49DA-9B15-65B70A83B9C3}" = Python 2.7 pygame-1.9.1
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}" = Vegas Pro 11.0
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.7.0
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{99A016E1-0840-43AE-8434-A18CEDFA833B}" = LogMeIn Hamachi
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}" = Python 2.7.3
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CFAB3721-549D-4827-A4E8-7F90192114AB}" = Battlefield 4™ Beta
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DB93E2C2-851F-44B2-B09C-351D2C624AE1}" = Camtasia Studio 8
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E362724E-9320-4946-AF34-874E7B6B2927}" = System Requirements Lab CYRI
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1" = Ezvid
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FC9F924E-9472-45F1-980D-8267E47AA054}" = Poke
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Desura" = Desura
"Dishonored_is1" = Dishonored
"DivX Setup" = DivX Setup
"Dxtory2.0_is1" = Dxtory version 2.0.122
"ESN Sonar-0.70.4" = ESN Sonar
"EVE" = EVE Online (remove only)
"Fallout New Vegas_is1" = Fallout New Vegas
"Faster Than Light_is1" = Faster Than Light
"FL Studio 10" = FL Studio 10
"Fraps" = Fraps (remove only)
"HP Photo Creations" = HP Photo Creations
"IL Download Manager" = IL Download Manager
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0722.1
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.0.0 Full
"League of Legends 3.0.0" = League of Legends
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MTA:SA 1.3" = MTA:SA v1.3.4
"MuseScore" = MuseScore 1.3
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.2.3
"Origin" = Origin
"Precision" = EVGA Precision 2.0.2
"PunkBusterSvc" = PunkBuster Services
"Razer Game Booster_is1" = Razer Game Booster
"RocketDock_is1" = RocketDock 1.3.5
"Rockstar Games Social Club" = Rockstar Games Social Club
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"SmartMusic 2012c" = SmartMusic 2012c
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"StarTopia_is1" = StarTopia
"Steam App 102840" = Shank 2
"Steam App 113200" = The Binding of Isaac
"Steam App 1500" = Darwinia
"Steam App 1510" = Uplink
"Steam App 1520" = DEFCON
"Steam App 1530" = Multiwinia
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 207610" = The Walking Dead
"Steam App 209080" = Guns of Icarus Online
"Steam App 214560" = Mark of the Ninja
"Steam App 215" = Source SDK Base 2006
"Steam App 219600" = NBA 2K13
"Steam App 219740" = Don't Starve
"Steam App 220070" = Chivalry: Medieval Warfare Dedicated Server
"Steam App 220160" = Trials Evolution Gold Edition
"Steam App 220200" = Kerbal Space Program
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 222750" = Wargame: AirLand Battle
"Steam App 227200" = Waking Mars
"Steam App 233450" = Prison Architect
"Steam App 239030" = Papers, Please
"Steam App 241600" = Rogue Legacy
"Steam App 246210" = PAYDAY 2 Beta
"Steam App 4000" = Garry's Mod
"Steam App 49520" = Borderlands 2
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8190" = Just Cause 2
"Sumotori Dreams" = Sumotori Dreams
"Sumotori Full Version" = Sumotori Full Version
"Switch" = Switch Sound File Converter
"SynthFont_is1" = SynthFont
"Uplay" = Uplay
"Viena" = Viena
"WinLiveSuite" = Windows Live Essentials
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-223215813-1355463031-3474482751-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0 A.D." = 0 A.D.
"Bitcoin" = Bitcoin
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Haunt 1.0 64bit" = Haunt 1.0 64bit
"UnityWebPlayer" = Unity Web Player
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-223215813-1355463031-3474482751-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0 A.D." = 0 A.D.
"Bitcoin" = Bitcoin
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Haunt 1.0 64bit" = Haunt 1.0 64bit
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/2/2013 11:39:42 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000
Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448,
 time stamp: 0x4f563b00  Faulting module name: js3260.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x2a425e19  Exception code: 0xc0000005  Fault offset: 0x03cfda0c  Faulting
 process id: 0x1fa8  Faulting application start time: 0x01ced7e1bb0e6204  Faulting application
 path: C:\Program Files (x86)\Common Files\sysobject\update.exe  Faulting module path:
 js3260.dll  Report Id: fd1fdd44-43d4-11e3-82d1-50e549d9fe14
 
Error - 11/2/2013 11:40:17 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000
Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448,
 time stamp: 0x4f563b00  Faulting module name: js3260.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x2a425e19  Exception code: 0xc0000005  Fault offset: 0x0423da0c  Faulting
 process id: 0x1db8  Faulting application start time: 0x01ced7e1d136af64  Faulting application
 path: C:\Program Files (x86)\Common Files\sysobject\update.exe  Faulting module path:
 js3260.dll  Report Id: 1283f044-43d5-11e3-82d1-50e549d9fe14
 
Error - 11/2/2013 11:42:26 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000
Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448,
 time stamp: 0x4f563b00  Faulting module name: js3260.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x2a425e19  Exception code: 0xc0000005  Fault offset: 0x04ecda0c  Faulting
 process id: 0x1930  Faulting application start time: 0x01ced7e1e8f1f8d4  Faulting application
 path: C:\Program Files (x86)\Common Files\sysobject\update.exe  Faulting module path:
 js3260.dll  Report Id: 5eefd7a4-43d5-11e3-82d1-50e549d9fe14
 
Error - 11/2/2013 11:43:04 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000
Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448,
 time stamp: 0x4f563b00  Faulting module name: js3260.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x2a425e19  Exception code: 0xc0000005  Fault offset: 0x0465da0c  Faulting
 process id: 0x704  Faulting application start time: 0x01ced7e2331ddb44  Faulting application
 path: C:\Program Files (x86)\Common Files\sysobject\update.exe  Faulting module path:
 js3260.dll  Report Id: 75aee6c4-43d5-11e3-82d1-50e549d9fe14
 
Error - 11/2/2013 11:44:05 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000
Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448,
 time stamp: 0x4f563b00  Faulting module name: js3260.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x2a425e19  Exception code: 0xc0000005  Fault offset: 0x03e6da0c  Faulting
 process id: 0x14b8  Faulting application start time: 0x01ced7e24c1eeb24  Faulting application
 path: C:\Program Files (x86)\Common Files\sysobject\update.exe  Faulting module path:
 js3260.dll  Report Id: 99ea6a04-43d5-11e3-82d1-50e549d9fe14
 
Error - 11/2/2013 11:45:33 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000
Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448,
 time stamp: 0x4f563b00  Faulting module name: js3260.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x2a425e19  Exception code: 0xc0000005  Fault offset: 0x042cda0c  Faulting
 process id: 0x74  Faulting application start time: 0x01ced7e26f2c9cc4  Faulting application
 path: C:\Program Files (x86)\Common Files\sysobject\update.exe  Faulting module path:
 js3260.dll  Report Id: ce8bc5b4-43d5-11e3-82d1-50e549d9fe14
 
Error - 11/2/2013 11:46:54 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000
Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448,
 time stamp: 0x4f563b00  Faulting module name: js3260.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x2a425e19  Exception code: 0xc0000005  Fault offset: 0x04f9da0c  Faulting
 process id: 0x17d8  Faulting application start time: 0x01ced7e2a3273124  Faulting application
 path: C:\Program Files (x86)\Common Files\sysobject\update.exe  Faulting module path:
 js3260.dll  Report Id: ff1ca234-43d5-11e3-82d1-50e549d9fe14
 
Error - 11/2/2013 11:47:35 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000
Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448,
 time stamp: 0x4f563b00  Faulting module name: js3260.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x2a425e19  Exception code: 0xc0000005  Fault offset: 0x0409da0c  Faulting
 process id: 0xd34  Faulting application start time: 0x01ced7e2d512bba4  Faulting application
 path: C:\Program Files (x86)\Common Files\sysobject\update.exe  Faulting module path:
 js3260.dll  Report Id: 17561c54-43d6-11e3-82d1-50e549d9fe14
 
Error - 11/2/2013 11:49:51 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000
Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448,
 time stamp: 0x4f563b00  Faulting module name: js3260.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x2a425e19  Exception code: 0xc0000005  Fault offset: 0x040fda0c  Faulting
 process id: 0x19bc  Faulting application start time: 0x01ced7e2ed7e4244  Faulting application
 path: C:\Program Files (x86)\Common Files\sysobject\update.exe  Faulting module path:
 js3260.dll  Report Id: 6890c9d4-43d6-11e3-82d1-50e549d9fe14
 
Error - 11/2/2013 11:50:26 AM | Computer Name = Vicethal-X1 | Source = Application Error | ID = 1000
Description = Faulting application name: update.exe_Firefox, version: 1.9.2.4448,
 time stamp: 0x4f563b00  Faulting module name: js3260.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x2a425e19  Exception code: 0xc0000005  Fault offset: 0x0446da0c  Faulting
 process id: 0x21c  Faulting application start time: 0x01ced7e33bbaf204  Faulting application
 path: C:\Program Files (x86)\Common Files\sysobject\update.exe  Faulting module path:
 js3260.dll  Report Id: 7d246d74-43d6-11e3-82d1-50e549d9fe14
 
[ System Events ]
Error - 11/2/2013 11:34:40 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error - 11/2/2013 11:34:40 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error - 11/2/2013 11:34:41 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error - 11/2/2013 11:34:41 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error - 11/2/2013 11:34:42 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error - 11/2/2013 11:35:04 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error - 11/2/2013 11:35:05 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error - 11/2/2013 11:35:05 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error - 11/2/2013 11:35:06 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error - 11/2/2013 11:35:06 AM | Computer Name = Vicethal-X1 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
 
< End of report >
 

(The driver errors at the end are interesting, but probably not malware, my USB hub is just really cheap)

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

ComboFix Log:

 

ComboFix 13-11-03.02 - Admin 11/03/2013  10:20:56.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8174.5624 [GMT -5:00]

Running from: c:\users\Admin\Desktop\ComboFix.exe

AV: Bitdefender Antivirus *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}

FW: Bitdefender Firewall *Enabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}

SP: Bitdefender Antispyware *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files\PrivacySafeGuard\PrIVacysafeguard.dll

c:\programdata\1338546611.bdinstall.bin

c:\programdata\1338546713.bdinstall.bin

c:\programdata\1338547561.bdinstall.bin

c:\programdata\ntuser.dat

c:\users\Admin\AppData\Roaming\0ad

c:\users\Admin\AppData\Roaming\0ad\config\user.cfg

c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk

c:\users\Admin\AppData\Roaming\poclbm

c:\users\Admin\AppData\Roaming\poclbm\poclbm.ini

c:\windows\SysWow64\frapsvid.dll

c:\windows\wininit.ini

E:\Autorun.inf

.

.

(((((((((((((((((((((((((   Files Created from 2013-10-03 to 2013-11-03  )))))))))))))))))))))))))))))))

.

.

2013-11-03 15:36 . 2013-11-03 15:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-11-03 15:36 . 2013-11-03 15:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-11-03 15:36 . 2013-11-03 15:36 -------- d-----w- c:\users\Mcx1-VICETHAL-X1\AppData\Local\temp

2013-11-01 19:30 . 2013-11-01 19:31 -------- d-----w- C:\AdwCleaner

2013-11-01 19:28 . 2013-11-01 19:28 -------- d-----w- c:\programdata\YTD Video Downloader

2013-11-01 19:13 . 2013-11-01 19:13 -------- d-----w- c:\windows\ERUNT

2013-10-24 18:56 . 2013-10-24 18:56 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes

2013-10-24 18:56 . 2013-10-24 18:56 -------- d-----w- c:\programdata\Malwarebytes

2013-10-24 18:56 . 2013-10-24 18:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-10-24 18:56 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-10-22 13:04 . 2013-10-22 13:04 -------- d-----w- c:\programdata\Oracle

2013-10-22 13:01 . 2013-10-22 13:01 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-10-22 13:01 . 2013-10-08 11:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-10-18 20:19 . 2013-10-18 20:19 -------- d-----w- c:\program files (x86)\MTA San Andreas 1.3

2013-10-18 20:19 . 2013-10-18 20:19 -------- d-----w- c:\programdata\MTA San Andreas All

2013-10-18 13:41 . 2013-10-18 17:57 -------- d-----w- c:\programdata\Yahoo!

2013-10-18 13:40 . 2013-10-18 18:09 -------- d-----w- c:\program files (x86)\Yahoo!

2013-10-17 14:30 . 2013-10-17 14:42 -------- d-----w- c:\program files (x86)\xpadder_gamepad_profiler

2013-10-17 13:53 . 2013-10-17 14:23 -------- d-----w- c:\program files (x86)\Joy2Key

2013-10-15 20:54 . 2013-10-15 20:54 589600 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2013-10-14 03:53 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-10-14 03:53 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-10-14 03:53 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-10-14 03:53 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-10-14 03:53 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-10-14 03:53 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-10-14 03:53 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-10-13 15:55 . 2013-06-25 22:55 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-10-13 15:54 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll

2013-10-13 15:51 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll

2013-10-11 07:17 . 2013-10-11 07:17 -------- d-----w- c:\windows\SysWow64\RTCOM

2013-10-11 07:17 . 2013-10-11 07:17 -------- d-----w- c:\program files\Realtek

2013-10-11 07:17 . 2013-03-20 17:16 2102040 ----a-w- c:\windows\system32\WavesGUILib64.dll

2013-10-11 07:17 . 2009-11-24 13:55 518896 ----a-w- c:\windows\system32\SRSTSX64.dll

2013-10-11 07:17 . 2009-11-24 13:55 211184 ----a-w- c:\windows\system32\SRSTSH64.dll

2013-10-11 07:17 . 2009-11-24 13:55 198896 ----a-w- c:\windows\system32\SRSHP64.dll

2013-10-11 07:17 . 2009-11-24 13:55 155888 ----a-w- c:\windows\system32\SRSWOW64.dll

2013-10-11 07:17 . 2013-03-26 18:38 1659464 ----a-w- c:\windows\system32\RTSnMg64.cpl

2013-10-11 07:17 . 2013-03-26 21:06 2797128 ----a-w- c:\windows\system32\RtPgEx64.dll

2013-10-11 07:17 . 2011-12-20 19:32 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll

2013-10-11 07:17 . 2013-03-30 01:42 3379272 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys

2013-10-11 07:15 . 2013-02-28 17:10 2032408 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll

2013-10-11 07:15 . 2013-03-20 17:16 910104 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll

2013-10-11 07:15 . 2010-09-27 13:34 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll

2013-10-11 07:15 . 2013-03-26 21:04 2734624 ----a-w- c:\windows\system32\FMAPO64.dll

2013-10-11 07:15 . 2012-06-20 21:26 110592 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll

2013-10-11 07:14 . 2013-03-23 07:43 208072 ----a-w- c:\windows\system32\AERTAC64.dll

2013-10-11 07:14 . 2012-03-08 15:47 108640 ----a-w- c:\windows\system32\AERTAR64.dll

2013-10-11 07:12 . 2006-02-07 19:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2013-10-11 07:12 . 2006-02-07 19:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2013-10-11 07:12 . 2006-02-07 19:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2013-10-11 07:12 . 2006-02-07 19:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2013-10-11 07:12 . 2006-02-07 19:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2013-10-11 07:12 . 2005-11-14 03:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2013-10-11 07:12 . 2013-10-11 07:12 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2013-10-11 07:12 . 2013-10-11 07:12 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2013-10-10 01:05 . 2013-10-10 01:05 -------- d-----w- c:\program files (x86)\Realtek

2013-10-10 00:18 . 2013-10-10 00:29 -------- d-----w- c:\users\Admin\Valley

2013-10-04 19:49 . 2013-10-04 19:49 -------- d-----w- C:\Riot Games

2013-10-04 19:47 . 2013-10-05 03:21 -------- d-----w- c:\users\Admin\AppData\Local\PMB Files

2013-10-04 19:47 . 2013-10-05 03:21 -------- d-----w- c:\programdata\PMB Files

2013-10-04 19:47 . 2013-10-04 19:47 -------- d-----w- c:\program files (x86)\Pando Networks

2013-10-04 19:46 . 2013-10-04 19:47 -------- d-----w- c:\users\Admin\AppData\Roaming\Riot Games

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-18 13:44 . 2012-05-07 20:57 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-10-18 13:44 . 2012-04-29 21:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-16 00:48 . 2013-05-19 00:55 3067560 ----a-w- c:\windows\system32\nvapi64.dll

2013-10-16 00:48 . 2013-05-19 00:55 2694664 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-10-16 00:48 . 2013-05-19 00:55 15244272 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-10-16 00:48 . 2013-05-19 00:55 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-10-16 00:48 . 2013-05-19 00:39 61216 ----a-w- c:\windows\system32\OpenCL.dll

2013-10-16 00:48 . 2013-05-19 00:39 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll

2013-10-15 21:47 . 2013-05-19 00:57 6665504 ----a-w- c:\windows\system32\nvcpl.dll

2013-10-15 21:47 . 2013-05-19 00:57 3489568 ----a-w- c:\windows\system32\nvsvc64.dll

2013-10-15 21:47 . 2013-05-19 00:57 922912 ----a-w- c:\windows\system32\nvvsvc.exe

2013-10-15 21:47 . 2013-05-19 00:57 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-10-15 21:47 . 2013-05-19 00:57 219424 ----a-w- c:\windows\system32\nvmctray.dll

2013-10-13 21:42 . 2012-06-24 16:25 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-10-13 21:42 . 2012-05-21 10:18 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-10-13 21:42 . 2012-05-21 10:18 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-10-13 15:57 . 2012-05-01 10:25 80541720 ----a-w- c:\windows\system32\MRT.exe

2013-10-08 19:14 . 2013-05-19 00:57 3398914 ----a-w- c:\windows\system32\nvcoproc.bin

2013-10-06 16:51 . 2012-05-21 10:18 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-09-19 01:42 . 2012-05-17 08:59 57584 ----a-w- c:\windows\system32\iolobtdfg.exe

2013-09-19 01:42 . 2012-05-17 08:59 26184 ----a-w- c:\windows\system32\smrgdf.exe

2013-09-19 01:24 . 2012-12-29 05:27 2155152 ----a-w- c:\windows\system32\Incinerator64.dll

2013-09-19 01:24 . 2012-05-17 09:00 2097984 ----a-w- c:\windows\SysWow64\Incinerator32.dll

2013-09-12 08:58 . 2013-09-19 20:51 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll

2013-09-12 08:58 . 2013-09-19 20:51 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll

2013-08-29 01:48 . 2013-10-13 15:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-08-20 13:33 . 2013-09-15 20:37 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys

2013-08-20 13:32 . 2013-09-15 20:37 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll

2013-08-20 13:32 . 2013-09-15 20:37 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\users\Admin\Games\Steam\steam.exe" [2013-10-30 1820584]

"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]

"FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarmClock.exe" [2012-04-25 1328976]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]

"Dxtory Update Checker 2.0"="c:\program files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]

"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]

"TaskMngr"="wscript.exe" [2009-07-14 141824]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-10-01 2345296]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-01 152392]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"{90140000-0011-0000-1000-0000000FF1CE}"="del" [X]

"{90140000-001A-0409-1000-0000000FF1CE}"="del" [X]

.

c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]

Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN247546M205PJ;CONNECTION=NW;MONITOR=1; [2009-7-13 45568]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]

R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]

R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]

R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys [x]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]

S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]

S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]

S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]

S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]

S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [x]

S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]

S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]

S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys;c:\program files (x86)\EVGA Precision\RTCore64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 13:44]

.

2013-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 19:34]

.

2013-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 19:34]

.

2013-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-223215813-1355463031-3474482751-1000Core.job

- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29 20:17]

.

2013-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-223215813-1355463031-3474482751-1000UA.job

- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29 20:17]

.

2013-11-03 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}]

2012-08-08 04:08 105472 ----a-w- c:\program files\PrivacySafeGuard\PrivacySafeGuard-x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320]

"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-12-12 1091200]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]

"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]

"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]

"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = about:blank


uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE "%1"

.

- - - - ORPHANS REMOVED - - - -

.

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-223215813-1355463031-3474482751-1000\Software\SecuROM\License information*]

"datasecu"=hex:ec,57,53,5a,26,16,a6,2a,b6,60,b2,d1,25,82,9a,59,3e,2d,8e,02,56,

   4d,42,57,48,fa,6d,d2,a9,03,56,ac,ca,ca,12,21,15,2b,bf,f0,bd,09,cc,8b,2b,89,\

"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\05\03\09\0a\126^"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-11-03  10:41:16

ComboFix-quarantined-files.txt  2013-11-03 15:41

.

Pre-Run: 67,492,491,264 bytes free

Post-Run: 67,585,126,400 bytes free

.

- - End Of File - - 9D98461ACB1061CA61222D77DE343444

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

UPDATE: I have located js3260.dll as well as update.exe in C:\Program Files (x86)\Common Files\sysobject and will proceed to make a system restore point before deleting the two objects from my system. I scanned them with Bitdefender and MBAM, but both scans turned up clean. It may be that when I uninstalled Firefox, all files were not properly deleted.

Link to post
Share on other sites

The problem seems to have disappeared for now, I'll bring it up on the Firefox help forum. On startup, I am getting a js error box, likely due to the dll that I deleted. Nothing seems to be wrong, but if system instability becomes evident, I will attempt to restore the file.

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.