View Full Version : Advanced system protector help removal
I've been trying to remove this thing but its proving difficult. At first I thought it was part of the Advanced system optimizer I installed so I didnt pay attention to it.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Thor at 12:35:53 on 2013-12-04
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.4618 [GMT 9.5:30]
.
AV: Kaspersky PURE 2.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 2.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 2.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
J:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
J:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\drahtwerk\iWebcamera\iWebcameraApp.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtblfs.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://battlelog.battlefield.com/bf3/gate/?returnUrl=|bf3|servers|
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Thor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "J:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LWS] H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [CloantoSoftwareDirector] "C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe" -s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Thor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{51AF2091-0927-4023-86DB-142FD3B91A25} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{73427270-A448-4497-95DC-8D915CF25F20} : DHCPNameServer = 7.254.254.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - <no file>
Notify: klogon - <no file>
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll
FF - plugin: C:\Users\Thor\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;J:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-2 8704]
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2012-11-1 85048]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-9-27 630632]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-9-27 28008]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2011-11-11 313648]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-18 55952]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-9-25 21104]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2012-11-1 66104]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-4-22 283200]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-10-20 13616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2013-11-10 264488]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [2012-8-30 202328]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-9-10 21992]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-9-25 68136]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-9-27 15720]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-7 629984]
R2 KinoniSvc;Kinoni Service;C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [2013-2-27 525312]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-30 15122208]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-8-11 625816]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-9-25 390672]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-9-6 27136]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-8-12 1153368]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-9-25 114688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-1 2754984]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-6 363800]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-11-11 65408]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-8-17 94208]
R3 KINONI_Wave;Kinoni Audio Source;C:\Windows\System32\drivers\kinonivad.sys [2013-2-27 23040]
R3 kinonivd;Kinoni Video Source;C:\Windows\System32\drivers\kinonivd.sys [2013-2-27 2782848]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-11-15 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-31 64280]
R3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;C:\Windows\System32\drivers\LGSUsbFilt.sys [2013-5-31 41752]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-11-15 16008]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-2-3 58528]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-10-30 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-11 883928]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-9-25 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\System32\drivers\CamDrL64.sys [2007-2-3 955680]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-12-13 131912]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-9-25 21712]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-9-7 25640]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-14 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-9-6 30528]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2013-4-16 410008]
S3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\System32\drivers\ladfDHP2amd64.sys [2010-9-29 62168]
S3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2013-4-16 102808]
S3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\System32\drivers\ladfSBVMamd64.sys [2010-9-29 377176]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-15 351392]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-6-13 343856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-9-6 20992]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-9-12 31800]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2011-9-6 51712]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-9-6 24064]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2011-9-6 51712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-6 59392]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-12-1 745368]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-9-6 24064]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-03 21:24:15 -------- d-----w- C:\hijackthis
2013-12-03 19:59:53 -------- d-----w- C:\Users\Thor\AppData\Local\{AB432236-8B46-4604-9F0C-A7E8A84B67E1}
2013-12-03 07:59:32 -------- d-----w- C:\Users\Thor\AppData\Local\{B62718D9-4665-4CD9-8013-C0E70091B7A6}
2013-12-02 19:58:57 -------- d-----w- C:\Users\Thor\AppData\Local\{F53F9816-300E-4A94-BA28-70447A2DBC1E}
2013-12-02 07:58:23 -------- d-----w- C:\Users\Thor\AppData\Local\{6E7578EC-75AD-4A04-BF3D-E724CBEED224}
2013-12-01 19:57:46 -------- d-----w- C:\Users\Thor\AppData\Local\{3ADC6853-BA48-4CB6-A2F4-98DCFC3203C9}
2013-12-01 07:57:24 -------- d-----w- C:\Users\Thor\AppData\Local\{D4AF4D06-D8E7-4BB5-A6EE-CBB25B89B34C}
2013-11-30 19:56:49 -------- d-----w- C:\Users\Thor\AppData\Local\{EDC45451-3EB8-45F7-8987-CCEAEA462EF4}
2013-11-30 07:56:01 -------- d-----w- C:\Users\Thor\AppData\Local\{73457022-53B1-463B-97DC-15B7484FB346}
2013-11-30 07:44:26 -------- d-----w- C:\Users\Thor\AppData\Roaming\MPC-HC
2013-11-30 07:39:39 256088 ----a-w- C:\Windows\System32\unrar64.dll
2013-11-30 07:39:37 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2013-11-29 19:55:27 -------- d-----w- C:\Users\Thor\AppData\Local\{E9921A5E-AC51-42E1-9AEB-1AAAA11AF817}
2013-11-29 07:54:53 -------- d-----w- C:\Users\Thor\AppData\Local\{DA3C05D3-61CB-4359-8160-3AA938F1B1D2}
2013-11-28 19:54:17 -------- d-----w- C:\Users\Thor\AppData\Local\{A4B42952-B061-4C8A-80E9-6FB5A73CC9EA}
2013-11-28 07:53:43 -------- d-----w- C:\Users\Thor\AppData\Local\{F0331BDD-5A4B-4A3D-B0C5-07E9763A6F23}
2013-11-27 18:45:01 -------- d-----w- C:\Users\Thor\AppData\Local\{A045844B-BACC-4D46-AECF-44ECEB853DDA}
2013-11-27 06:44:39 -------- d-----w- C:\Users\Thor\AppData\Local\{9AD0B4FA-71CD-4421-B5D7-350208F28F0D}
2013-11-26 18:34:29 -------- d-----w- C:\Users\Thor\AppData\Local\{8945C753-1FE8-4C07-9241-4E9A9BC6B685}
2013-11-26 06:02:07 -------- d-----w- C:\Users\Thor\AppData\Local\{454F3AF2-BAF4-4490-931A-A8DB2A1DE4B9}
2013-11-25 10:27:53 -------- d-----w- C:\Users\Thor\AppData\Local\{454AC5C1-992C-40DF-9F2F-2D1B159C8076}
2013-11-24 19:18:17 -------- d-----w- C:\Users\Thor\AppData\Local\{87BCAB07-A8FA-4768-8631-71C9EF63D695}
2013-11-24 07:01:29 -------- d-----w- C:\Users\Thor\AppData\Local\{38DD516B-B5CC-444B-BECD-7EE74F9197BA}
2013-11-23 19:00:55 -------- d-----w- C:\Users\Thor\AppData\Local\{D4234DD3-C092-48B4-AB82-4A9F8CB388E9}
2013-11-23 07:00:20 -------- d-----w- C:\Users\Thor\AppData\Local\{D618B4A1-94D4-4348-85A2-6514E168F301}
2013-11-22 18:59:45 -------- d-----w- C:\Users\Thor\AppData\Local\{569D1019-96E4-4641-B6E6-D7A695F164D5}
2013-11-22 06:59:23 -------- d-----w- C:\Users\Thor\AppData\Local\{8155AEA8-B1CC-44C0-B49B-FD7892403DB8}
2013-11-21 19:54:56 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F91E2F08-9FD5-4047-B782-E559D38CAC82}\mpengine.dll
2013-11-21 18:03:21 -------- d-----w- C:\Users\Thor\AppData\Local\{28474E01-1D0D-4632-86A4-ABDFFD66BC7B}
2013-11-21 06:02:59 -------- d-----w- C:\Users\Thor\AppData\Local\{2144590C-67FE-4CA1-AE1D-0707156D5923}
2013-11-20 18:02:24 -------- d-----w- C:\Users\Thor\AppData\Local\{031CA1E0-963A-493D-BEEF-0E60AE20B098}
2013-11-20 09:37:57 -------- d-----w- C:\Users\Thor\AppData\Local\GOG.com
2013-11-20 06:02:02 -------- d-----w- C:\Users\Thor\AppData\Local\{92484D33-24BB-4421-9020-D94C55872C7B}
2013-11-19 18:01:28 -------- d-----w- C:\Users\Thor\AppData\Local\{461F93BA-1288-4E9A-8AF6-095365A68195}
2013-11-19 06:01:04 -------- d-----w- C:\Users\Thor\AppData\Local\{3DAEFC79-7B58-4E0A-88DB-C7800AB39F3F}
2013-11-18 18:00:29 -------- d-----w- C:\Users\Thor\AppData\Local\{18421A1A-5B4E-4E9A-BA22-8C08363E1142}
2013-11-18 06:00:07 -------- d-----w- C:\Users\Thor\AppData\Local\{867E6E83-3D0B-445F-9596-E376036A0FFD}
2013-11-17 17:59:43 -------- d-----w- C:\Users\Thor\AppData\Local\{BF7B842C-AB2B-4ADC-AD00-8CC5381C8807}
2013-11-17 05:59:07 -------- d-----w- C:\Users\Thor\AppData\Local\{85B8B65C-6CCC-4514-AF8A-63B5937A90F3}
2013-11-16 17:58:32 -------- d-----w- C:\Users\Thor\AppData\Local\{198C8F3C-DBAA-4134-90ED-D3EE89B01BE5}
2013-11-16 11:20:34 -------- d-----w- C:\Users\Thor\AppData\Local\CrashDumps
2013-11-16 07:04:49 -------- d-----w- C:\ProgramData\Zoner
2013-11-16 05:57:44 -------- d-----w- C:\Users\Thor\AppData\Local\{22E2F08F-F481-47FF-9665-3D0EDDE4FD20}
2013-11-15 17:57:10 -------- d-----w- C:\Users\Thor\AppData\Local\{CAAA21A2-5502-4FE4-B5A8-9068F10CA4AB}
2013-11-15 05:56:47 -------- d-----w- C:\Users\Thor\AppData\Local\{93C3A731-A7D0-4A80-846F-56391F6EA0A3}
2013-11-14 17:56:13 -------- d-----w- C:\Users\Thor\AppData\Local\{50F0B766-1A31-444D-9F3A-C98FAD4F8968}
2013-11-14 05:55:49 -------- d-----w- C:\Users\Thor\AppData\Local\{BE00E3EE-A90A-4D9C-94FB-CB24958F3D83}
2013-11-13 17:55:23 -------- d-----w- C:\Users\Thor\AppData\Local\{4B4CDD3F-6E4E-4102-8A53-43F2861178FF}
2013-11-13 05:54:49 -------- d-----w- C:\Users\Thor\AppData\Local\{E4D1A63D-53B3-40E6-B635-DAB08AA94778}
2013-11-12 17:54:14 -------- d-----w- C:\Users\Thor\AppData\Local\{A76C88EC-83FB-47E4-9AF5-6D274A893A47}
2013-11-12 05:53:52 -------- d-----w- C:\Users\Thor\AppData\Local\{16C65EF6-F75A-4FD4-AFAE-CB2193E57295}
2013-11-11 17:53:17 -------- d-----w- C:\Users\Thor\AppData\Local\{EB778C1B-1AEE-4F70-827C-EB9CE112CE15}
2013-11-11 05:52:55 -------- d-----w- C:\Users\Thor\AppData\Local\{FBC50B7C-F75C-4FEE-81C3-616C585448A7}
2013-11-10 19:36:11 -------- d-----w- C:\Users\Thor\Intel
2013-11-10 19:35:20 65408 ----a-w- C:\Windows\System32\drivers\EtronHub3.sys
2013-11-10 19:33:52 883928 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2013-11-10 19:33:52 74456 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-11-10 19:28:13 -------- d-----w- C:\Windows\SysWow64\RTCOM
2013-11-10 19:28:13 -------- d-----w- C:\Program Files\Realtek
2013-11-10 19:13:42 -------- d-----w- C:\Program Files (x86)\Driver-Soft
2013-11-10 17:52:20 -------- d-----w- C:\Users\Thor\AppData\Local\{1FCBF8AB-DA2F-4161-AD32-0D1D6615C029}
2013-11-10 05:51:46 -------- d-----w- C:\Users\Thor\AppData\Local\{6719CD0E-5996-455C-AE59-5E5EDDD32FA2}
2013-11-09 18:16:46 2272 ----a-w- C:\Windows\System32\ASOROSet.bin
2013-11-09 18:10:45 -------- d-----w- C:\Users\Thor\AppData\Roaming\Systweak
2013-11-09 18:08:34 19752 ----a-w- C:\Windows\System32\roboot64.exe
2013-11-09 18:08:33 16896 ----a-w- C:\Windows\System32\sasnative64.exe
2013-11-09 18:08:30 -------- d-----w- C:\ProgramData\Systweak
2013-11-09 18:08:30 -------- d-----w- C:\Program Files (x86)\Advanced System Optimizer 3
2013-11-09 17:05:57 -------- d-----w- C:\Users\Thor\AppData\Local\{7E4886B6-AE3A-492A-8608-3184F0DA4EB5}
2013-11-09 05:05:22 -------- d-----w- C:\Users\Thor\AppData\Local\{DED07105-8A18-4635-BA2F-22EB0496A4F7}
2013-11-08 06:45:54 -------- d-----w- C:\Users\Thor\AppData\Local\{7FD14D40-4D16-4F95-84A9-1CA6060F624A}
2013-11-07 18:10:06 -------- d-----w- C:\Users\Thor\AppData\Local\{4EEBAE55-7C93-4247-847D-1D581662D4CC}
2013-11-07 06:09:45 -------- d-----w- C:\Users\Thor\AppData\Local\{45C8A11C-1044-4F26-923D-6CD3820F66EA}
2013-11-06 18:09:10 -------- d-----w- C:\Users\Thor\AppData\Local\{CF93DC3E-CFC9-4268-8433-9689F7AFF9B8}
2013-11-06 06:08:35 -------- d-----w- C:\Users\Thor\AppData\Local\{A7B32628-DB1E-4E99-B11F-D5F14F0402FF}
2013-11-05 18:08:01 -------- d-----w- C:\Users\Thor\AppData\Local\{94949B8D-2C77-4432-8480-450F6ABED26D}
2013-11-05 06:07:23 -------- d-----w- C:\Users\Thor\AppData\Local\{668F6638-ED09-4579-A820-E01A6C08239C}
2013-11-04 10:31:25 -------- d-----w- C:\ProgramData\Panasonic
2013-11-04 09:06:46 -------- d-----w- C:\Users\Thor\AppData\Local\{03E90486-0F33-4325-9D5F-DB02EB1BE038}
.
==================== Find3M ====================
.
2013-12-04 02:49:49 25640 ----a-w- C:\Windows\gdrv.sys
2013-12-03 20:37:02 119296 ----a-w- C:\Windows\SysWow64\zlib.dll
2013-12-03 12:30:01 6318 --sha-w- C:\ProgramData\KGyGaAvL.sys
2013-11-30 10:08:24 30528 ----a-w- C:\Windows\GVTDrv64.sys
2013-11-30 07:31:17 25640 ----a-w- C:\Windows\etdrv.sys
2013-11-10 19:32:22 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-11-01 11:28:59 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-11-01 11:12:13 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-10-28 19:15:35 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-10-23 08:20:08 6669600 ----a-w- C:\Windows\System32\nvcpl.dll
2013-10-23 08:20:07 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-10-23 08:20:05 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-10-23 08:20:05 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-10-23 08:20:05 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-10-23 08:20:03 3426956 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-10-22 17:32:36 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-10-22 11:08:24 3692632 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2013-10-22 07:41:30 151256 ----a-w- C:\Windows\System32\RCoInstII64.dll
2013-10-22 00:12:52 37850112 ----a-w- C:\Windows\System32\RCoRes64.dat
2013-10-21 05:01:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-21 05:01:18 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-21 01:16:30 2587352 ----a-w- C:\Windows\System32\RtkAPO64.dll
2013-10-18 07:11:34 1286360 ----a-w- C:\Windows\System32\RTCOM64.dll
2013-10-18 01:36:05 1063200 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-10-18 01:36:04 955168 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-10-15 18:13:50 209096 ----a-w- C:\Windows\System32\AERTAC64.dll
2013-10-11 03:17:14 113576 ----a-w- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2013-10-11 02:01:16 947760 ----a-w- C:\Windows\System32\SFSS_APO.dll
2013-10-09 15:47:17 17154952 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-10-07 22:20:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-07 01:35:20 2810072 ----a-w- C:\Windows\System32\RtPgEx64.dll
2013-10-02 07:40:54 617176 ----a-w- C:\Windows\System32\RtDataProc64.dll
2013-09-27 23:01:44 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-09-27 23:01:38 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-09-27 23:01:38 28960 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-09-27 01:15:00 630632 ----a-w- C:\Windows\System32\drivers\iaStorA.sys
2013-09-27 01:15:00 28008 ----a-w- C:\Windows\System32\drivers\iaStorF.sys
2013-09-26 06:41:38 1021656 ----a-w- C:\Windows\System32\RtkApi64.dll
2013-09-13 09:14:26 2080472 ----a-w- C:\Windows\RtlExUpd.dll
2013-09-10 05:50:52 1391104 ----a-w- C:\apploc.msi
2013-09-09 18:32:00 6217904 ----a-w- C:\Windows\System32\DDPP64A.dll
2013-09-09 18:32:00 313520 ----a-w- C:\Windows\System32\DDPO64A.dll
2013-09-09 18:31:58 260272 ----a-w- C:\Windows\System32\DDPA64.dll
2013-09-09 18:31:58 1938608 ----a-w- C:\Windows\System32\DDPD64A.dll
.
============= FINISH: 12:36:13.01 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-04 12:43:27
-----------------------------
12:43:27.931 OS Version: Windows x64 6.1.7601 Service Pack 1
12:43:27.931 Number of processors: 4 586 0x2A07
12:43:27.932 ComputerName: THOR-PC UserName: Thor
12:44:00.699 Initialize success
12:46:49.270 AVAST engine defs: 13120301
12:47:18.027 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000075
12:47:18.028 Disk 0 Vendor: KINGSTON 332A Size: 114473MB BusType: 11
12:47:18.030 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000077
12:47:18.031 Disk 1 Vendor: SAMSUNG_ 1AN1 Size: 1907729MB BusType: 11
12:47:18.032 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000078
12:47:18.034 Disk 2 Vendor: WDC_____ 05.0 Size: 1907729MB BusType: 11
12:47:18.035 Disk 3 \Device\Harddisk3\DR3 -> \Device\00000079
12:47:18.037 Disk 3 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 11
12:47:18.044 Disk 0 MBR read successfully
12:47:18.046 Disk 0 MBR scan
12:47:18.050 Disk 0 Windows 7 default MBR code
12:47:18.052 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:47:18.055 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
12:47:18.065 Disk 0 scanning C:\Windows\system32\drivers
12:47:20.946 Service scanning
12:47:28.273 Modules scanning
12:47:28.277 Disk 0 trace - called modules:
12:47:28.282 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys ACPI.sys storport.sys hal.dll iaStorA.sys
12:47:28.284 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80096b0060]
12:47:28.287 3 CLASSPNP.SYS[fffff8800265143f] -> nt!IofCallDriver -> [0xfffffa80095a6940]
12:47:28.290 5 iaStorF.sys[fffff880029b8f84] -> nt!IofCallDriver -> [0xfffffa8006714e40]
12:47:28.293 7 ACPI.sys[fffff88000f677a1] -> nt!IofCallDriver -> \Device\00000075[0xfffffa8006d46250]
12:47:28.545 AVAST engine scan C:\Windows
12:47:29.129 AVAST engine scan C:\Windows\system32
12:48:41.383 AVAST engine scan C:\Windows\system32\drivers
12:48:48.634 AVAST engine scan C:\Users\Thor
12:51:11.144 AVAST engine scan C:\ProgramData
12:51:51.267 Scan finished successfully
12:53:59.458 Disk 0 MBR has been saved successfully to "C:\Users\Thor\Desktop\MBR.dat"
12:53:59.463 The log file has been saved successfully to "C:\Users\Thor\Desktop\aswMBR.txt"
Systweak.AdvSysProtector: [SBI $0042E83F] Program directory (Directory, fixed)
C:\ProgramData\Systweak\Advanced System Protector\
Systweak.AdvSysProtector: [SBI $AC761240] Program directory (Directory, fixed)
C:\ProgramData\Systweak\Advanced System Protector\signatures\
Systweak.AdvSysProtector: [SBI $C85FEF1E] Program directory (Directory, fixed)
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\
Systweak.AdvSysProtector: [SBI $820A137D] Data (File, nothing done)
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Systweak.AdvSysProtector: [SBI $F64AD8C9] Data (File, nothing done)
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\Settings.db
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Systweak.AdvSysProtector: [SBI $584FCF63] Configuration file (File, nothing done)
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\Update.ini
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
:welcome:
Sorry for the delay, have no excuse, if you have not resolved this issue and still need help please let me know
I've given it my best shot but it doesnt appear any where on my system to remove. But its always there in the bottom corner loading up. I do have Advanced System Optimizer installed so I'm unsure if its actually part of that program or not.
Good Morning,
Advanced System Optimizer is legit , Advanced System Protector is malware
First go into Programs and Features in the Control Panel and see if you can uninstall it, either way lets run Malwarebytes
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
I'd like to mention that I've done this step multiple times and it always picks it up and never actually gets rid of it which is weird when it says its quarantined.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.16.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thor :: THOR-PC [administrator]
19/12/2013 8:53:04 PM
mbam-log-2013-12-19 (20-53-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296033
Time elapsed: 3 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 4
C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
Files Detected: 25
C:\ProgramData\Systweak\Advanced System Protector\signatures\completedatabase.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Cookies.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\DigSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FilePaths.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FileSignature.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Folders.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Md5.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Registry.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\SetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\StrSetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1545completedatabase.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1608mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1609update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1610update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1611update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1612update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1613update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1614update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1615update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1616update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1617update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\Update.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
(end)
Reboot and do another scan with Malwarebytes and post the log please
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.16.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thor :: THOR-PC [administrator]
19/12/2013 9:29:00 PM
mbam-log-2013-12-19 (21-29-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 294670
Time elapsed: 3 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
Files Detected: 3
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
(end)
Still Found more
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
File attached
ComboFix 13-12-18.01 - Thor 19/12/2013 22:05:15.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.6026 [GMT 9.5:30]
Running from: c:\users\Thor\Desktop\ComboFix.exe
AV: Kaspersky PURE 2.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 2.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 2.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-11-19 to 2013-12-19 )))))))))))))))))))))))))))))))
.
.
2013-12-19 12:42 . 2013-12-19 12:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-18 04:44 . 2013-12-18 04:46 -------- d-----w- c:\users\Thor\AppData\Local\ACD Systems
2013-12-18 04:44 . 2013-12-18 04:44 -------- d-----w- c:\users\Thor\AppData\Roaming\ACD Systems
2013-12-18 04:44 . 2013-12-18 04:44 -------- d-----w- c:\programdata\ACD Systems
2013-12-18 04:44 . 2013-12-18 04:44 -------- d-----w- c:\program files\Common Files\ACD Systems
2013-12-18 04:44 . 2013-12-18 04:44 -------- d-----w- c:\program files\ACD Systems
2013-12-18 04:17 . 2013-12-18 04:17 -------- d-----w- c:\users\Thor\AppData\Roaming\FastStone
2013-12-18 04:17 . 2013-12-18 04:17 -------- d-----w- c:\program files (x86)\FastStone Image Viewer
2013-12-18 04:15 . 2013-12-18 04:15 -------- d-----w- c:\program files (x86)\Google
2013-12-16 16:58 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{438F07C1-A550-4E8F-B423-2C79BAC14EF4}\mpengine.dll
2013-12-16 13:20 . 2013-12-16 13:20 -------- d-----w- c:\programdata\IObit
2013-12-16 13:20 . 2013-12-16 13:20 -------- d-----w- c:\users\Thor\AppData\Roaming\IObit
2013-12-16 13:19 . 2013-12-16 13:19 -------- d-----w- c:\program files (x86)\IObit
2013-12-16 12:47 . 2013-12-16 12:47 -------- d-----w- c:\users\Thor\AppData\Local\Xenocode
2013-12-13 02:31 . 2013-12-13 02:31 4583424 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-12-08 13:54 . 2013-12-08 13:54 -------- d-----w- c:\program files (x86)\Cheat Engine 6.3
2013-12-08 13:53 . 2013-12-08 13:53 -------- d-----w- c:\users\Thor\AppData\Local\cache
2013-12-08 13:53 . 2013-12-08 13:54 -------- d-----w- c:\users\Thor\AppData\Local\Mobogenie
2013-12-08 13:53 . 2013-12-08 14:01 -------- d-----w- c:\program files (x86)\Mobogenie
2013-12-06 06:51 . 2013-12-06 06:51 -------- d-----w- c:\users\Thor\AppData\Local\PDF24
2013-12-06 06:51 . 2013-12-06 06:53 -------- d-----w- c:\program files (x86)\PDF24
2013-12-04 03:02 . 2013-12-04 03:02 -------- d-----w- c:\program files (x86)\ERUNT
2013-12-03 21:24 . 2013-12-16 05:54 -------- d-----w- C:\hijackthis
2013-11-30 07:44 . 2013-11-30 07:44 -------- d-----w- c:\users\Thor\AppData\Roaming\MPC-HC
2013-11-30 07:39 . 2013-08-22 18:09 256088 ----a-w- c:\windows\system32\unrar64.dll
2013-11-30 07:39 . 2013-11-30 07:39 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2013-11-20 09:37 . 2013-11-20 09:52 -------- d-----w- c:\users\Thor\AppData\Local\GOG.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-19 11:57 . 2011-09-27 06:31 25640 ----a-w- c:\windows\gdrv.sys
2013-12-19 03:26 . 2012-10-20 16:51 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2013-12-15 17:53 . 2011-10-21 15:22 6318 --sha-w- c:\programdata\KGyGaAvL.sys
2013-11-30 10:08 . 2011-09-06 10:28 30528 ----a-w- c:\windows\GVTDrv64.sys
2013-11-30 07:31 . 2011-09-06 14:53 25640 ----a-w- c:\windows\etdrv.sys
2013-11-29 10:48 . 2013-11-09 18:16 2272 ----a-w- c:\windows\system32\ASOROSet.bin
2013-11-10 19:32 . 2012-07-04 15:48 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-11-01 11:28 . 2011-10-26 09:18 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-11-01 11:12 . 2011-10-26 09:18 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-10-28 19:15 . 2011-10-26 09:18 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-10-23 10:30 . 2013-10-30 04:16 9524088 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-10-23 10:30 . 2013-10-30 04:16 9480328 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-10-23 10:30 . 2013-10-30 04:16 696096 ----a-w- c:\windows\system32\NvFBC64.dll
2013-10-23 10:30 . 2013-10-30 04:16 655136 ----a-w- c:\windows\system32\NvIFR64.dll
2013-10-23 10:30 . 2013-10-30 04:16 599840 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-10-23 10:30 . 2013-10-30 04:16 560416 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-10-23 10:30 . 2013-10-30 04:16 317472 ----a-w- c:\windows\system32\nvoglshim64.dll
2013-10-23 10:30 . 2013-10-30 04:16 3131680 ----a-w- c:\windows\system32\nvcuvid.dll
2013-10-23 10:30 . 2013-10-30 04:16 3124512 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-10-23 10:30 . 2013-10-30 04:16 2946848 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-10-23 10:30 . 2013-10-30 04:16 2747168 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-10-23 10:30 . 2013-10-30 04:16 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2013-10-23 10:30 . 2013-10-30 04:16 25257248 ----a-w- c:\windows\system32\nvcompiler.dll
2013-10-23 10:30 . 2013-10-30 04:16 22933792 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-10-23 10:30 . 2013-10-30 04:16 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2013-10-23 10:30 . 2013-10-30 04:16 18199872 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-10-23 10:30 . 2013-10-30 04:16 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-10-23 10:30 . 2013-10-30 04:16 168616 ----a-w- c:\windows\system32\nvinitx.dll
2013-10-23 10:30 . 2013-10-30 04:16 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2013-10-23 10:30 . 2013-10-30 04:16 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-10-23 10:30 . 2013-10-30 04:16 12572960 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-10-23 10:30 . 2013-10-30 04:16 1241376 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-10-23 10:30 . 2013-10-30 04:16 11426568 ----a-w- c:\windows\system32\nvcuda.dll
2013-10-23 10:30 . 2013-10-30 04:16 11374520 ----a-w- c:\windows\system32\nvopencl.dll
2013-10-23 10:30 . 2013-03-26 15:29 30344480 ----a-w- c:\windows\system32\nvoglv64.dll
2013-10-23 10:30 . 2013-03-26 15:29 15855568 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-10-23 10:30 . 2012-10-25 06:33 15212336 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-10-23 10:30 . 2012-10-20 10:46 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-10-23 10:30 . 2012-10-20 10:46 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-10-23 10:30 . 2012-07-11 08:30 2695200 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-10-23 10:30 . 2012-02-25 11:17 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-10-23 10:30 . 2011-09-12 01:10 3067560 ----a-w- c:\windows\system32\nvapi64.dll
2013-10-23 10:30 . 2011-09-12 01:10 18286416 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-10-23 08:20 . 2013-03-26 16:14 6669600 ----a-w- c:\windows\system32\nvcpl.dll
2013-10-23 08:20 . 2013-03-26 16:14 3489568 ----a-w- c:\windows\system32\nvsvc64.dll
2013-10-23 08:20 . 2013-03-26 16:14 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-10-23 08:20 . 2013-03-26 16:14 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-10-23 08:20 . 2013-03-26 16:14 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-10-23 08:20 . 2013-03-26 16:14 3426956 ----a-w- c:\windows\system32\nvcoproc.bin
2013-10-22 17:32 . 2013-10-22 17:32 589600 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-10-22 11:08 . 2013-11-10 19:27 3692632 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2013-10-22 07:41 . 2013-11-10 19:27 151256 ----a-w- c:\windows\system32\RCoInstII64.dll
2013-10-22 00:12 . 2013-11-10 19:27 37850112 ----a-w- c:\windows\system32\RCoRes64.dat
2013-10-21 05:01 . 2012-05-09 09:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-21 05:01 . 2012-05-09 09:05 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-21 01:16 . 2013-11-10 19:27 2587352 ----a-w- c:\windows\system32\RtkAPO64.dll
2013-10-18 07:11 . 2013-11-10 19:27 1286360 ----a-w- c:\windows\system32\RTCOM64.dll
2013-10-18 01:36 . 2013-10-30 04:17 1063200 ----a-w- c:\windows\system32\nvspcap64.dll
2013-10-18 01:36 . 2013-10-30 04:17 955168 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-10-15 18:13 . 2013-11-10 19:27 209096 ----a-w- c:\windows\system32\AERTAC64.dll
2013-10-11 03:17 . 2013-11-10 19:27 113576 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
2013-10-11 02:01 . 2013-11-10 19:27 947760 ----a-w- c:\windows\system32\SFSS_APO.dll
2013-10-09 15:47 . 2013-10-09 09:47 17154952 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-10-07 22:20 . 2013-10-19 04:02 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-07 01:35 . 2013-11-10 19:27 2810072 ----a-w- c:\windows\system32\RtPgEx64.dll
2013-10-02 07:40 . 2013-11-10 19:27 617176 ----a-w- c:\windows\system32\RtDataProc64.dll
2013-09-27 23:01 . 2013-10-30 04:16 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-09-27 23:01 . 2013-10-30 04:16 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-09-27 23:01 . 2013-10-30 04:16 28960 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-09-27 01:15 . 2013-09-27 01:15 630632 ----a-w- c:\windows\system32\drivers\iaStorA.sys
2013-09-27 01:15 . 2013-09-27 01:15 28008 ----a-w- c:\windows\system32\drivers\iaStorF.sys
2013-09-26 06:41 . 2013-11-10 19:27 1021656 ----a-w- c:\windows\system32\RtkApi64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-30 12:54 496056 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20587680]
"Steam"="j:\program files (x86)\Steam\steam.exe" [2013-12-11 1823656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-30 202328]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LWS"="h:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"CloantoSoftwareDirector"="c:\program files (x86)\Common Files\Cloanto\Software Director\softdir.exe" [2013-02-01 370512]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-15 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-01 254336]
.
c:\users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 9.1 PE.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe -e "h:\program files (x86)\Panasonic\PHOTOfunSTUDIO 9.1 PE\PHOTOfunSTUDIO.exe" [2013-11-1 160256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 KinoniSvc;Kinoni Service;c:\program files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe;c:\program files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys;c:\windows\SYSNATIVE\DRIVERS\CamDrL64.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EagleX64;EagleX64; [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfDHP2amd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfSBVMamd64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe;c:\program files\Microsoft Fix it Center\Matsvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVLAN60.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 KINONI_Wave;Kinoni Audio Source;c:\windows\system32\drivers\kinonivad.sys;c:\windows\SYSNATIVE\drivers\kinonivad.sys [x]
S3 kinonivd;Kinoni Video Source;c:\windows\system32\DRIVERS\kinonivd.sys;c:\windows\SYSNATIVE\DRIVERS\kinonivd.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\DRIVERS\LGSUsbFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSUsbFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-16 c:\windows\Tasks\ASO-AutoCheckUpdate7Days.job
- c:\program files (x86)\Advanced System Optimizer 3\CheckUpdate.exe [2013-11-09 08:42]
.
2013-12-16 c:\windows\Tasks\ASO-OneClickCare.job
- c:\program files (x86)\Advanced System Optimizer 3\ASO3.exe [2013-11-09 08:41]
.
2013-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000Core.job
- c:\users\Thor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 08:42]
.
2013-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000UA.job
- c:\users\Thor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 08:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-30 12:56 566712 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-08-01 8290584]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-10-18 1063200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-18 13657304]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-10-21 1360600]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-09-27 36352]
"ACPW06EN"="c:\program files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" [2012-12-17 1234120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://battlelog.battlefield.com/bf3/gate/?returnUrl=|bf3|servers|
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Notify-igfxcui - (no file)
Notify-klogon - (no file)
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_«\00\00«\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~«\00\00«\00\00\00\00x\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:0f,8f,26,b6,2d,54,cd,01
.
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60po\UserChoice]
@Denied: (2) (S-1-5-21-2318490905-3519499422-1171420628-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60po"
.
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60pp\UserChoice]
@Denied: (2) (S-1-5-21-2318490905-3519499422-1171420628-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60pp"
.
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60ppf\UserChoice]
@Denied: (2) (S-1-5-21-2318490905-3519499422-1171420628-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60ppf"
.
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-2318490905-3519499422-1171420628-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf"
.
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-2318490905-3519499422-1171420628-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.xmp"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\03\07\05\022?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-19 22:24:15
ComboFix-quarantined-files.txt 2013-12-19 12:54
.
Pre-Run: 42,428,497,920 bytes free
Post-Run: 42,126,573,568 bytes free
.
- - End Of File - - 73DC48DCA9133BB6D8AE4163F4E61311
A36C5E4F47E84449FF07ED3517B43A31
Combofix did not remove much and I dont see Advanced System Protector on the log
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
OTL logfile created on: 19/12/2013 11:32:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thor\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
7.98 Gb Total Physical Memory | 5.70 Gb Available Physical Memory | 71.37% Memory free
15.97 Gb Paging File | 13.42 Gb Available in Paging File | 84.04% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 39.21 Gb Free Space | 35.11% Space Free | Partition Type: NTFS
Drive F: | 878.92 Gb Total Space | 38.02 Gb Free Space | 4.33% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 455.08 Gb Free Space | 24.43% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 435.18 Gb Free Space | 46.72% Space Free | Partition Type: NTFS
Drive L: | 984.09 Gb Total Space | 224.65 Gb Free Space | 22.83% Space Free | Partition Type: NTFS
Computer Name: THOR-PC | User Name: Thor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Thor\Desktop\OTL.exe (OldTimer Tools)
PRC - J:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe ()
PRC - C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe (Cloanto Corporation)
PRC - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - J:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - J:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - J:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlServ#\5660a2e02280885f4fb581688f8157e8\System.Data.SqlServerCe.ni.dll ()
MOD - J:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - J:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - J:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\6c7f57211a988e2f261dff251805e90e\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ec057796972ce41b751eaa3a8306fbcb\System.ServiceModel.Discovery.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dc86fe1c7a6e3a7ce9e9c1f13d9b1e8e\System.ServiceModel.Routing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d09c237ee72af3935f1a01388ef8e315\System.ServiceModel.Channels.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5055b60e339143bbace5871f5fe4b114\System.ServiceModel.Activities.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f42c2acdb000001066c78acfc6cd8655\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ASO3DiskOptimizer) -- C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe (Systweak Software, (www.systweak.com))
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (KinoniSvc) -- C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe ()
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
SRV - (HiPatchService) -- J:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (PanService) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (PinnacleUpdateSvc) -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe (PowerUp Software, LLC)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (CSObjectsSrv) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
SRV - (DES2 Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (LGSUsbFilt) -- C:\Windows\SysNative\drivers\LGSUsbFilt.sys (Logitech Inc.)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (kinonivd) -- C:\Windows\SysNative\drivers\kinonivd.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (KINONI_Wave) -- C:\Windows\SysNative\drivers\kinonivad.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (TEAM) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (CSCrySec) -- C:\Windows\SysNative\drivers\CSCrySec.sys (Infowatch)
DRV:64bit: - (CSVirtualDiskDrv) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys (Infowatch)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (tap0901t) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (VLAN) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTVLANPT) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (CamDrL64) -- C:\Windows\SysNative\drivers\CamDrL64.sys (Logitech Inc.)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://battlelog.battlefield.com/bf3/gate/?returnUrl=|bf3|servers|
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 85 D0 F3 79 6C CC 01 [binary data]
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\..\SearchScopes,DefaultScope = {922E6970-BD05-47bc-AF58-D431E6404A30}
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\..\SearchScopes\{922E6970-BD05-47bc-AF58-D431E6404A30}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://battlelog.battlefield.com/bf3/gate/?returnUrl=|bf3|servers|
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 85 D0 F3 79 6C CC 01 [binary data]
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\..\SearchScopes,DefaultScope = {922E6970-BD05-47bc-AF58-D431E6404A30}
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\..\SearchScopes\{922E6970-BD05-47bc-AF58-D431E6404A30}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: jyboy.yy%40gmail.com:1.0.4
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: greasemonkeybcsf%40stpors.net:0.2.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@mammoth.com.au/BigPondMediaDownloader,version=1.0.0: C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll (Mammoth Media)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thor\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thor\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\mammothmedia.com.au/BigPondMediaDownloaderDetector: C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll (Mammoth Media)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2012/11/01 16:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2012/11/01 16:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2012/11/01 16:25:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/29 15:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/29 15:30:40 | 000,000,000 | ---D | M]
[2011/09/06 19:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Extensions
[2013/11/03 00:27:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions
[2013/05/01 16:50:01 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/06/27 21:36:12 | 000,000,000 | ---D | M] (Greasemonkey Shared Script Folder) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\greasemonkeybcsf@stpors.net
[2012/08/03 05:10:26 | 000,000,000 | ---D | M] (YTshowRating) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\jid1-m7xzZLMj29zzjA@jetpack
[2012/04/24 23:27:17 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\jyboy.yy@gmail.com
[2012/05/17 17:45:26 | 000,000,000 | ---D | M] (Redirector) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\redirector@einaregilsson.com
[2013/03/23 10:06:08 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/10/29 14:00:45 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/03 00:27:19 | 000,282,570 | ---- | M] () (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/10/29 15:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/29 15:30:39 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2013/10/29 15:30:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/29 15:30:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BigPond Media Downloader Detector (Enabled) = C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Thor\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.0_0\
CHR - Extension: DownloadAll = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajffocjdcmpgjmdfdfkdfdbkjafbkcke\2.1.1_0\
CHR - Extension: YouTube = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: FlashBlock = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdngiadmnkhgemkimkhiilgffbjijcie\1.2.11.12_0\
CHR - Extension: Adblock Plus = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7_0\
CHR - Extension: YouTube\u2122 Ratings Preview = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\3.1.1_0\
CHR - Extension: OneTab = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.6_0\
CHR - Extension: Google Search = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\
CHR - Extension: Session Buddy = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.4_0\
CHR - Extension: Youtube Video Downloader = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgdjbcjnihndbfmmggceololenekadg\1.2_0\
CHR - Extension: Virtual Keyboard = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\
CHR - Extension: Chromium Wheel Smooth Scroller = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb\1.3.4_0\
CHR - Extension: Google Wallet = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\
O1 HOSTS File: ([2013/12/19 22:12:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [ACPW06EN] C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe (ACD Systems)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CloantoSoftwareDirector] C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe (Cloanto Corporation)
O4 - HKLM..\Run: [LWS] H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Standby] c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000..\Run: [Steam] J:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011..\Run: [Steam] J:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51AF2091-0927-4023-86DB-142FD3B91A25}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73427270-A448-4497-95DC-8D915CF25F20}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/16 18:31:23 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/12/19 23:31:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thor\Desktop\OTL.exe
[2013/12/19 22:24:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/12/19 22:24:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/12/19 22:04:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/12/19 22:04:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/12/19 22:04:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/12/19 22:03:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/19 22:01:57 | 005,154,906 | R--- | C] (Swearware) -- C:\Users\Thor\Desktop\ComboFix.exe
[2013/12/19 14:29:32 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D896A6DE-27B1-486C-8661-003AD9160B72}
[2013/12/19 02:28:49 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{849A18FE-AF8B-4FF6-846B-DF1D2C3E9BAB}
[2013/12/18 14:28:05 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D0CE82F9-7496-422F-AFE7-FC402F805256}
[2013/12/18 14:14:51 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\ACD Systems
[2013/12/18 14:14:51 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\ACD Systems
[2013/12/18 14:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
[2013/12/18 14:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ACD Systems
[2013/12/18 14:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems
[2013/12/18 14:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2013/12/18 13:47:46 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\FastStone
[2013/12/18 13:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
[2013/12/18 13:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Image Viewer
[2013/12/18 13:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2013/12/18 13:45:59 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
[2013/12/18 13:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/12/18 13:23:42 | 000,000,000 | ---D | C] -- C:\Users\Thor\Documents\ZPS15
[2013/12/18 13:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 15
[2013/12/18 02:27:21 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{17FA845B-4390-45F9-9C53-B3AE303C6BDC}
[2013/12/17 17:44:05 | 000,000,000 | ---D | C] -- C:\Users\Thor\Desktop\adsadsadsadsf
[2013/12/17 14:26:37 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{6F1E42CA-6542-40D4-989F-1D1BCC68FDC2}
[2013/12/17 02:25:31 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{7EFE4767-E25A-479F-90FE-6B8EC2FBA0B9}
[2013/12/16 22:50:09 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\IObit
[2013/12/16 22:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/12/16 22:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
[2013/12/16 22:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/12/16 22:17:22 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\Xenocode
[2013/12/16 14:24:56 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{05D9B1BD-0ABB-4281-8C48-AE7521084C38}
[2013/12/16 02:24:22 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{35D9B639-F1E0-42CF-BD3E-2A9F0DD5A87C}
[2013/12/15 13:18:58 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{CB0FAAFD-BFC6-411C-832D-CD0970224273}
[2013/12/14 13:10:32 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{58B18ED8-1332-4A67-A458-0DEDFBC6D60D}
[2013/12/14 01:04:50 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{29775709-3D35-44AF-9151-708B1E796672}
[2013/12/13 13:04:20 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{A226EA76-B129-4A0C-AE7D-6A51C0ED1E99}
[2013/12/13 12:01:22 | 004,583,424 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2013/12/13 00:26:36 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{98520726-C8CF-46AC-9463-EC3C3400665C}
[2013/12/12 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{4DC0664C-4775-40EE-A99D-A4C4BA0CFAE1}
[2013/12/12 00:25:40 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{767901AF-AF47-4E4E-9B54-8EAA61A36891}
[2013/12/11 12:25:18 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{7C8D0E92-6CB8-4E77-B845-5976A5E4AF5A}
[2013/12/11 00:24:44 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E88792A9-D1D6-40B2-8686-1F0F0C48F005}
[2013/12/10 12:24:09 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{F9DCA46E-C9B9-46F0-8C1A-E75D2B92FC18}
[2013/12/10 00:23:43 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D215823D-FFB8-421B-99A5-016D68B04E70}
[2013/12/09 12:23:09 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{40BCAD90-914B-4D58-8468-B54427F806F9}
[2013/12/09 00:22:35 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{A495DBF5-7F43-4FF7-BD7E-38B001F7B858}
[2013/12/08 23:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3
[2013/12/08 23:24:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.3
[2013/12/08 23:23:45 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\cache
[2013/12/08 23:23:44 | 000,000,000 | ---D | C] -- C:\Users\Thor\Documents\Mobogenie
[2013/12/08 23:23:44 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\Mobogenie
[2013/12/08 23:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2013/12/08 22:45:25 | 000,000,000 | ---D | C] -- C:\Users\Thor\Documents\My Cheat Tables
[2013/12/08 22:42:43 | 000,000,000 | ---D | C] -- C:\Users\Thor\Documents\FLiNGTrainer
[2013/12/08 12:22:00 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{175E7DCA-2C44-4838-B8B3-D6B22D0A5FE8}
[2013/12/07 18:49:56 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{EE83E89D-966E-4BD9-8D0D-5E44346B37EC}
[2013/12/07 06:49:22 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E2E4E388-7322-4AE9-BD3D-CB5B3D1DD7A7}
[2013/12/06 17:32:09 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{EDC693A7-9D62-4FBC-B7DB-864969FB56AF}
[2013/12/06 16:21:19 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\PDF24
[2013/12/06 16:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2013/12/06 05:31:46 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{CEC9543C-9113-4ADE-88D3-E7F878DED8DC}
[2013/12/05 17:31:24 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E4304F79-64ED-41DC-8A0D-1D5F7D169A8D}
[2013/12/05 05:30:50 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{EF8758E8-ECB9-48D1-A1C6-83010D984F9F}
[2013/12/04 17:30:28 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{A42E06A3-CECA-47A1-AB70-C20F4995DA0D}
[2013/12/04 12:43:11 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Thor\Desktop\aswMBR (1).exe
[2013/12/04 12:35:36 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Thor\Desktop\dds.scr
[2013/12/04 12:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/12/04 12:32:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/12/04 06:54:15 | 000,000,000 | ---D | C] -- C:\hijackthis
[2013/12/04 05:29:53 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{AB432236-8B46-4604-9F0C-A7E8A84B67E1}
[2013/12/03 17:29:32 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{B62718D9-4665-4CD9-8013-C0E70091B7A6}
[2013/12/03 05:28:57 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{F53F9816-300E-4A94-BA28-70447A2DBC1E}
[2013/12/02 17:28:23 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{6E7578EC-75AD-4A04-BF3D-E724CBEED224}
[2013/12/02 05:27:46 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{3ADC6853-BA48-4CB6-A2F4-98DCFC3203C9}
[2013/12/01 17:27:24 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D4AF4D06-D8E7-4BB5-A6EE-CBB25B89B34C}
[2013/12/01 05:26:49 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{EDC45451-3EB8-45F7-8987-CCEAEA462EF4}
[2013/11/30 17:26:01 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{73457022-53B1-463B-97DC-15B7484FB346}
[2013/11/30 17:14:26 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\MPC-HC
[2013/11/30 17:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013/11/30 17:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013/11/30 05:25:27 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E9921A5E-AC51-42E1-9AEB-1AAAA11AF817}
[2013/11/29 17:24:53 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{DA3C05D3-61CB-4359-8160-3AA938F1B1D2}
[2013/11/29 05:24:17 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{A4B42952-B061-4C8A-80E9-6FB5A73CC9EA}
[2013/11/28 17:23:43 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{F0331BDD-5A4B-4A3D-B0C5-07E9763A6F23}
[2013/11/28 04:15:01 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{A045844B-BACC-4D46-AECF-44ECEB853DDA}
[2013/11/27 16:14:39 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{9AD0B4FA-71CD-4421-B5D7-350208F28F0D}
[2013/11/27 04:04:29 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{8945C753-1FE8-4C07-9241-4E9A9BC6B685}
[2013/11/26 15:32:07 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{454F3AF2-BAF4-4490-931A-A8DB2A1DE4B9}
[2013/11/25 19:57:53 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{454AC5C1-992C-40DF-9F2F-2D1B159C8076}
[2013/11/25 04:48:17 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{87BCAB07-A8FA-4768-8631-71C9EF63D695}
[2013/11/24 16:31:29 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{38DD516B-B5CC-444B-BECD-7EE74F9197BA}
[2013/11/24 04:30:55 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D4234DD3-C092-48B4-AB82-4A9F8CB388E9}
[2013/11/23 20:32:52 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhoreCraft
[2013/11/23 16:30:20 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D618B4A1-94D4-4348-85A2-6514E168F301}
[2013/11/23 04:29:45 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{569D1019-96E4-4641-B6E6-D7A695F164D5}
[2013/11/22 16:29:23 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{8155AEA8-B1CC-44C0-B49B-FD7892403DB8}
[2013/11/22 03:33:21 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{28474E01-1D0D-4632-86A4-ABDFFD66BC7B}
[2013/11/21 15:32:59 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{2144590C-67FE-4CA1-AE1D-0707156D5923}
[2013/11/21 03:32:24 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{031CA1E0-963A-493D-BEEF-0E60AE20B098}
[2013/11/20 19:21:56 | 000,000,000 | ---D | C] -- C:\Users\Thor\Documents\GOG.com Downloads
[2013/11/20 19:07:57 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\GOG.com
[2013/11/20 15:32:02 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{92484D33-24BB-4421-9020-D94C55872C7B}
[2013/11/20 03:31:28 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{461F93BA-1288-4E9A-8AF6-095365A68195}
========== Files - Modified Within 30 Days ==========
[2013/12/19 23:30:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thor\Desktop\OTL.exe
[2013/12/19 23:13:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000UA.job
[2013/12/19 22:32:12 | 002,027,386 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/19 22:32:12 | 000,664,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/19 22:32:12 | 000,608,354 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013/12/19 22:32:12 | 000,419,460 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2013/12/19 22:32:12 | 000,122,392 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2013/12/19 22:32:12 | 000,122,392 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/19 22:32:12 | 000,111,190 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013/12/19 22:26:17 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013/12/19 22:26:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/19 22:26:14 | 2134,200,319 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/19 22:25:38 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/19 22:25:38 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/19 22:12:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/19 22:01:53 | 005,154,906 | R--- | M] (Swearware) -- C:\Users\Thor\Desktop\ComboFix.exe
[2013/12/19 12:56:55 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2013/12/18 14:14:27 | 000,002,835 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Pro 6 (64-bit).lnk
[2013/12/18 13:47:14 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
[2013/12/16 03:23:09 | 000,006,318 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2013/12/13 13:03:03 | 005,192,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/13 12:01:22 | 004,583,424 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2013/12/12 12:13:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000Core.job
[2013/12/06 16:14:25 | 000,119,438 | ---- | M] () -- C:\Users\Thor\Desktop\ELR_candidate_form-signed.pdf
[2013/12/06 04:51:44 | 000,000,220 | ---- | M] () -- C:\Users\Thor\Desktop\Star Trek Online.url
[2013/12/05 23:32:42 | 000,000,222 | ---- | M] () -- C:\Users\Thor\Desktop\Batman Arkham City GOTY.url
[2013/12/05 15:34:27 | 000,000,222 | ---- | M] () -- C:\Users\Thor\Desktop\Broken Sword 5.url
[2013/12/04 12:53:59 | 000,000,512 | ---- | M] () -- C:\Users\Thor\Desktop\MBR.dat
[2013/12/04 12:42:58 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Thor\Desktop\aswMBR (1).exe
[2013/12/04 12:41:34 | 000,005,257 | ---- | M] () -- C:\Users\Thor\Desktop\attach.zip
[2013/12/04 12:35:28 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Thor\Desktop\dds.scr
[2013/12/04 12:32:49 | 000,001,108 | ---- | M] () -- C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/12/04 12:32:28 | 000,000,909 | ---- | M] () -- C:\Users\Thor\Desktop\ERUNT.lnk
[2013/12/04 06:20:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.original
[2013/12/01 18:56:24 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk
[2013/11/30 19:38:24 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2013/11/30 17:01:17 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\etdrv.sys
[2013/11/29 20:18:05 | 000,002,272 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2013/11/24 14:44:19 | 000,274,869 | ---- | M] () -- C:\Users\Thor\Desktop\ccc.htm
========== Files Created - No Company Name ==========
[2013/12/19 22:04:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/19 22:04:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/19 22:04:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/19 22:04:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/19 22:04:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/12/18 14:14:27 | 000,002,835 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee Pro 6 (64-bit).lnk
[2013/12/18 13:47:14 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
[2013/12/12 14:21:29 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2013/12/06 16:14:25 | 000,119,438 | ---- | C] () -- C:\Users\Thor\Desktop\ELR_candidate_form-signed.pdf
[2013/12/06 04:51:44 | 000,000,220 | ---- | C] () -- C:\Users\Thor\Desktop\Star Trek Online.url
[2013/12/05 23:32:42 | 000,000,222 | ---- | C] () -- C:\Users\Thor\Desktop\Batman Arkham City GOTY.url
[2013/12/05 15:34:27 | 000,000,222 | ---- | C] () -- C:\Users\Thor\Desktop\Broken Sword 5.url
[2013/12/04 12:53:59 | 000,000,512 | ---- | C] () -- C:\Users\Thor\Desktop\MBR.dat
[2013/12/04 12:41:34 | 000,005,257 | ---- | C] () -- C:\Users\Thor\Desktop\attach.zip
[2013/12/04 12:32:49 | 000,001,108 | ---- | C] () -- C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/12/04 12:32:28 | 000,000,909 | ---- | C] () -- C:\Users\Thor\Desktop\ERUNT.lnk
[2013/12/01 18:56:24 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk
[2013/11/30 17:09:39 | 000,256,088 | ---- | C] () -- C:\Windows\SysNative\unrar64.dll
[2013/11/24 14:44:18 | 000,274,869 | ---- | C] () -- C:\Users\Thor\Desktop\ccc.htm
[2013/11/01 22:30:31 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/11/01 22:30:31 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/11/01 22:30:31 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/11/01 22:30:31 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/11/01 22:30:31 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/11/01 22:30:31 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/11/01 22:30:31 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/11/01 22:30:31 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/11/01 22:30:31 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/11/01 22:30:31 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2013/11/01 22:30:31 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/11/01 22:30:31 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/11/01 22:30:31 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/11/01 22:30:31 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/11/01 22:30:31 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/11/01 22:30:31 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2013/11/01 22:30:31 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2013/11/01 22:30:31 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/11/01 22:30:31 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/08/26 06:04:24 | 000,000,008 | RHS- | C] () -- C:\ProgramData\1F764CA33D.sys
[2013/08/11 15:22:56 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-THOR-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
[2013/07/28 18:08:40 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/07/28 18:08:40 | 000,001,892 | ---- | C] () -- C:\Windows\unins000.dat
[2013/04/19 08:08:36 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\Media Player - Codec Pack Disc handler.exe
[2012/11/21 23:39:33 | 000,000,045 | ---- | C] () -- C:\Users\Thor\jagex_cl_speccollect_LIVE.dat
[2012/11/21 23:39:33 | 000,000,001 | ---- | C] () -- C:\Users\Thor\random.dat
[2012/10/21 02:21:05 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/10/21 02:21:05 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2012/10/21 02:21:05 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2012/10/10 17:50:48 | 000,216,072 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/18 13:05:01 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2012/09/16 15:31:11 | 001,239,424 | ---- | C] () -- C:\Users\Thor\P1010012-1.jpg
[2012/09/16 15:22:00 | 004,696,064 | ---- | C] () -- C:\Users\Thor\P1010012.JPG
[2012/09/16 15:22:00 | 004,167,168 | ---- | C] () -- C:\Users\Thor\P1010005.JPG
[2012/08/02 18:23:54 | 000,017,408 | ---- | C] () -- C:\Users\Thor\AppData\Local\WebpageIcons.db
[2012/07/05 01:34:25 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012/05/12 20:07:35 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2012/05/12 20:07:35 | 000,001,651 | ---- | C] () -- C:\Windows\Graffiti5.4.ini
[2012/04/29 00:49:27 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2012/03/07 01:40:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/01/18 16:14:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 16:14:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 16:14:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/12 18:08:03 | 000,000,600 | ---- | C] () -- C:\Users\Thor\AppData\Roaming\winscp.rnd
[2011/11/15 12:43:48 | 000,001,461 | ---- | C] () -- C:\Users\Thor\.recently-used.xbel
[2011/10/22 00:54:27 | 000,005,120 | ---- | C] () -- C:\Users\Thor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/22 00:52:12 | 000,006,318 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/09/20 00:10:11 | 000,000,017 | ---- | C] () -- C:\Users\Thor\AppData\Local\resmon.resmoncfg
========== ZeroAccess Check ==========
[2009/07/14 14:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 22:57:25 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 21:51:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/12/18 14:14:51 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\ACD Systems
[2013/05/10 04:39:10 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Allmyapps
[2012/11/19 01:21:30 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Atari
[2013/11/15 15:12:46 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Audacity
[2013/07/28 16:10:07 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Awesomium
[2013/12/19 21:26:29 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Azureus
[2013/09/12 19:58:12 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Cakewalk
[2011/09/23 04:25:55 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Canon
[2013/05/24 20:41:23 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Cloanto
[2013/07/27 14:17:14 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\com.doubleperfect.ggpo
[2011/12/03 20:47:54 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2011/10/09 15:57:50 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\cYo
[2013/09/13 02:53:29 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\DAEMON Tools Lite
[2013/12/09 18:37:49 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Dropbox
[2012/07/01 06:27:24 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\DVD Catalyst 4
[2012/06/13 02:20:26 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\DVDVideoSoft
[2013/05/22 16:12:36 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Evaer
[2012/09/27 19:30:54 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Fatshark
[2012/12/29 22:00:34 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Games
[2011/11/15 12:43:48 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\gtk-2.0
[2013/12/11 19:45:11 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\HandBrake
[2013/12/16 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\IObit
[2011/09/12 16:36:33 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Leadertech
[2011/12/16 11:55:52 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\LEAPS
[2013/03/28 18:37:59 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\MAGIX
[2012/06/29 22:56:53 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\mkvtoolnix
[2013/11/30 17:14:26 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\MPC-HC
[2013/08/06 09:31:36 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Mumble
[2011/11/09 02:50:26 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Nucleosys
[2013/08/15 22:48:52 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Origin
[2012/06/12 21:33:36 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Pavtube
[2011/12/16 11:47:05 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Pegasys Inc
[2013/06/09 21:59:24 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\PlayClaw3
[2012/10/21 02:24:23 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\PowerUp Software
[2012/05/12 20:08:45 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\proDAD
[2013/03/26 22:46:52 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Publish Providers
[2013/01/28 17:50:53 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\QuickScan
[2013/02/14 07:39:56 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Reincubate
[2012/05/05 18:58:01 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\RenPy
[2011/12/01 20:57:49 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Screaming Bee
[2013/10/23 18:12:46 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\ShiningStar
[2013/12/16 22:57:14 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Sony
[2012/10/19 03:33:17 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Sports Interactive
[2012/03/19 06:09:37 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/12/19 22:26:19 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Systweak
[2013/12/12 14:41:28 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\TeamViewer
[2012/02/10 04:02:01 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\The Creative Assembly
[2012/08/05 06:50:39 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Tropico 3
[2012/12/02 00:26:10 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Tunngle
[2012/05/12 20:03:18 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Ulead Systems
[2013/12/16 22:23:26 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Vphonet
[2011/09/12 10:19:41 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Windows Live Writer
[2012/04/15 00:18:35 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Wondershare Video Converter Ultimate
[2013/12/18 13:23:42 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Zoner
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:�SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:�DocumentSummaryInformation
< End of report >
OTL Extras logfile created on: 19/12/2013 11:32:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thor\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
7.98 Gb Total Physical Memory | 5.70 Gb Available Physical Memory | 71.37% Memory free
15.97 Gb Paging File | 13.42 Gb Available in Paging File | 84.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 39.21 Gb Free Space | 35.11% Space Free | Partition Type: NTFS
Drive F: | 878.92 Gb Total Space | 38.02 Gb Free Space | 4.33% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 455.08 Gb Free Space | 24.43% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 435.18 Gb Free Space | 46.72% Space Free | Partition Type: NTFS
Drive L: | 984.09 Gb Total Space | 224.65 Gb Free Space | 22.83% Space Free | Partition Type: NTFS
Computer Name: THOR-PC | User Name: Thor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 6.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 6.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0296731B-C60F-432B-BDA0-59CCAF7F0B4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{044B4C36-A368-45C8-92B8-D88E67BFB3EB}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{129891D5-FCF5-4DFD-B2E3-06C45CD42069}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{237123B4-3C00-4E12-83A0-D4DAEA61D3CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{252B65FA-7EBA-4C77-BA00-F0DE80101DB9}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{2FC04034-9CC1-4076-83FC-0D9D50DF657D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{453F0B99-D647-4E66-953B-50CF48AF0E71}" = lport=10243 | protocol=6 | dir=in | app=system |
"{47F7C5EB-B1D7-4179-A0D4-A1D7CE82D13C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4992639F-13AF-40A9-8C0D-849FA1F4C5BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E8F577B-213A-496A-86D6-F463E3D5E4E5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4F56542F-A378-4E5B-8544-D969001744CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5000AEE2-6AA0-4656-B7F4-F07C363C5A0A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5014A777-F0F6-4AFC-9A83-14012AB3227B}" = lport=445 | protocol=6 | dir=in | app=system |
"{55C7D750-4F34-4E86-B5F5-94A4A63A1243}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57AEDA44-8624-44C1-88FE-63C4DCBE33FC}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{5B9077EF-C5F9-400B-8CFD-40FA3EBE1ABC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5DEF54FE-B99D-4D70-9C48-E14B1CD05B43}" = rport=445 | protocol=6 | dir=out | app=system |
"{6BFCC6EF-7AC8-4C42-A023-57193B95EC6C}" = rport=139 | protocol=6 | dir=out | app=system |
"{77C9EFA1-C545-4312-9AA9-5FD611767D16}" = lport=138 | protocol=17 | dir=in | app=system |
"{86892FCA-6CEF-4973-AC04-124FD471FD5D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{94B3616B-2102-46F0-8889-274313391E6A}" = lport=137 | protocol=17 | dir=in | app=system |
"{A11AEDD7-5055-40F3-924C-9CC2AC24BE84}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4E6C1B2-D5DD-4364-9C42-C0B4658F0AC1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A80703EC-79A2-4DFA-9204-C22CF096757A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC7BAB00-BB40-4385-A515-40DD0B9E86DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AD0D1D9D-1936-4D3E-BC49-0D5E32710E49}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D04F087D-E070-4FC9-A710-FC3D2C700ECE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{DB3BF7FB-AD5E-45EC-A1B9-28FFD43656D4}" = rport=137 | protocol=17 | dir=out | app=system |
"{FC12B0E8-AD85-4523-B2F1-A33ECDC42349}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03245FD4-CA55-4916-86E6-3DF4D942B500}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{036EA3AD-AFBF-4CE9-B441-5AB69074C53E}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{045EC768-F082-4E94-B6FE-96C8424CFBD8}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{04A896A0-2DB9-44F7-973C-92307693B143}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\gstd - rise of the owlverlord\launcher\gslauncher.exe |
"{04E3E3C6-93FA-4432-98DE-5AC694398FD8}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{05B3CB89-8366-4176-81C1-9EACDCC8EBE8}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\broken sword 5\bs5.exe |
"{07676BF3-7407-45FC-BB63-7A1321BCC22E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{076E050F-9458-466F-AD7B-62436418E3C6}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{0B18E854-905C-42EF-95A8-8B1E8208E7AC}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{0D32E838-426C-4126-A08B-818324A42546}" = protocol=17 | dir=in | app=j:\program files (x86)\tera\tera-launcher.exe |
"{0DF751B2-B4CB-4FF2-BBFC-2520019C90C9}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\launcher.exe |
"{0FC038A8-FAD8-4B0C-AFFB-459ACDC275E9}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{10482388-8B8C-4130-A145-B6242628BDED}" = protocol=17 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\rm.exe |
"{188F91FE-06FF-4D77-9DD4-8D6AF390DE5A}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{1937B7AE-EB23-4FE8-99E3-53663AA378D9}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1C40033E-3AE1-4335-9AE0-82C7189162D4}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\football manager 2014\fm.exe |
"{1C662277-2DB9-4861-8DB2-3616BD873D50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1CF8A7BB-CDCA-4F04-B983-4A5E1515A4DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1D82C45C-9C37-497B-BB32-F264C51308E5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1F169BAF-0F73-4895-B173-7F781911E74C}" = protocol=17 | dir=in | app=j:\program files (x86)\origin\games\dead space 3\deadspace3.exe |
"{205EBF63-516C-483C-9044-944EF792A3DF}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{20E30094-C1D6-41D9-9CA3-1C2BFB3D513E}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{23162F58-E5E6-4677-B2BC-0FD65DA343C1}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\king's bounty - warriors of the north\kbwotn.exe |
"{241E22CB-1680-4B75-9C03-30ACC94F857C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\nation red\nationred.exe |
"{24748187-FCC1-4834-A307-50A83343310C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steam.exe |
"{2506B3A3-9605-4065-8CF1-0A30F61B848B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{250E1F8B-5B17-4C27-9E0D-C8FC55D9D469}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\broken sword 5\bs5.exe |
"{26DFD814-77F8-4CB9-9FE8-03F7F08BFDB1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2975C060-85CA-4C53-8E74-110AAD28CFAA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E977CE4-A6BF-40C2-902B-13BB53E1C3C2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{2FD359A4-3DC1-4D48-9CC6-7EAA83561761}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\broken sword 5\bs5.exe |
"{317C0E9A-5DE6-4536-920A-94B0CB79908D}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strike suit infinity\pc\main\binary\ssz.exe |
"{319DCBD7-63B7-44C6-A32C-6421B1C48A60}" = protocol=6 | dir=in | app=j:\program files (x86)\tera\client\tl.exe |
"{352DFB2C-1CC7-494E-858C-5C5D048AFCB9}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{35DAE44B-9407-42A4-9010-881F41DAFD89}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\restaurant empire 2\re2.exe |
"{36EAE5D0-349B-401F-AC30-12EF75962E00}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{381B6867-9B7C-4485-81D7-7C9DEAB0AA79}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{3B3F55C7-EAD0-4E59-9117-A043DA30C971}" = protocol=6 | dir=in | app=c:\program files (x86)\kinoni\epoccam_and_barcode_drivers\kinonisvc.exe |
"{3E2BA346-9CEB-408E-B804-E2FF9DEF332C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{40C8ABAC-8002-4897-9970-1FF4E116A06B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47D0D9F2-F160-4FA4-8CD2-CE710167B376}" = protocol=6 | dir=in | app=j:\program files (x86)\tera\tera-launcher.exe |
"{489FB914-58C5-4079-9A6A-0E0978BF63D8}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strike suit infinity\pc\main\binary\ssz.exe |
"{4A100514-E23B-4562-818E-4749406BD81F}" = protocol=6 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\ngstudio.exe |
"{4A86390F-4A79-4AF1-9053-039778375323}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{4C435E78-1FE0-43DB-8C0C-BBB4ACCFBF5D}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{4D50782B-F9E6-479A-870D-FA43AEFC7029}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\broken sword 5\bs5.exe |
"{4E746127-C150-4983-9FCF-318D27656183}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5055451F-57E2-4D21-AB7E-414784841D4E}" = protocol=6 | dir=in | app=j:\program files (x86)\origin\games\dead space 3\deadspace3.exe |
"{52D4C3B0-D111-4EB7-9BDC-96629C31CEE3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{542FE241-1D43-47D8-9BAE-65A188AA8826}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{55C9B959-725C-4DF4-97F6-82D989710B56}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe |
"{55DC9091-AAB9-40C0-9583-B8EFCFA8637D}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{57ABCE6F-90A0-4ABE-B30E-A2BF66F5E7C3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5A958567-E70E-4565-BD20-1C7A1A9C0BF8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{5C12C1DA-6CE6-4F79-9F9F-58FDD2225432}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{5C224E4D-E133-421E-AFD1-B6457FD79F57}" = protocol=17 | dir=in | app=c:\users\thor\appdata\roaming\dropbox\bin\dropbox.exe |
"{5FC7AB70-6223-4465-84C9-FCF6C5D645D5}" = protocol=17 | dir=out | app=j:\program files (x86)\tera\client\tl.exe |
"{62578B19-8E16-42DA-8341-C3F58E5CE6C7}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{62D31C75-35B1-49C5-822B-2AAB69B4FC4E}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{655264B9-93EC-425A-9D11-4EF7CD668E65}" = protocol=17 | dir=in | app=j:\program files (x86)\origin\games\battlefield 4\bf4.exe |
"{6946D538-12D8-4BAC-8672-74B43470E660}" = protocol=6 | dir=out | app=j:\program files (x86)\tera\tera-launcher.exe |
"{69650794-1BF5-46B6-9BF1-6E8056CC3410}" = protocol=6 | dir=out | app=j:\program files (x86)\tera\client\tl.exe |
"{6A1329D5-C2FB-41B1-BAF0-0302CA948E61}" = protocol=17 | dir=in | app=j:\program files (x86)\tera\client\tl.exe |
"{6A62BC18-0A3E-495B-B241-7FCB3EFB9A40}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{6AEF5BF8-CFCB-4FDB-8169-22D1024A293E}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{703E78F4-945F-46CE-84BC-8E0A239AA70C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{72998535-CA1D-4D32-9E6F-DE9A600DDC83}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{72A532B7-FFB0-4F10-89AB-51EFF875BB9E}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\football manager 2014\fm.exe |
"{76A21391-F716-4D04-A88E-FD0DE4588B54}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7713605C-C61D-45D2-BBD8-004383972403}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{78AC5D0F-A787-4A6E-9AB1-A0F0D4C4277D}" = protocol=17 | dir=in | app=j:\program files (x86)\diablo iii\diablo iii.exe |
"{79860829-9BB9-48B5-B9E0-A827B8574C52}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\broken sword 5\bs5.exe |
"{79CDA04C-D57D-4831-B8C8-F8437A1CDAC9}" = protocol=17 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\umi.exe |
"{7CDE8E72-E1E8-49E0-8E5A-D14CA6CA12CE}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{7E01A260-B97D-4E0A-A389-B6A91749709E}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{7E78A5E7-5786-4284-A235-FDD546D3E458}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\king's bounty - warriors of the north\kbwotn.exe |
"{80297E6C-4587-4E5E-B520-8115CAF72521}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe |
"{818959BE-457B-4D2E-97DB-0ADC82D3CEFA}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{8671F8B1-2E73-4572-BE5F-FACA1595846F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8A2089F8-05BE-44D9-99A7-D43E9346E96C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{8AA171D3-44A7-4416-9EA4-D8F7179CE37E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8DB0071A-5B11-46FA-B94B-3602FBA11010}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steam.exe |
"{8E6E3D7C-88A1-4175-917C-A250743D8962}" = protocol=17 | dir=in | app=j:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{8F3A03FE-4905-49B3-82B8-89D70C2EE34B}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{95A4EA33-4FF9-4151-9EA1-1B2B8EFA6CD1}" = protocol=17 | dir=out | app=j:\program files (x86)\tera\tera-launcher.exe |
"{98A9BFBD-C7FF-48FC-BDF0-88A0375B6D0D}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{9B8DBA77-69A2-4F03-8714-52238253CB99}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{9F697F68-E618-4154-B16F-7B9F7CDDE1FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0775501-653B-442B-9CCD-B5227A5CA941}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A24FECD2-9E0B-44E7-B0B6-9908083BA2F7}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{A2E48599-7489-4B1E-A4E3-6F6C79EFAEC1}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{A41DA63D-DC4A-41F7-B145-7EF5BF1A2C70}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{A5E78DA6-6AA3-45BD-972F-C250F1E4206A}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\batman arkham city goty\runlauncher.bat |
"{A62F8653-D028-4BD7-90E0-51830654BAE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A695C555-8B9D-4ECF-9944-25C58CDA6DFA}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\restaurant empire 2\re2.exe |
"{AC0AF909-648A-4F96-83B5-05522F82A14F}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{ACF19106-5DA9-402E-A99E-918D4E287E24}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{AD1EBF28-185E-45A7-8F40-63CCBBDF0260}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B06D9B51-FBBC-4DB6-A7FC-43D5C89486ED}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{B0FD172C-E57C-4C77-A071-278255267576}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B1BD8D6F-A9EA-4454-914F-F981B4EAD670}" = protocol=6 | dir=in | app=j:\program files (x86)\origin\games\battlefield 4\bf4.exe |
"{B290171F-DC1D-447E-8672-F356BC5A2FF3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B41AB17A-5E7E-46BE-9ADF-C110CBDA49E6}" = protocol=6 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\umi.exe |
"{B4F1050F-7337-4DCA-8E94-7A063EB61F02}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{B78813FE-AB34-4FE3-A1B7-54E4757B401D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B8FDF449-377C-4466-87AC-2B5CDEE0BD72}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{B96AAF52-D344-426A-B5ED-29F01BD779A6}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\launcher.exe |
"{B98E6E2F-A0C6-4660-8114-D82487F7701C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{BB1572CA-4108-464D-BC27-AD74809A2180}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{BBC5C788-9C10-41BD-A067-4BA53FB67310}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{BC97CF15-F299-4F7F-BDF7-E56417A3C21C}" = protocol=17 | dir=in | app=j:\program files (x86)\origin\games\battlefield 4\bf4_x86.exe |
"{BDE93427-42D0-43EA-8B14-643E82A2CDAB}" = protocol=6 | dir=out | app=c:\program files (x86)\kinoni\epoccam_and_barcode_drivers\kinonisvc.exe |
"{CAC4761A-1CCB-4428-A161-4D51BC362CF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB0C6B7B-C6A6-45F2-B0F6-29D055C0C535}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CBA77A2A-EB6A-4264-8D17-C248CD7536EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCA063FA-28C1-4BD8-8B93-FB92440120DA}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{CD60C295-2234-497B-BB2D-D4E1B633E16F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{CDB66DB9-B85F-43F9-8750-7F8F4608EC80}" = protocol=6 | dir=in | app=j:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{CEC84D4D-711A-47DC-A8DE-BA697F8002F9}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\batman arkham city goty\runlauncher.bat |
"{CFDA5928-6BF5-4F75-A618-81C872A2EE86}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{D005BD1E-A634-4277-AE0E-79D82C6C2759}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe |
"{D135AA02-E72B-42F5-98B5-74F64A11AC7E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D1436489-9AAB-4D34-BA4E-E2FD5C3FB892}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{D1990E46-50C6-4271-A003-5BF4D0090FA1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3870C2B-9B29-4F50-A68A-B1FE5CC09DE9}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\nation red\nationred.exe |
"{D54E983E-ADC7-4EF6-B0DC-73978EC09284}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe |
"{D7B39753-DCA2-440D-AFC7-82358CBAEEBD}" = protocol=6 | dir=in | app=j:\program files (x86)\origin\games\battlefield 4\bf4_x86.exe |
"{D8CF11B1-9637-4FFF-8795-8406A278F179}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{D9A942CB-BCE1-4400-BEFA-DAB844924C0F}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\broken sword 5\bs5.exe |
"{DABAC0C9-7FC3-4AE9-9B88-E6A6043EF8D8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DB560EE7-EF38-4655-B4BC-D6F418EF1C03}" = protocol=6 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\rm.exe |
"{DC0CC9AD-9DF8-4CAB-AEFD-7DB77DF66E1C}" = protocol=6 | dir=in | app=c:\users\thor\appdata\roaming\dropbox\bin\dropbox.exe |
"{DC31E367-6428-4FFB-8860-815DE0C75030}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE1B3A23-43E7-4B53-8A40-CBA3CC325E38}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe |
"{DE7F3CC3-DF12-4F19-AFBF-306C0B047171}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{E0A10353-7349-4CA8-8390-18C3042329BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E40547F5-EFBF-4F1F-B442-4A4A1B91E5CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E46523E4-C0F6-4A06-8397-0970E3A73BCA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9551D78-6AE3-4E79-9F63-F4CF47EE77B4}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{E9824F88-9362-4E4C-8494-CE24B1B10C3C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{E9DA698F-CD94-4FB6-9216-A500E211ADD4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{EA8D0CD7-522B-47D1-935A-280B3BD3244A}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\gstd - rise of the owlverlord\launcher\gslauncher.exe |
"{EC75AA72-5D6E-4FA5-A962-DD36F9DA1EAF}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{EE9573BD-68DF-4ADB-BE09-B82848C3A4CD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F037A718-EE5F-4A91-A7FA-18742D4CBED5}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{F0515D1A-9BB2-48BF-B06D-924628F5CF22}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F0934744-C3CC-45F8-A84F-8AB68C8A9136}" = protocol=6 | dir=out | app=system |
"{F0B2854B-BF50-4F3C-8FD0-104B82BCB620}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{F275DF25-91B5-4F84-BF4E-3E8C54F62E4F}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe |
"{F27F2BF0-5F69-43FA-AAF0-86395EE39C39}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{F2B58789-3568-45D7-B7C7-8252DA89571E}" = protocol=17 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\ngstudio.exe |
"{F86CFE52-910B-4410-A724-F37258E98298}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{FAC03808-A545-4194-A89E-852833B6DDD4}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{FB11F2C7-83EB-4C1B-A48A-01E8C3E914CD}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{FB82B1D4-8768-47F0-81BD-4F38831F063D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FCEFC653-31AF-4186-9761-814EA769D6B1}" = protocol=6 | dir=in | app=j:\program files (x86)\diablo iii\diablo iii.exe |
"{FEBDCC2E-6F90-4761-B216-5CB4FF4BFEA9}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"TCP Query User{0FD82494-D36C-4D57-9FCE-40BEF99ECB44}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{203DB1D8-3FA1-49D8-A49A-6F874444FF81}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"TCP Query User{212B7DE8-DC1A-4F85-B890-3E024E3E727B}F:\backup stuff\ggpo\ggpo.exe" = protocol=6 | dir=in | app=f:\backup stuff\ggpo\ggpo.exe |
"TCP Query User{24237234-F5A8-42ED-9471-20757642CD81}C:\users\thor\desktop\programs\ratiomaster.net.exe" = protocol=6 | dir=in | app=c:\users\thor\desktop\programs\ratiomaster.net.exe |
"TCP Query User{4AF6A521-893D-4589-AC10-AEDF6FB31F92}J:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{4FF81B39-3421-4910-A2C6-4FCF79F03706}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"TCP Query User{56FD6CC0-0E53-49D9-83E8-38BAA1CA4C51}G:\ggpo\ggpofba.exe" = protocol=6 | dir=in | app=g:\ggpo\ggpofba.exe |
"TCP Query User{5759B9AF-A915-4332-AE7C-A87959287A56}C:\program files (x86)\gigabyte\@bios\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gbtupd.exe |
"TCP Query User{71A37ED6-27E3-46B4-8BD3-5D49EEA73BB5}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{8FC7339D-1AC8-4EE4-BBB7-9346BC3B2757}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
"TCP Query User{A5E95334-12D9-47F6-BFE9-17CBD4FA5691}J:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{D328B1FF-69AD-4E70-9FA1-6D00DC452AB7}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
"TCP Query User{DA05FADE-AA11-4BC5-91FD-7E81016DC94D}C:\program files (x86)\gigabyte\@bios\updexe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\updexe.exe |
"TCP Query User{F3F788CA-E462-453B-8FC1-EE13610A73F5}G:\ggpo\ggpo.exe" = protocol=6 | dir=in | app=g:\ggpo\ggpo.exe |
"UDP Query User{066EFEF0-0F4C-4858-82BF-2CBF101DAA1B}F:\backup stuff\ggpo\ggpo.exe" = protocol=17 | dir=in | app=f:\backup stuff\ggpo\ggpo.exe |
"UDP Query User{61146518-AD39-4214-BEBF-489F60192418}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
"UDP Query User{6B5A3915-8275-4091-A2ED-8645CF4501D4}G:\ggpo\ggpo.exe" = protocol=17 | dir=in | app=g:\ggpo\ggpo.exe |
"UDP Query User{6C156A94-D386-4C68-8929-07656956D749}G:\ggpo\ggpofba.exe" = protocol=17 | dir=in | app=g:\ggpo\ggpofba.exe |
"UDP Query User{6FBA7870-5DB8-4DA0-AFAA-7615635B4173}J:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{87E410D1-0860-4FDC-905F-1AAA29F30492}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{90526D14-8FDD-4261-B926-A001CDA3B441}C:\users\thor\desktop\programs\ratiomaster.net.exe" = protocol=17 | dir=in | app=c:\users\thor\desktop\programs\ratiomaster.net.exe |
"UDP Query User{C57D4718-3C39-4C05-86BF-C97286032997}C:\program files (x86)\gigabyte\@bios\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gbtupd.exe |
"UDP Query User{D6A9F9F5-9C94-4CB8-BC31-F74EEA3A3329}J:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{E1DE465B-4DCB-4296-B05D-42510EDC7A14}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{E5DBF925-E051-4DB2-B8A2-F3820BEDD625}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
"UDP Query User{E712E149-E313-4342-BB38-FDAF62F9C671}C:\program files (x86)\gigabyte\@bios\updexe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\updexe.exe |
"UDP Query User{FA1C406C-7376-4EEB-A12E-48B3DFA20394}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{FF959B48-2019-40A1-9221-C2CBE0F7766F}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client
"{190BC83F-D54E-4494-830E-7FB4A5F4B964}" = Local Subtitles for 64-bit WMP
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2599B6F1-92AC-472C-BE60-9F17565E4938}" = PowerDirector
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{2F74F544-9A53-4787-A6B1-0844359040D7}" = MAGIX Speed burnR (MSI)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}_is1" = WinDS PRO 2012.10.2
"{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{6879B3DC-9DEF-4D60-BFF0-C96F2588685D}" = Intel(R) Rapid Storage Technology
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
"{B5CF4CFE-3080-4436-A8A5-00CFDC0F7918}" = MAGIX Video deluxe Premium 2013 Update
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CAF674E0-808C-4CF4-8868-A755EBABA228}" = ACDSee Pro 6
"{D000D1C0-6E80-4FC4-BE4E-A88872C0616F}" = Share64
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D5FE818E-F1C7-44F8-A3C0-C08761906E27}" = Share64
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}" = PowerDirector
"{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}" = MAGIX Movie Edit Pro 2013 Premium
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.144
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.67.1
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"DriverAgent.exe" = DriverAgent by eSupport.com
"Logitech Gaming Software" = Logitech Gaming Software 8.50
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NewBlue Art Effects for PowerDirector" = Newblue Art Effects for PowerDirector
"Recuva" = Recuva
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR archiver
"ZonerPhotoStudio15_EN_is1" = Zoner Photo Studio 15
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{1A1BD41E-9854-4957-8959-F9559A8862A7}" = Corel VideoStudio Ultimate X5
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{02E12A07-1BB9-44D6-A480-4EA42DB9E122}" = Boris Graffiti for Corel
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06ACD0D6-537A-4831-9608-AA74A5795698}" = Fantasy Sound Pack
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DB44859-4112-4946-BE5E-A4275B3FFB5E}" = Furry Voices for Second Life
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA
"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A1BD41E-9854-4957-8959-F9559A8862A7}" = ICA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F8BC72D-14B1-4DCA-BD9E-49D712CF035D}" = C64 Forever
"{20052CA0-FF43-4901-8261-E6DBF0A09ED1}" = Farm Animal Sounds
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216E21F4-0489-4311-92D6-20D1FB950FCE}" = Sci-Fi Voice Pack
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}" = Pinnacle Studio 16
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}" = Update Manager B10.0728.1
"{29C042AB-059B-414C-840E-94775E3F24A8}" = Personality Voices
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336E1A2D-E3EB-4846-B7D0-BD75BBBBC0A4}" = Deep Space Voices
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B11.0512.1
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.6.0
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0630.1
"{45BF4F8E-7BE7-4384-94C6-60AC70C401C6}" = Male Voice Pack
"{48A00644-2D97-43B5-A614-603DECF3E5F6}" = Boris Graffiti for Corel
"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}" = SpyHunter
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B616A3F-43D9-4F0B-9F49-D39342A98592}" = Creatures of Darkness
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{602A1471-063B-4E03-9DCE-0210B914EFF5}" = Translator Fun Voice Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66C70B5F-730F-4C5D-9FC5-8E56D0FE7D53}" = IPM_VS_Pro
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A6F7B28-E178-47AC-8654-A654ADA6C777}" = VSHelp
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{71F8C486-8A13-468E-8B73-06051075556A}" = Female Voice Pack
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79A743FA-FF99-42DF-8C35-BA40EAEA6668}" = Comic Sound Pack
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}" = LUMIX Map Tool
"{8061C2C9-C2A3-4550-A3FC-585B646840CB}" = Fantasy Voice Pack
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8AA4F966-EF4B-44D8-99AA-C4EA93B46863}" = VSClassic
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A1E21995-127E-4B7F-8C4D-CB04AA8A58EF}_is1" = Advanced System Optimizer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BB86DF-EE99-41EB-9446-B4623A725E2A}" = Livestream for Producers
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8887C7B-0BCC-4FBF-BCEB-9BB4D4B14999}" = Setup
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{ABBC8011-1E42-4ADA-9794-574349612CEF}" = iWebcamera
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B0C00181-ECF5-4124-A6DE-14EA663D4799}" = Blue Satin Skin
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C13FE7DE-D34D-48CC-9FA3-8DB9A3621B98}" = PHOTOfunSTUDIO 9.1 PE
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C2A254F4-AC74-482F-8F09-DB2843AC2AAE}_is1" = LoiLoScope Download
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C717B4D4-2EFA-4DC3-8EDB-79543E43666C}" = VSUltimate
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{CA486743-5F44-40D5-A38B-77911FB27579}" = Contents
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D13F2D95-1CE0-4147-846F-89ECB2E9A5CD}" = Sci-Fi Sound Pack
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents
"{D813EF9B-69CF-4996-893C-B400AE7292FA}" = Spooky Sounds
"{D84B7C7E-2E4D-4002-8CA8-EED4EDB333AC}" = MLE
"{D875FFEE-2FCE-4774-902A-749198C00A68}" = PureHD
"{D91802D9-6A42-4563-BC37-B3E2D04DC95B}" = Ancient Weapon Sounds
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share
"{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO
"{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCDC6934-7428-489E-8651-90B53191488B}" = ISCOM
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF3FE308-58F2-45E2-9BB0-6A993794AD5C}" = Galactic Voices
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E7E76513-335F-4995-86CF-A85B77D8D975}" = Sci-Fi 2 Sound Pack
"{EEBEF66A-70FD-4DF6-B173-82D07E61853E}" = Share
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}" = Pinnacle Studio 16 - Install Manager
"{F2979728-5C01-4D39-8974-DBC579C3BD49}" = Usage Agent
"{F38DC282-11BE-45D8-8754-D3D40F3D7FBE}" = Google+ Auto Backup
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FC6DAF3E-52C2-43AD-9C50-810F8943C79E}" = BigPond Media Downloader
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 7_is1" = Advanced SystemCare 7
"Audacity_is1" = Audacity 2.0.3
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.3_is1" = Cheat Engine 6.3
"Cloanto Software Director" = Software Director
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Desura" = Desura
"Diablo III" = Diablo III
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Duplicate Commander" = Duplicate Commander 3.0
"DVD Catalyst" = DVD Catalyst 4.1.5.2
"Dxtory2.0_is1" = Dxtory version 2.0.122
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"Evaer Video Recorder for Skype" = Evaer Video Recorder for Skype 1.3.4.15
"FastStone Image Viewer" = FastStone Image Viewer 4.9
"Fraps" = Fraps (remove only)
"GOGPACKTHEWITCHER2EE_is1" = The Witcher 2 - Assassins of Kings Enhanced Edition
"GoldWave v5.68" = GoldWave v5.68
"HandBrake" = HandBrake 0.9.9.1
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0630.1
"InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"InstallShield_{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}" = LUMIX Map Tool
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"KinoniDrivers" = KinoniDrivers 2.8.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.1.5 Full
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Lightspark" = Lightspark 0.5.3-git
"Logitech Vid" = Logitech Vid HD
"MAGIX_{2F74F544-9A53-4787-A6B1-0844359040D7}" = MAGIX Speed burnR (MSI)
"MAGIX_{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}" = MAGIX Movie Edit Pro 2013 Premium
"MagniDriver" = marvell 91xx driver
"MakeMKV" = MakeMKV v1.8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.1.0.4
"MKVToolNix" = MKVToolNix 5.6.0
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Origin" = Origin
"Picasa 3" = Picasa 3
"proDAD-HeroglyphRoute-4.0" = proDAD Route 4.0
"proDAD-Mercalli-2.0" = proDAD Mercalli 2.0
"proDAD-Vitascene-2.0" = proDAD Vitascene 2.0
"PS3 Media Server" = PS3 Media Server
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"SopCast" = SopCast 3.4.8
"Stardock Central" = Stardock Central
"Steam App 105600" = Terraria
"Steam App 200260" = Batman: Arkham City GOTY
"Steam App 203350" = King's Bounty: Warriors of the North
"Steam App 209540" = Strike Suit Zero
"Steam App 210770" = Sanctum 2
"Steam App 215530" = The Incredible Adventures of Van Helsing
"Steam App 223220" = Giana Sisters: Twisted Dreams
"Steam App 231670" = Football Manager 2014
"Steam App 234160" = Strike Suit Infinity
"Steam App 238960" = Path of Exile
"Steam App 246960" = Giana Sisters: Twisted Dreams - Rise of the Owlverlord
"Steam App 262940" = Broken Sword 5
"Steam App 32900" = Restaurant Empire II
"Steam App 39800" = Nation Red
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 620" = Portal 2
"Steam App 9900" = Star Trek Online
"TeamViewer 9" = TeamViewer 9
"The KMPlayer" = The KMPlayer (remove only)
"TMPGEnc Video Mastering Works" = TMPGEnc Video Mastering Works
"Tunngle beta_is1" = Tunngle beta
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"VLC media player" = VLC media player 2.0.8
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.6
"xvid" = Xvid MPEG-4 Video Codec
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19/12/2013 6:04:55 AM | Computer Name = Thor-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005
Error - 19/12/2013 6:04:55 AM | Computer Name = Thor-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.
Error - 19/12/2013 6:07:05 AM | Computer Name = Thor-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.)
active for over two minutes. This places considerable burden on the network.
Error - 19/12/2013 6:58:28 AM | Computer Name = Thor-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "F:\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 19/12/2013 7:57:31 AM | Computer Name = Thor-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005
Error - 19/12/2013 7:57:31 AM | Computer Name = Thor-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.
Error - 19/12/2013 7:59:46 AM | Computer Name = Thor-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.)
active for over two minutes. This places considerable burden on the network.
Error - 19/12/2013 8:56:19 AM | Computer Name = Thor-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005
Error - 19/12/2013 8:56:19 AM | Computer Name = Thor-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.
Error - 19/12/2013 8:58:34 AM | Computer Name = Thor-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.)
active for over two minutes. This places considerable burden on the network.
[ System Events ]
Error - 19/12/2013 8:39:55 AM | Computer Name = Thor-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.
Error - 19/12/2013 8:42:12 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.
Error - 19/12/2013 8:56:18 AM | Computer Name = Thor-PC | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error - 19/12/2013 8:56:17 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the CryptoStorage
control service service to connect.
Error - 19/12/2013 8:56:17 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7000
Description = The CryptoStorage control service service failed to start due to the
following error: %%1053
Error - 19/12/2013 8:56:17 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Intel(R)
Capability Licensing Service Interface service to connect.
Error - 19/12/2013 8:56:17 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7000
Description = The Intel(R) Capability Licensing Service Interface service failed
to start due to the following error: %%1053
Error - 19/12/2013 8:56:18 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Skype
Updater service to connect.
Error - 19/12/2013 8:57:19 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 19/12/2013 8:57:54 AM | Computer Name = Thor-PC | Source = DCOM | ID = 10010
Description =
< End of report >
And thats the last of the monster files.
Run this quick scan and if dont find that bad program we will look deeper into it
--RogueKiller--
Download & SAVE to your Desktop RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) or from here (http://tigzy.geekstogo.com/Tools/RogueKiller.exe)
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller+
The program finds a few things but then crashes before it can finish scanning. Does it each time.
OK, you will need to download and run the 64 bit version of System Look
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:folderfind
Advanced System Protector
:filefind
Advanced System Protector
:regfind
Advanced System Protector
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
SystemLook 30.07.11 by jpshortstuff
Log created at 01:02 on 20/12/2013 by Thor
Administrator - Elevation successful
========== folderfind ==========
Searching for "Advanced System Protector"
C:\ProgramData\Systweak\Advanced System Protector d------ [12:56 19/12/2013]
C:\Users\All Users\Systweak\Advanced System Protector d------ [12:56 19/12/2013]
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector d------ [12:56 19/12/2013]
========== filefind ==========
Searching for "Advanced System Protector"
No files found.
========== regfind ==========
Searching for "Advanced System Protector"
No data found.
-= EOF =-
After you run this fix and post the log from the fix, open Malwarebytes....check for updates....and then run a new Quick Scan
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
:Services
:Reg
:Files
C:\ProgramData\Systweak\Advanced System Protector
C:\Users\All Users\Systweak\Advanced System Protector
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\ProgramData\Systweak\Advanced System Protector\updates folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector folder moved successfully.
File\Folder C:\Users\All Users\Systweak\Advanced System Protector not found.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Thor\Desktop\cmd.bat deleted successfully.
C:\Users\Thor\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Public
User: Thor
->Java cache emptied: 0 bytes
User: UpdatusUser
User: UpdatusUser.Thor-PC
User: UpdatusUser.Thor-PC.000
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Thor
->Temp folder emptied: 3354456 bytes
->Temporary Internet Files folder emptied: 6753104 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4252737 bytes
->Google Chrome cache emptied: 399598959 bytes
->Flash cache emptied: 723 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: UpdatusUser.Thor-PC
->Temp folder emptied: 0 bytes
User: UpdatusUser.Thor-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54547 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50461 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 395.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12202013_015125
Files\Folders moved on Reboot...
C:\Users\Thor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Thor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6P27UKE\ADSAdClient31[2].htm not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
I'm not sure if you wanted me to post the malwarebytes after the scan but it found a bunch of stuff..
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.19.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thor :: THOR-PC [administrator]
20/12/2013 1:56:20 AM
mbam-log-2013-12-20 (01-56-20).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296251
Time elapsed: 3 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 4
C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
Files Detected: 19
C:\ProgramData\Systweak\Advanced System Protector\signatures\completedatabase.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Cookies.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\DigSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FilePaths.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FileSignature.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Folders.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Md5.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Registry.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\SetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\StrSetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1545completedatabase.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1615mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1616update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1617update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1618update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\Update.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
(end)
Go ahead and reboot run Malwarebytes again, this time open Malwarebytes ...check for updates then close it
Boot to safemode
To Enter Safemode
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
Then in safemode run the quick scan again, reboot back to normal windows and post the log
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.19.08
Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Thor :: THOR-PC [administrator]
20/12/2013 2:40:33 AM
mbam-log-2013-12-20 (02-40-33).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 293516
Time elapsed: 1 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Its bizarrely still loading up.
When we ran Rogue Killer before we may have run the wrong version, this one is for the 64 bit version and what you need, give it another shot
Download & SAVE to your Desktop RogueKiller (http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe) or from here (http://tigzy.geekstogo.com/Tools/RogueKiller.exe)
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller+
Unfortunately still crashing 3/4 into the scan. Only manages to pick up 3 entries before it explodes.
OK, hang on, be right back
Plug this into SystemLook
:regfind
HKEY_LOCAL_MACHINE\SOFTWARE
HKEY_CURRENT_USER\SOFTWARE
SystemLook 30.07.11 by jpshortstuff
Log created at 03:52 on 20/12/2013 by Thor
Administrator - Elevation successful
========== regfind ==========
Searching for "HKEY_LOCAL_MACHINE\SOFTWARE"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\AudioInput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\AudioOutput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\PhoneConverters]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\English"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\Recognizers]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\Recognizers\LanguageDefaults]
"409"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\Voices]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\MS-Anna-1033-20-DSK"
[HKEY_LOCAL_MACHINE\SOFTWARE\ACD Systems\Inventory\ACDSee Pro\6.0]
"RegRoot"="HKEY_LOCAL_MACHINE\SOFTWARE\ACD Systems\ACDSee Pro\60"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSBuild\ToolsVersions\4.0]
"FrameworkSDKRoot"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SDKs\Windows\v7.0A@InstallationFolder)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSBuild\ToolsVersions\4.0]
"SDK40ToolsPath"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SDKs\Windows\v7.0A\WinSDK-NetFx40Tools-x86@InstallationFolder)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSBuild\ToolsVersions\4.0]
"SDK35ToolsPath"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SDKs\Windows\v7.0A\WinSDK-NetFx35Tools-x86@InstallationFolder)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSBuild\ToolsVersions\4.0]
"MSBuildToolsPath32"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSBuild\ToolsVersions\4.0@MSBuildToolsPath)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioInput]
"DefaultDefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput]
"DefaultDefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSBuild\ToolsVersions\4.0]
"FrameworkSDKRoot"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SDKs\Windows\v7.0A@InstallationFolder)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSBuild\ToolsVersions\4.0]
"SDK40ToolsPath"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SDKs\Windows\v7.0A\WinSDK-NetFx40Tools-x86@InstallationFolder)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSBuild\ToolsVersions\4.0]
"SDK35ToolsPath"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SDKs\Windows\v7.0A\WinSDK-NetFx35Tools-x86@InstallationFolder)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSBuild\ToolsVersions\4.0]
"MSBuildToolsPath32"="$(Registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSBuild\ToolsVersions\4.0@MSBuildToolsPath)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Speech\AudioInput]
"DefaultDefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Speech\AudioOutput]
"DefaultDefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2468871]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2473228]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2478663]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2518870]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2533523]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2539636]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2572078]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2600217]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2604121]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2633870]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2656351]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2656368]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Client Profile\KB2656405]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Extended\KB2416472]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2416472"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Extended\KB2468871]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Extended\KB2487367]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Extended\KB2533523]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Extended\KB2600217]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Updates\Microsoft .NET Framework 4 Extended\KB2656351]
"ARPLink"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live\Movie Maker\Post]
"WindowsDVDMaker"="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\dvdmaker.exe"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Speech\AudioOutput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Speech\PhoneConverters]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\English"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Speech\Voices]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\MS-Anna-1033-20-DSK"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\AudioInput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\AudioOutput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\PhoneConverters]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\English"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\Recognizers]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\Recognizers\LanguageDefaults]
"409"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\Voices]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\MS-Anna-1033-20-DSK"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\AudioInput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioInput\TokenEnums\MMAudioIn\"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\AudioOutput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\PhoneConverters]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\English"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\Recognizers]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\Recognizers\LanguageDefaults]
"409"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\Voices]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\MS-Anna-1033-20-DSK"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Speech\AudioOutput]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Speech\PhoneConverters]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\English"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Speech\Voices]
"DefaultTokenId"="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\MS-Anna-1033-20-DSK"
Searching for "HKEY_CURRENT_USER\SOFTWARE"
[HKEY_CURRENT_USER\Software\Microsoft\Speech\RecoProfiles]
"DefaultTokenId"="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\RecoProfiles\Tokens\{2F760B1B-BDD1-4958-A695-480AB58C2B82}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Microsoft Access\Microsoft Access 12.0]
@="HKEY_CURRENT_USER\Software\Microsoft\Office\Access"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Microsoft Excel\Microsoft Excel 12.0]
@="HKEY_CURRENT_USER\Software\Microsoft\Office\Excel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Microsoft Outlook\Microsoft Outlook 12.0]
@="HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Microsoft PowerPoint\Microsoft PowerPoint 12.0]
@="HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Microsoft Publisher\Microsoft Publisher 12.0]
@="HKEY_CURRENT_USER\Software\Microsoft\Office\Publisher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Microsoft Word\Microsoft Word 12.0]
@="HKEY_CURRENT_USER\Software\Microsoft\Office\Word"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared Tools\AddIn Designer\Visual Basic for Applications IDE\6.0]
@="HKEY_CURRENT_USER\Software\Microsoft\VBA\VBE\6.0"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Speech\RecoProfiles]
"DefaultTokenId"="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\RecoProfiles\Tokens\{2F760B1B-BDD1-4958-A695-480AB58C2B82}"
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Speech\RecoProfiles]
"DefaultTokenId"="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\RecoProfiles\Tokens\{2F760B1B-BDD1-4958-A695-480AB58C2B82}"
-= EOF =-
No sign of Advanced System Protector
But lets do this
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
Please download the installer for Registry Backup from here (http://www.bleepingcomputer.com/download/registry-backup/) or here (http://www.tweaking.com/files/setups/tweaking.com_registry_backup_setup.exe) and save to your desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TCRB-1.jpg
Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TBRB-2.jpg
Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.
A tutorial for Registry Backup explaining the various features be viewed here (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325).[/QUOTE]
Then go into Task Manager by pressing Ctrl ...Alt...delete. Look under the process tab and if you see Advanced System Protector running highlight it and end process
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
:Services
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Systweak\Advanced System Protector]
[-HKEY_CURRENT_USER\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup]
[-HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1]
[-HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Systweak\Advanced System Protector]
:Files
C:\ProgramData\Systweak\Advanced System Protector
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector
C:\Program Files(x86)\Advanced System Protector
C:\Program Files\Advanced System Protector
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Systweak\Advanced System Protector\ not found.
Registry key HKEY_CURRENT_USER\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Systweak\Advanced System Protector\ not found.
========== FILES ==========
C:\ProgramData\Systweak\Advanced System Protector\updates folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector folder moved successfully.
File\Folder C:\Program Files(x86)\Advanced System Protector not found.
File\Folder C:\Program Files\Advanced System Protector not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Thor
->Temp folder emptied: 2246893 bytes
->Temporary Internet Files folder emptied: 3357704 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 49946707 bytes
->Flash cache emptied: 709 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: UpdatusUser.Thor-PC
->Temp folder emptied: 0 bytes
User: UpdatusUser.Thor-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 593217 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 54.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12202013_113003
Files\Folders moved on Reboot...
C:\Users\Thor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP0000002A6DF2D536D47A6609 not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Its still happily loading up. One thing I feel the urge to mention is the other day my ISP sent me an email that they detected something from my computer trying to connect to theirs and said I had a virus on it. Kaspersky and all these other programs dont show anything. I dont know if its related to this though.
My pc is starting to act different since that last thing. Any USB device I put in will be picked up but it'll hang for a few minutes before opening. Also opening my browser keeps asking to restore my tabs instead of just open normally, though I'm guessing thats to do with the thing I just did. I'm starting to feel like I should just reformat :)
Well, what we just did should have no effect on your system, as the registry keys where not found and about 3 files where removed that where removed before.
Some times with Malware a good solution is to reformat and reinstall windows as this will guarantee a nice clean and smooth running system.. Lets run a free virus scanner first, also when Advanced System Protector loads can you take a screenshot of it and post in this thread.
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Sca
If ESET doesn't help, try this program and see if it finds Advanced System Protector to uninstall
http://download.cnet.com/Revo-Uninstaller/3000-2096_4-10687648.html
After a gruelling 4 hour scan lol EST didnt find anything. And Revo I had played previously too. It doesnt list the program sadly. It seems the only 2 programs that can find it are malwarebytes and spybot, and both cant do anything useful.
Hi,
Try running CCLeaner
https://www.piriform.com/ccleaner
I haven't used this program in awhile and dont have it on my system but if I remember correctly it has an option to clean left over entries from uninstalls and it may find ASP. It also has a registry cleaner, you may want to try running that , read the help files because if it causes issues cleaning your registry there is a restore option.
In the meantime I am going to look deeper into this, its really challenging, something on your system is restoring the entries we are removing. I am going to ask someone else to take a peak and see what where or I am missing
Cleaned through and also did the registry option as well. It still keeps coming back. I'm in the middle of grabbing a bunch of programs in readiness of a system format lol. I'll wait to see if you can figure out the issue just so this can be used as helpful information next time a problem like mine pops up.
Look in Programs and Features in your Control Panel, do you see RegCleanPro ?
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
:Services
:Reg
:Files
C:\Users\Thor\AppData\Roaming\Systweak
C:\ProgramData\Systweak
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Thor\AppData\Roaming\Systweak\ASO3\Registry Optimizer folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\ASO3\Registry Cleaner folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\ASO3\Partial Backups folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\ASO3\Driver Updater\Download folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\ASO3\Driver Updater\Backup folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\ASO3\Driver Updater folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\ASO3\Checking for Updates\AppUpdates folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\ASO3\Checking for Updates folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\ASO3 folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector folder moved successfully.
C:\Users\Thor\AppData\Roaming\Systweak folder moved successfully.
C:\ProgramData\Systweak\ASO3 folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector folder moved successfully.
C:\ProgramData\Systweak folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Thor
->Temp folder emptied: 8882180 bytes
->Temporary Internet Files folder emptied: 1580216 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 172422872 bytes
->Flash cache emptied: 709 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: UpdatusUser.Thor-PC
->Temp folder emptied: 0 bytes
User: UpdatusUser.Thor-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2360073 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 177.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12202013_203717
Files\Folders moved on Reboot...
C:\Users\Thor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Thor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\687B4KWG\ADSAdClient31[1].htm moved successfully.
C:\Users\Thor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\687B4KWG\ADSAdClient31[3].htm moved successfully.
C:\Users\Thor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\687B4KWG\ADSAdClient31[4].htm moved successfully.
C:\Users\Thor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\687B4KWG\ADSAdClient31[5].htm moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
I dont see regcleanPro in my programs. System reboot, protector still loads up.
What about MyPC Backup in Programs and Features
Click on Start > Right Click on All Programs > Click on Open or Open All Users > Click on Programs > Startup ....do you see Advanced System Protector in there, if so delete it
Nothing in there unfortunately.
OK, just hang in, I am out of ideas, need another set of eyes to look this over, thanks for sticking with me on this, be back as soon as I have more info
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.
C:\Windows\System32\roboot64.exe <--This file
If the site is busy you can try this one
http://virusscan.jotti.org/en
Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.
Download Malwarebytes Anti-Rootkit from Here (http://downloads.malwarebytes.org/file/mbar)
Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your desktop.
(You need the 64Bit Version)
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
For whatever reason I cant seem to find a roboot64.exe on my system. Also the malware came up with nothing after the scan.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013 02
Ran by Thor (administrator) on THOR-PC on 21-12-2013 04:12:03
Running from C:\Users\Thor\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(Hi-Rez Studios) J:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) J:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(drahtwerk) C:\Program Files (x86)\drahtwerk\iWebcamera\iWebcameraApp.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
(Logitech Inc.) H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Cloanto Corporation) C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
(Google Inc.) C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-02] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1360600 2013-10-21] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-09-27] (Intel Corporation)
HKLM\...\Run: [ACPW06EN] - C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1234120 2012-12-17] (ACD Systems)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-18] (DT Soft Ltd)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20587680 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - J:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-12] (Valve Corporation)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Standby] - C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2010-01-07] (Corel)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328 2012-08-30] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] - H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [CloantoSoftwareDirector] - C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe [370512 2013-02-02] (Cloanto Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://battlelog.battlefield.com/bf3/gate/?returnUrl=|bf3|servers|
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE285D0F3796CCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default
FF user.js: detected! => C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @mammoth.com.au/BigPondMediaDownloader,version=1.0.0 - C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll (Mammoth Media)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Thor\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Thor\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: mammothmedia.com.au/BigPondMediaDownloaderDetector - C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll (Mammoth Media)
FF Extension: Greasemonkey Shared Script Folder - C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\Extensions\greasemonkeybcsf@stpors.net
FF Extension: YTshowRating - C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\Extensions\jid1-m7xzZLMj29zzjA@jetpack
FF Extension: gTranslator - C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\Extensions\jyboy.yy@gmail.com
FF Extension: Redirector - C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\Extensions\redirector@einaregilsson.com
FF Extension: Flashblock - C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: Easy YouTube Video Downloader - C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: Adblock Plus - C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Greasemonkey - C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.com.au
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Users\Thor\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Thor\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Thor\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BigPond Media Downloader Detector) - C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll (Mammoth Media)
CHR Plugin: (Google Update) - C:\Users\Thor\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Magic Actions for YouTube\u2122) - C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.0_0
CHR Extension: (Save as) - C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajffocjdcmpgjmdfdfkdfdbkjafbkcke\2.1.1_0
CHR Extension: (YouTube) - C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (FlashBlock) - C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdngiadmnkhgemkimkhiilgffbjijcie\1.2.11.12_0
CHR Extension: (Adblock Plus) - C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0
CHR Extension: (YouTube\u2122 Ratings Preview) - C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\3.1.1.1_0
CHR Extension: (OneTab) - C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.6_0
CHR Extension: (Google Search) - C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0
CHR Extension: (Session Buddy) - C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.4_0
CHR Extension: (Youtube Video Downloader) - C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgdjbcjnihndbfmmggceololenekadg\1.2_0
CHR Extension: (Virtual Keyboard) - C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb\1.3.4_0
CHR Extension: (Google Wallet) - C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Anti-Banner) - C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ChromeExt\ab.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ASO3DiskOptimizer; C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [264488 2013-09-05] (Systweak Software, (www.systweak.com))
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [202328 2012-08-30] (Kaspersky Lab ZAO)
S2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [743992 2009-12-21] (Infowatch)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R2 HiPatchService; J:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2012-06-26] (Hi-Rez Studios)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation)
R2 KinoniSvc; C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [525312 2013-02-27] ()
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625816 2012-06-22] (Pandora.TV)
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-29] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWow64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [745368 2012-11-26] (Tunngle.net GmbH)
==================== Drivers (Whitelisted) ====================
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-22] (DT Soft Ltd)
S3 EagleX64; No ImagePath
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-11-30] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-09-27] (Intel Corporation)
R3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2013-02-27] (Windows (R) Win 7 DDK provider)
R3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2013-02-27] (Windows (R) Win 7 DDK provider)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458032 2011-10-20] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [13616 2011-10-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [636760 2012-11-01] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-31] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-31] (Logitech Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [24064 2007-12-03] (Windows (R) Codename Longhorn DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-21 04:12 - 2013-12-21 04:12 - 00029392 _____ C:\Users\Thor\Desktop\FRST.txt
2013-12-21 04:11 - 2013-12-21 04:11 - 02193141 _____ (Farbar) C:\Users\Thor\Desktop\FRST64.exe
2013-12-21 04:11 - 2013-12-21 04:11 - 00000000 ____D C:\FRST
2013-12-21 04:04 - 2013-12-21 04:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-21 04:04 - 2013-12-21 04:04 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-21 04:00 - 2013-12-21 04:10 - 00000000 ____D C:\Users\Thor\Desktop\mbar
2013-12-21 04:00 - 2013-12-21 04:00 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-21 04:00 - 2013-12-21 03:59 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Thor\Desktop\mbar-1.07.0.1008.exe
2013-12-21 02:31 - 2013-12-21 02:32 - 00000000 ____D C:\Users\Thor\AppData\Local\{CBB65506-5BBC-4ABC-91A1-AEAACE9CE046}
2013-12-20 20:38 - 2013-12-20 20:38 - 00000492 _____ C:\Windows\PFRO.log
2013-12-20 20:38 - 2013-12-20 20:38 - 00000000 ____D C:\Users\Thor\AppData\Roaming\Systweak
2013-12-20 20:38 - 2013-12-20 20:38 - 00000000 ____D C:\ProgramData\Systweak
2013-12-20 19:45 - 2013-12-20 20:39 - 00000336 _____ C:\Windows\setupact.log
2013-12-20 19:45 - 2013-12-20 19:45 - 00000000 _____ C:\Windows\setuperr.log
2013-12-20 14:31 - 2013-12-20 14:31 - 00000000 ____D C:\Users\Thor\AppData\Local\{B6003203-FA2A-4357-8401-28D131955D34}
2013-12-20 11:28 - 2013-12-20 11:28 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2013-12-20 03:13 - 2013-12-20 03:10 - 04359168 _____ C:\Users\Thor\Desktop\RogueKillerX64.exe
2013-12-20 02:31 - 2013-08-06 02:05 - 00001113 _____ C:\Users\Thor\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-20 02:30 - 2013-12-20 02:30 - 00000000 ____D C:\Users\Thor\AppData\Local\{84383498-766C-4D70-9D43-0DF3B99CB927}
2013-12-20 01:51 - 2013-12-20 01:51 - 00000000 ____D C:\_OTL
2013-12-20 01:02 - 2013-12-20 03:53 - 00027402 _____ C:\Users\Thor\Desktop\SystemLook.txt
2013-12-20 01:01 - 2013-12-20 01:01 - 00165376 _____ C:\Users\Thor\Desktop\SystemLook_x64.exe
2013-12-20 00:18 - 2013-12-20 03:15 - 00000000 ____D C:\Users\Thor\Desktop\RK_Quarantine
2013-12-19 23:37 - 2013-12-19 23:37 - 00151042 _____ C:\Users\Thor\Desktop\Extras.Txt
2013-12-19 23:36 - 2013-12-19 23:36 - 00155878 _____ C:\Users\Thor\Desktop\OTL.Txt
2013-12-19 23:31 - 2013-12-19 23:30 - 00602112 _____ (OldTimer Tools) C:\Users\Thor\Desktop\OTL.exe
2013-12-19 22:25 - 2013-12-19 22:25 - 00038866 _____ C:\Users\Thor\Desktop\combofix.txt
2013-12-19 22:24 - 2013-12-19 22:24 - 00038866 _____ C:\ComboFix.txt
2013-12-19 22:04 - 2011-06-26 16:15 - 00256000 _____ C:\Windows\PEV.exe
2013-12-19 22:04 - 2010-11-08 02:50 - 00208896 _____ C:\Windows\MBR.exe
2013-12-19 22:04 - 2009-04-20 14:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-19 22:04 - 2000-08-31 09:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-19 22:04 - 2000-08-31 09:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-19 22:04 - 2000-08-31 09:30 - 00098816 _____ C:\Windows\sed.exe
2013-12-19 22:04 - 2000-08-31 09:30 - 00080412 _____ C:\Windows\grep.exe
2013-12-19 22:04 - 2000-08-31 09:30 - 00068096 _____ C:\Windows\zip.exe
2013-12-19 22:03 - 2013-12-19 22:24 - 00000000 ____D C:\Qoobox
2013-12-19 22:01 - 2013-12-19 22:01 - 05154906 ____R (Swearware) C:\Users\Thor\Desktop\ComboFix.exe
2013-12-19 14:29 - 2013-12-19 14:29 - 00000000 ____D C:\Users\Thor\AppData\Local\{D896A6DE-27B1-486C-8661-003AD9160B72}
2013-12-19 02:28 - 2013-12-19 02:29 - 00000000 ____D C:\Users\Thor\AppData\Local\{849A18FE-AF8B-4FF6-846B-DF1D2C3E9BAB}
2013-12-18 14:28 - 2013-12-18 14:28 - 00000000 ____D C:\Users\Thor\AppData\Local\{D0CE82F9-7496-422F-AFE7-FC402F805256}
2013-12-18 14:14 - 2013-12-20 22:59 - 00000000 ____D C:\Users\Thor\AppData\Local\ACD Systems
2013-12-18 14:14 - 2013-12-18 14:14 - 00002835 _____ C:\Users\Public\Desktop\ACDSee Pro 6 (64-bit).lnk
2013-12-18 14:14 - 2013-12-18 14:14 - 00000000 ____D C:\Users\Thor\AppData\Roaming\ACD Systems
2013-12-18 14:14 - 2013-12-18 14:14 - 00000000 ____D C:\ProgramData\ACD Systems
2013-12-18 14:14 - 2013-12-18 14:14 - 00000000 ____D C:\Program Files\Common Files\ACD Systems
2013-12-18 14:14 - 2013-12-18 14:14 - 00000000 ____D C:\Program Files\ACD Systems
2013-12-18 14:11 - 2013-12-18 14:11 - 00000057 _____ C:\Windows\system32\Drivers\etc\hosts.txt
2013-12-18 13:47 - 2013-12-18 13:47 - 00001109 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk
2013-12-18 13:47 - 2013-12-18 13:47 - 00000000 ____D C:\Users\Thor\AppData\Roaming\FastStone
2013-12-18 13:47 - 2013-12-18 13:47 - 00000000 ____D C:\Program Files (x86)\FastStone Image Viewer
2013-12-18 13:45 - 2013-12-18 13:45 - 00000000 ____D C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2013-12-18 13:45 - 2013-12-18 13:45 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-18 13:23 - 2013-12-18 13:23 - 00000000 ____D C:\Users\Thor\Documents\ZPS15
2013-12-18 02:27 - 2013-12-18 02:27 - 00000000 ____D C:\Users\Thor\AppData\Local\{17FA845B-4390-45F9-9C53-B3AE303C6BDC}
2013-12-17 17:44 - 2013-12-21 04:03 - 00000000 ____D C:\Users\Thor\Desktop\adsadsadsadsf
2013-12-17 14:26 - 2013-12-17 14:26 - 00000000 ____D C:\Users\Thor\AppData\Local\{6F1E42CA-6542-40D4-989F-1D1BCC68FDC2}
2013-12-17 02:25 - 2013-12-17 02:25 - 00000000 ____D C:\Users\Thor\AppData\Local\{7EFE4767-E25A-479F-90FE-6B8EC2FBA0B9}
2013-12-16 22:50 - 2013-12-16 22:50 - 00002848 _____ C:\Windows\System32\Tasks\ASC7_SkipUac_Thor
2013-12-16 22:50 - 2013-12-16 22:50 - 00000000 ____D C:\Users\Thor\AppData\Roaming\IObit
2013-12-16 22:50 - 2013-12-16 22:50 - 00000000 ____D C:\ProgramData\IObit
2013-12-16 22:49 - 2013-12-16 22:49 - 00000000 ____D C:\Program Files (x86)\IObit
2013-12-16 22:17 - 2013-12-16 22:17 - 00000000 ____D C:\Users\Thor\AppData\Local\Xenocode
2013-12-16 14:24 - 2013-12-16 14:25 - 00000000 ____D C:\Users\Thor\AppData\Local\{05D9B1BD-0ABB-4281-8C48-AE7521084C38}
2013-12-16 02:24 - 2013-12-16 02:24 - 00000000 ____D C:\Users\Thor\AppData\Local\{35D9B639-F1E0-42CF-BD3E-2A9F0DD5A87C}
2013-12-15 13:18 - 2013-12-15 13:19 - 00000000 ____D C:\Users\Thor\AppData\Local\{CB0FAAFD-BFC6-411C-832D-CD0970224273}
2013-12-14 13:10 - 2013-12-14 13:11 - 00000000 ____D C:\Users\Thor\AppData\Local\{58B18ED8-1332-4A67-A458-0DEDFBC6D60D}
2013-12-14 01:04 - 2013-12-14 01:05 - 00000000 ____D C:\Users\Thor\AppData\Local\{29775709-3D35-44AF-9151-708B1E796672}
2013-12-13 13:04 - 2013-12-13 13:04 - 00000000 ____D C:\Users\Thor\AppData\Local\{A226EA76-B129-4A0C-AE7D-6A51C0ED1E99}
2013-12-13 12:01 - 2013-12-13 12:01 - 04583424 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2013-12-13 00:26 - 2013-12-13 00:26 - 00000000 ____D C:\Users\Thor\AppData\Local\{98520726-C8CF-46AC-9463-EC3C3400665C}
2013-12-12 12:26 - 2013-12-12 12:26 - 00000000 ____D C:\Users\Thor\AppData\Local\{4DC0664C-4775-40EE-A99D-A4C4BA0CFAE1}
2013-12-12 00:25 - 2013-12-12 00:26 - 00000000 ____D C:\Users\Thor\AppData\Local\{767901AF-AF47-4E4E-9B54-8EAA61A36891}
2013-12-11 12:25 - 2013-12-11 12:25 - 00000000 ____D C:\Users\Thor\AppData\Local\{7C8D0E92-6CB8-4E77-B845-5976A5E4AF5A}
2013-12-11 00:24 - 2013-12-11 00:25 - 00000000 ____D C:\Users\Thor\AppData\Local\{E88792A9-D1D6-40B2-8686-1F0F0C48F005}
2013-12-10 12:24 - 2013-12-10 12:24 - 00000000 ____D C:\Users\Thor\AppData\Local\{F9DCA46E-C9B9-46F0-8C1A-E75D2B92FC18}
2013-12-10 00:23 - 2013-12-10 00:23 - 00000000 ____D C:\Users\Thor\AppData\Local\{D215823D-FFB8-421B-99A5-016D68B04E70}
2013-12-09 12:23 - 2013-12-09 12:23 - 00000000 ____D C:\Users\Thor\AppData\Local\{40BCAD90-914B-4D58-8468-B54427F806F9}
2013-12-09 00:22 - 2013-12-09 00:22 - 00000000 ____D C:\Users\Thor\AppData\Local\{A495DBF5-7F43-4FF7-BD7E-38B001F7B858}
2013-12-08 23:24 - 2013-12-08 23:24 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3
2013-12-08 23:23 - 2013-12-08 23:31 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-08 23:23 - 2013-12-08 23:24 - 00000000 ____D C:\Users\Thor\AppData\Local\Mobogenie
2013-12-08 23:23 - 2013-12-08 23:23 - 00000000 ____D C:\Users\Thor\Documents\Mobogenie
2013-12-08 23:23 - 2013-12-08 23:23 - 00000000 ____D C:\Users\Thor\AppData\Local\cache
2013-12-08 23:23 - 2013-12-08 23:23 - 00000000 _____ C:\Users\Thor\daemonprocess.txt
2013-12-08 22:45 - 2013-12-08 22:45 - 00000000 ____D C:\Users\Thor\Documents\My Cheat Tables
2013-12-08 22:42 - 2013-12-08 22:42 - 00000000 ____D C:\Users\Thor\Documents\FLiNGTrainer
2013-12-08 12:22 - 2013-12-08 12:22 - 00000000 ____D C:\Users\Thor\AppData\Local\{175E7DCA-2C44-4838-B8B3-D6B22D0A5FE8}
2013-12-07 18:49 - 2013-12-07 18:50 - 00000000 ____D C:\Users\Thor\AppData\Local\{EE83E89D-966E-4BD9-8D0D-5E44346B37EC}
2013-12-07 06:49 - 2013-12-07 06:49 - 00000000 ____D C:\Users\Thor\AppData\Local\{E2E4E388-7322-4AE9-BD3D-CB5B3D1DD7A7}
2013-12-06 17:32 - 2013-12-06 17:32 - 00000000 ____D C:\Users\Thor\AppData\Local\{EDC693A7-9D62-4FBC-B7DB-864969FB56AF}
2013-12-06 16:21 - 2013-12-06 16:23 - 00000000 ____D C:\Program Files (x86)\PDF24
2013-12-06 16:21 - 2013-12-06 16:21 - 00000000 ____D C:\Users\Thor\AppData\Local\PDF24
2013-12-06 05:31 - 2013-12-06 05:31 - 00000000 ____D C:\Users\Thor\AppData\Local\{CEC9543C-9113-4ADE-88D3-E7F878DED8DC}
2013-12-06 04:51 - 2013-12-06 04:51 - 00000220 _____ C:\Users\Thor\Desktop\Star Trek Online.url
2013-12-05 23:32 - 2013-12-05 23:32 - 00000222 _____ C:\Users\Thor\Desktop\Batman Arkham City GOTY.url
2013-12-05 17:31 - 2013-12-05 17:31 - 00000000 ____D C:\Users\Thor\AppData\Local\{E4304F79-64ED-41DC-8A0D-1D5F7D169A8D}
2013-12-05 15:34 - 2013-12-05 15:34 - 00000222 _____ C:\Users\Thor\Desktop\Broken Sword 5.url
2013-12-05 05:30 - 2013-12-05 05:31 - 00000000 ____D C:\Users\Thor\AppData\Local\{EF8758E8-ECB9-48D1-A1C6-83010D984F9F}
2013-12-04 17:30 - 2013-12-04 17:30 - 00000000 ____D C:\Users\Thor\AppData\Local\{A42E06A3-CECA-47A1-AB70-C20F4995DA0D}
2013-12-04 12:53 - 2013-12-04 12:53 - 00002414 _____ C:\Users\Thor\Desktop\aswMBR.txt
2013-12-04 12:53 - 2013-12-04 12:53 - 00000512 _____ C:\Users\Thor\Desktop\MBR.dat
2013-12-04 12:43 - 2013-12-04 12:42 - 04745728 _____ (AVAST Software) C:\Users\Thor\Desktop\aswMBR (1).exe
2013-12-04 12:41 - 2013-12-04 12:41 - 00005257 _____ C:\Users\Thor\Desktop\attach.zip
2013-12-04 12:36 - 2013-12-04 12:36 - 00035388 _____ C:\Users\Thor\Desktop\dds.txt
2013-12-04 12:36 - 2013-12-04 12:36 - 00015596 _____ C:\Users\Thor\Desktop\attach.txt
2013-12-04 12:35 - 2013-12-04 12:35 - 00688992 ____R (Swearware) C:\Users\Thor\Desktop\dds.scr
2013-12-04 12:32 - 2013-12-04 12:32 - 00000909 _____ C:\Users\UpdatusUser.Thor-PC.000\Desktop\ERUNT.lnk
2013-12-04 12:32 - 2013-12-04 12:32 - 00000909 _____ C:\Users\Thor\Desktop\ERUNT.lnk
2013-12-04 12:32 - 2013-12-04 12:32 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-12-04 06:54 - 2013-12-16 15:24 - 00000000 ____D C:\hijackthis
2013-12-04 05:29 - 2013-12-04 05:30 - 00000000 ____D C:\Users\Thor\AppData\Local\{AB432236-8B46-4604-9F0C-A7E8A84B67E1}
2013-12-03 17:29 - 2013-12-03 17:29 - 00000000 ____D C:\Users\Thor\AppData\Local\{B62718D9-4665-4CD9-8013-C0E70091B7A6}
2013-12-03 05:28 - 2013-12-03 05:29 - 00000000 ____D C:\Users\Thor\AppData\Local\{F53F9816-300E-4A94-BA28-70447A2DBC1E}
2013-12-02 17:28 - 2013-12-02 17:28 - 00000000 ____D C:\Users\Thor\AppData\Local\{6E7578EC-75AD-4A04-BF3D-E724CBEED224}
2013-12-02 05:27 - 2013-12-02 05:28 - 00000000 ____D C:\Users\Thor\AppData\Local\{3ADC6853-BA48-4CB6-A2F4-98DCFC3203C9}
2013-12-01 18:56 - 2013-12-01 18:56 - 00000893 _____ C:\Users\Public\Desktop\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk
2013-12-01 17:27 - 2013-12-01 17:27 - 00000000 ____D C:\Users\Thor\AppData\Local\{D4AF4D06-D8E7-4BB5-A6EE-CBB25B89B34C}
2013-12-01 05:26 - 2013-12-01 05:27 - 00000000 ____D C:\Users\Thor\AppData\Local\{EDC45451-3EB8-45F7-8987-CCEAEA462EF4}
2013-11-30 17:26 - 2013-11-30 17:26 - 00000000 ____D C:\Users\Thor\AppData\Local\{73457022-53B1-463B-97DC-15B7484FB346}
2013-11-30 17:14 - 2013-11-30 17:14 - 00000000 ____D C:\Users\Thor\AppData\Roaming\MPC-HC
2013-11-30 17:09 - 2013-11-30 17:09 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2013-11-30 17:09 - 2013-08-23 03:39 - 00256088 _____ C:\Windows\system32\unrar64.dll
2013-11-30 05:25 - 2013-11-30 05:25 - 00000000 ____D C:\Users\Thor\AppData\Local\{E9921A5E-AC51-42E1-9AEB-1AAAA11AF817}
2013-11-29 19:11 - 2013-12-20 20:39 - 00003108 _____ C:\Windows\System32\Tasks\ASO-System Protector_startup
2013-11-29 17:24 - 2013-11-29 17:25 - 00000000 ____D C:\Users\Thor\AppData\Local\{DA3C05D3-61CB-4359-8160-3AA938F1B1D2}
2013-11-29 05:24 - 2013-11-29 05:24 - 00000000 ____D C:\Users\Thor\AppData\Local\{A4B42952-B061-4C8A-80E9-6FB5A73CC9EA}
2013-11-28 17:23 - 2013-11-28 17:24 - 00000000 ____D C:\Users\Thor\AppData\Local\{F0331BDD-5A4B-4A3D-B0C5-07E9763A6F23}
2013-11-28 04:15 - 2013-11-28 04:15 - 00000000 ____D C:\Users\Thor\AppData\Local\{A045844B-BACC-4D46-AECF-44ECEB853DDA}
2013-11-27 16:14 - 2013-11-27 16:15 - 00000000 ____D C:\Users\Thor\AppData\Local\{9AD0B4FA-71CD-4421-B5D7-350208F28F0D}
2013-11-27 04:04 - 2013-11-27 04:04 - 00000000 ____D C:\Users\Thor\AppData\Local\{8945C753-1FE8-4C07-9241-4E9A9BC6B685}
2013-11-26 15:32 - 2013-11-26 15:32 - 00000000 ____D C:\Users\Thor\AppData\Local\{454F3AF2-BAF4-4490-931A-A8DB2A1DE4B9}
2013-11-25 19:57 - 2013-11-25 19:58 - 00000000 ____D C:\Users\Thor\AppData\Local\{454AC5C1-992C-40DF-9F2F-2D1B159C8076}
2013-11-25 04:48 - 2013-11-25 04:48 - 00000000 ____D C:\Users\Thor\AppData\Local\{87BCAB07-A8FA-4768-8631-71C9EF63D695}
2013-11-24 16:31 - 2013-11-24 16:31 - 00000000 ____D C:\Users\Thor\AppData\Local\{38DD516B-B5CC-444B-BECD-7EE74F9197BA}
2013-11-24 14:44 - 2013-11-24 14:44 - 00274869 _____ C:\Users\Thor\Desktop\ccc.htm
2013-11-24 04:30 - 2013-11-24 04:31 - 00000000 ____D C:\Users\Thor\AppData\Local\{D4234DD3-C092-48B4-AB82-4A9F8CB388E9}
2013-11-23 16:30 - 2013-11-23 16:30 - 00000000 ____D C:\Users\Thor\AppData\Local\{D618B4A1-94D4-4348-85A2-6514E168F301}
2013-11-23 04:29 - 2013-11-23 04:30 - 00000000 ____D C:\Users\Thor\AppData\Local\{569D1019-96E4-4641-B6E6-D7A695F164D5}
2013-11-22 16:29 - 2013-11-22 16:29 - 00000000 ____D C:\Users\Thor\AppData\Local\{8155AEA8-B1CC-44C0-B49B-FD7892403DB8}
2013-11-22 03:33 - 2013-11-22 03:33 - 00000000 ____D C:\Users\Thor\AppData\Local\{28474E01-1D0D-4632-86A4-ABDFFD66BC7B}
2013-11-21 15:32 - 2013-11-21 15:33 - 00000000 ____D C:\Users\Thor\AppData\Local\{2144590C-67FE-4CA1-AE1D-0707156D5923}
2013-11-21 03:32 - 2013-11-21 03:32 - 00000000 ____D C:\Users\Thor\AppData\Local\{031CA1E0-963A-493D-BEEF-0E60AE20B098}
==================== One Month Modified Files and Folders =======
2013-12-21 04:12 - 2013-12-21 04:12 - 00029392 _____ C:\Users\Thor\Desktop\FRST.txt
2013-12-21 04:11 - 2013-12-21 04:11 - 02193141 _____ (Farbar) C:\Users\Thor\Desktop\FRST64.exe
2013-12-21 04:11 - 2013-12-21 04:11 - 00000000 ____D C:\FRST
2013-12-21 04:10 - 2013-12-21 04:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-21 04:10 - 2013-12-21 04:00 - 00000000 ____D C:\Users\Thor\Desktop\mbar
2013-12-21 04:08 - 2009-07-14 14:15 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-21 04:08 - 2009-07-14 14:15 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-21 04:04 - 2013-12-21 04:04 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-21 04:03 - 2013-12-17 17:44 - 00000000 ____D C:\Users\Thor\Desktop\adsadsadsadsf
2013-12-21 04:02 - 2011-09-07 14:33 - 00000000 ____D C:\Users\Thor\AppData\Roaming\Azureus
2013-12-21 04:00 - 2013-12-21 04:00 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-21 04:00 - 2011-12-21 15:24 - 00000000 ____D C:\Users\Thor\AppData\Roaming\Skype
2013-12-21 03:59 - 2013-12-21 04:00 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Thor\Desktop\mbar-1.07.0.1008.exe
2013-12-21 03:13 - 2012-06-05 18:12 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000UA.job
2013-12-21 03:01 - 2011-09-11 21:39 - 00000000 ____D C:\Users\Thor\AppData\Roaming\Winamp
2013-12-21 02:32 - 2013-12-21 02:31 - 00000000 ____D C:\Users\Thor\AppData\Local\{CBB65506-5BBC-4ABC-91A1-AEAACE9CE046}
2013-12-21 02:32 - 2011-09-06 19:28 - 00000000 ____D C:\Users\Thor\AppData\Local\Windows Live
2013-12-21 02:17 - 2011-09-06 16:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-20 23:32 - 2011-10-22 00:54 - 00000000 ____D C:\Users\Thor\AppData\Local\Corel
2013-12-20 23:02 - 2011-10-22 00:52 - 00006318 ___SH C:\ProgramData\KGyGaAvL.sys
2013-12-20 23:02 - 2011-10-22 00:49 - 00000000 ____D C:\Users\Thor\Documents\My PSP Files
2013-12-20 22:59 - 2013-12-18 14:14 - 00000000 ____D C:\Users\Thor\AppData\Local\ACD Systems
2013-12-20 21:46 - 2011-09-06 17:50 - 00608354 _____ C:\Windows\system32\perfh008.dat
2013-12-20 21:46 - 2011-09-06 17:50 - 00419460 _____ C:\Windows\system32\perfh011.dat
2013-12-20 21:46 - 2011-09-06 17:50 - 00122392 _____ C:\Windows\system32\perfc011.dat
2013-12-20 21:46 - 2011-09-06 17:50 - 00111190 _____ C:\Windows\system32\perfc008.dat
2013-12-20 21:46 - 2009-07-14 14:43 - 02027386 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-20 20:42 - 2011-09-06 15:15 - 01319311 _____ C:\Windows\WindowsUpdate.log
2013-12-20 20:39 - 2013-12-20 19:45 - 00000336 _____ C:\Windows\setupact.log
2013-12-20 20:39 - 2013-11-29 19:11 - 00003108 _____ C:\Windows\System32\Tasks\ASO-System Protector_startup
2013-12-20 20:38 - 2013-12-20 20:38 - 00000492 _____ C:\Windows\PFRO.log
2013-12-20 20:38 - 2013-12-20 20:38 - 00000000 ____D C:\Users\Thor\AppData\Roaming\Systweak
2013-12-20 20:38 - 2013-12-20 20:38 - 00000000 ____D C:\ProgramData\Systweak
2013-12-20 20:38 - 2011-09-27 16:01 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-12-20 20:38 - 2011-09-12 10:41 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-20 20:38 - 2009-07-14 14:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-20 19:45 - 2013-12-20 19:45 - 00000000 _____ C:\Windows\setuperr.log
2013-12-20 19:42 - 2013-11-16 20:50 - 00000000 ____D C:\Users\Thor\AppData\Local\CrashDumps
2013-12-20 19:42 - 2012-05-31 22:21 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-20 14:31 - 2013-12-20 14:31 - 00000000 ____D C:\Users\Thor\AppData\Local\{B6003203-FA2A-4357-8401-28D131955D34}
2013-12-20 12:27 - 2011-11-19 04:14 - 00000000 ____D C:\Users\Thor\AppData\Roaming\HandBrake
2013-12-20 12:13 - 2012-06-05 18:12 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000Core.job
2013-12-20 11:28 - 2013-12-20 11:28 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2013-12-20 03:53 - 2013-12-20 01:02 - 00027402 _____ C:\Users\Thor\Desktop\SystemLook.txt
2013-12-20 03:15 - 2013-12-20 00:18 - 00000000 ____D C:\Users\Thor\Desktop\RK_Quarantine
2013-12-20 03:10 - 2013-12-20 03:13 - 04359168 _____ C:\Users\Thor\Desktop\RogueKillerX64.exe
2013-12-20 02:30 - 2013-12-20 02:30 - 00000000 ____D C:\Users\Thor\AppData\Local\{84383498-766C-4D70-9D43-0DF3B99CB927}
2013-12-20 01:53 - 2012-10-21 02:21 - 00119296 _____ C:\Windows\SysWOW64\zlib.dll
2013-12-20 01:51 - 2013-12-20 01:51 - 00000000 ____D C:\_OTL
2013-12-20 01:01 - 2013-12-20 01:01 - 00165376 _____ C:\Users\Thor\Desktop\SystemLook_x64.exe
2013-12-19 23:37 - 2013-12-19 23:37 - 00151042 _____ C:\Users\Thor\Desktop\Extras.Txt
2013-12-19 23:36 - 2013-12-19 23:36 - 00155878 _____ C:\Users\Thor\Desktop\OTL.Txt
2013-12-19 23:30 - 2013-12-19 23:31 - 00602112 _____ (OldTimer Tools) C:\Users\Thor\Desktop\OTL.exe
2013-12-19 22:25 - 2013-12-19 22:25 - 00038866 _____ C:\Users\Thor\Desktop\combofix.txt
2013-12-19 22:24 - 2013-12-19 22:24 - 00038866 _____ C:\ComboFix.txt
2013-12-19 22:24 - 2013-12-19 22:03 - 00000000 ____D C:\Qoobox
2013-12-19 22:12 - 2009-07-14 12:04 - 00000215 _____ C:\Windows\system.ini
2013-12-19 22:01 - 2013-12-19 22:01 - 05154906 ____R (Swearware) C:\Users\Thor\Desktop\ComboFix.exe
2013-12-19 14:29 - 2013-12-19 14:29 - 00000000 ____D C:\Users\Thor\AppData\Local\{D896A6DE-27B1-486C-8661-003AD9160B72}
2013-12-19 02:29 - 2013-12-19 02:28 - 00000000 ____D C:\Users\Thor\AppData\Local\{849A18FE-AF8B-4FF6-846B-DF1D2C3E9BAB}
2013-12-18 14:28 - 2013-12-18 14:28 - 00000000 ____D C:\Users\Thor\AppData\Local\{D0CE82F9-7496-422F-AFE7-FC402F805256}
2013-12-18 14:14 - 2013-12-18 14:14 - 00002835 _____ C:\Users\Public\Desktop\ACDSee Pro 6 (64-bit).lnk
2013-12-18 14:14 - 2013-12-18 14:14 - 00000000 ____D C:\Users\Thor\AppData\Roaming\ACD Systems
2013-12-18 14:14 - 2013-12-18 14:14 - 00000000 ____D C:\ProgramData\ACD Systems
2013-12-18 14:14 - 2013-12-18 14:14 - 00000000 ____D C:\Program Files\Common Files\ACD Systems
2013-12-18 14:14 - 2013-12-18 14:14 - 00000000 ____D C:\Program Files\ACD Systems
2013-12-18 14:13 - 2013-03-28 17:00 - 00000000 ____D C:\Users\Thor\AppData\Local\Downloaded Installations
2013-12-18 14:11 - 2013-12-18 14:11 - 00000057 _____ C:\Windows\system32\Drivers\etc\hosts.txt
2013-12-18 13:47 - 2013-12-18 13:47 - 00001109 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk
2013-12-18 13:47 - 2013-12-18 13:47 - 00000000 ____D C:\Users\Thor\AppData\Roaming\FastStone
2013-12-18 13:47 - 2013-12-18 13:47 - 00000000 ____D C:\Program Files (x86)\FastStone Image Viewer
2013-12-18 13:46 - 2012-06-05 18:12 - 00000000 ____D C:\Users\Thor\AppData\Local\Google
2013-12-18 13:45 - 2013-12-18 13:45 - 00000000 ____D C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2013-12-18 13:45 - 2013-12-18 13:45 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-18 13:23 - 2013-12-18 13:23 - 00000000 ____D C:\Users\Thor\Documents\ZPS15
2013-12-18 13:23 - 2011-09-07 15:03 - 00000000 ____D C:\Users\Thor\AppData\Roaming\Zoner
2013-12-18 13:23 - 2011-09-07 15:03 - 00000000 ____D C:\Users\Thor\AppData\Local\Zoner
2013-12-18 13:23 - 2011-09-07 15:03 - 00000000 ____D C:\Program Files\Zoner
2013-12-18 02:27 - 2013-12-18 02:27 - 00000000 ____D C:\Users\Thor\AppData\Local\{17FA845B-4390-45F9-9C53-B3AE303C6BDC}
2013-12-17 16:09 - 2011-09-06 20:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-17 14:26 - 2013-12-17 14:26 - 00000000 ____D C:\Users\Thor\AppData\Local\{6F1E42CA-6542-40D4-989F-1D1BCC68FDC2}
2013-12-17 03:53 - 2011-10-02 21:18 - 00000000 ____D C:\Program Files\PeerBlock
2013-12-17 02:25 - 2013-12-17 02:25 - 00000000 ____D C:\Users\Thor\AppData\Local\{7EFE4767-E25A-479F-90FE-6B8EC2FBA0B9}
2013-12-16 22:57 - 2013-03-26 22:39 - 00000000 ____D C:\Users\Thor\AppData\Roaming\Sony
2013-12-16 22:57 - 2011-09-07 07:10 - 00000000 ____D C:\Windows\Panther
2013-12-16 22:50 - 2013-12-16 22:50 - 00002848 _____ C:\Windows\System32\Tasks\ASC7_SkipUac_Thor
2013-12-16 22:50 - 2013-12-16 22:50 - 00000000 ____D C:\Users\Thor\AppData\Roaming\IObit
2013-12-16 22:50 - 2013-12-16 22:50 - 00000000 ____D C:\ProgramData\IObit
2013-12-16 22:49 - 2013-12-16 22:49 - 00000000 ____D C:\Program Files (x86)\IObit
2013-12-16 22:24 - 2011-12-01 01:58 - 00000000 ____D C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
2013-12-16 22:24 - 2011-09-23 18:10 - 00000000 ____D C:\Users\Thor\Desktop\Games
2013-12-16 22:24 - 2011-09-17 15:22 - 00000000 ____D C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-16 22:24 - 2011-09-07 15:02 - 00000000 ____D C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-12-16 22:23 - 2013-10-30 13:47 - 00000000 ____D C:\Users\UpdatusUser.Thor-PC.000
2013-12-16 22:23 - 2012-12-01 22:22 - 00000000 ____D C:\Users\Thor\Documents\Shiner
2013-12-16 22:23 - 2012-05-09 13:58 - 00000000 ____D C:\Users\Thor\AppData\Roaming\Vphonet
2013-12-16 22:23 - 2012-01-04 12:35 - 00000000 ____D C:\Users\Thor\AppData\Local\LogMeIn Hamachi
2013-12-16 22:23 - 2011-09-06 15:15 - 00000000 ____D C:\Users\Thor
2013-12-16 22:17 - 2013-12-16 22:17 - 00000000 ____D C:\Users\Thor\AppData\Local\Xenocode
2013-12-16 15:24 - 2013-12-04 06:54 - 00000000 ____D C:\hijackthis
2013-12-16 14:25 - 2013-12-16 14:24 - 00000000 ____D C:\Users\Thor\AppData\Local\{05D9B1BD-0ABB-4281-8C48-AE7521084C38}
2013-12-16 02:24 - 2013-12-16 02:24 - 00000000 ____D C:\Users\Thor\AppData\Local\{35D9B639-F1E0-42CF-BD3E-2A9F0DD5A87C}
2013-12-15 13:19 - 2013-12-15 13:18 - 00000000 ____D C:\Users\Thor\AppData\Local\{CB0FAAFD-BFC6-411C-832D-CD0970224273}
2013-12-14 16:34 - 2013-08-09 19:12 - 00000000 ____D C:\Users\Thor\AppData\Roaming\vlc
2013-12-14 13:11 - 2013-12-14 13:10 - 00000000 ____D C:\Users\Thor\AppData\Local\{58B18ED8-1332-4A67-A458-0DEDFBC6D60D}
2013-12-14 13:10 - 2013-01-25 11:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-14 13:10 - 2011-12-21 15:24 - 00000000 ____D C:\ProgramData\Skype
2013-12-14 01:05 - 2013-12-14 01:04 - 00000000 ____D C:\Users\Thor\AppData\Local\{29775709-3D35-44AF-9151-708B1E796672}
2013-12-13 13:04 - 2013-12-13 13:04 - 00000000 ____D C:\Users\Thor\AppData\Local\{A226EA76-B129-4A0C-AE7D-6A51C0ED1E99}
2013-12-13 13:03 - 2009-07-14 14:15 - 05192872 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-13 12:01 - 2013-12-13 12:01 - 04583424 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2013-12-13 00:26 - 2013-12-13 00:26 - 00000000 ____D C:\Users\Thor\AppData\Local\{98520726-C8CF-46AC-9463-EC3C3400665C}
2013-12-12 16:02 - 2011-09-10 01:01 - 00000000 ____D C:\Program Files\CPUID
2013-12-12 14:41 - 2012-09-17 17:15 - 00000000 ____D C:\Users\Thor\AppData\Roaming\TeamViewer
2013-12-12 14:41 - 2011-09-06 15:17 - 00207976 _____ C:\Users\Thor\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-12 14:21 - 2012-02-01 20:53 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-12-12 12:26 - 2013-12-12 12:26 - 00000000 ____D C:\Users\Thor\AppData\Local\{4DC0664C-4775-40EE-A99D-A4C4BA0CFAE1}
2013-12-12 00:26 - 2013-12-12 00:25 - 00000000 ____D C:\Users\Thor\AppData\Local\{767901AF-AF47-4E4E-9B54-8EAA61A36891}
2013-12-11 12:25 - 2013-12-11 12:25 - 00000000 ____D C:\Users\Thor\AppData\Local\{7C8D0E92-6CB8-4E77-B845-5976A5E4AF5A}
2013-12-11 00:25 - 2013-12-11 00:24 - 00000000 ____D C:\Users\Thor\AppData\Local\{E88792A9-D1D6-40B2-8686-1F0F0C48F005}
2013-12-10 12:24 - 2013-12-10 12:24 - 00000000 ____D C:\Users\Thor\AppData\Local\{F9DCA46E-C9B9-46F0-8C1A-E75D2B92FC18}
2013-12-10 00:23 - 2013-12-10 00:23 - 00000000 ____D C:\Users\Thor\AppData\Local\{D215823D-FFB8-421B-99A5-016D68B04E70}
2013-12-09 18:37 - 2011-09-17 15:21 - 00000000 ____D C:\Users\Thor\AppData\Roaming\Dropbox
2013-12-09 12:23 - 2013-12-09 12:23 - 00000000 ____D C:\Users\Thor\AppData\Local\{40BCAD90-914B-4D58-8468-B54427F806F9}
2013-12-09 00:22 - 2013-12-09 00:22 - 00000000 ____D C:\Users\Thor\AppData\Local\{A495DBF5-7F43-4FF7-BD7E-38B001F7B858}
2013-12-08 23:31 - 2013-12-08 23:23 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-08 23:24 - 2013-12-08 23:24 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3
2013-12-08 23:24 - 2013-12-08 23:23 - 00000000 ____D C:\Users\Thor\AppData\Local\Mobogenie
2013-12-08 23:23 - 2013-12-08 23:23 - 00000000 ____D C:\Users\Thor\Documents\Mobogenie
2013-12-08 23:23 - 2013-12-08 23:23 - 00000000 ____D C:\Users\Thor\AppData\Local\cache
2013-12-08 23:23 - 2013-12-08 23:23 - 00000000 _____ C:\Users\Thor\daemonprocess.txt
2013-12-08 22:45 - 2013-12-08 22:45 - 00000000 ____D C:\Users\Thor\Documents\My Cheat Tables
2013-12-08 22:42 - 2013-12-08 22:42 - 00000000 ____D C:\Users\Thor\Documents\FLiNGTrainer
2013-12-08 12:22 - 2013-12-08 12:22 - 00000000 ____D C:\Users\Thor\AppData\Local\{175E7DCA-2C44-4838-B8B3-D6B22D0A5FE8}
2013-12-07 18:50 - 2013-12-07 18:49 - 00000000 ____D C:\Users\Thor\AppData\Local\{EE83E89D-966E-4BD9-8D0D-5E44346B37EC}
2013-12-07 12:08 - 2012-06-05 18:12 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000UA
2013-12-07 12:08 - 2012-06-05 18:12 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000Core
2013-12-07 06:49 - 2013-12-07 06:49 - 00000000 ____D C:\Users\Thor\AppData\Local\{E2E4E388-7322-4AE9-BD3D-CB5B3D1DD7A7}
2013-12-06 17:32 - 2013-12-06 17:32 - 00000000 ____D C:\Users\Thor\AppData\Local\{EDC693A7-9D62-4FBC-B7DB-864969FB56AF}
2013-12-06 16:23 - 2013-12-06 16:21 - 00000000 ____D C:\Program Files (x86)\PDF24
2013-12-06 16:21 - 2013-12-06 16:21 - 00000000 ____D C:\Users\Thor\AppData\Local\PDF24
2013-12-06 05:31 - 2013-12-06 05:31 - 00000000 ____D C:\Users\Thor\AppData\Local\{CEC9543C-9113-4ADE-88D3-E7F878DED8DC}
2013-12-06 04:51 - 2013-12-06 04:51 - 00000220 _____ C:\Users\Thor\Desktop\Star Trek Online.url
2013-12-05 23:32 - 2013-12-05 23:32 - 00000222 _____ C:\Users\Thor\Desktop\Batman Arkham City GOTY.url
2013-12-05 17:31 - 2013-12-05 17:31 - 00000000 ____D C:\Users\Thor\AppData\Local\{E4304F79-64ED-41DC-8A0D-1D5F7D169A8D}
2013-12-05 15:34 - 2013-12-05 15:34 - 00000222 _____ C:\Users\Thor\Desktop\Broken Sword 5.url
2013-12-05 05:31 - 2013-12-05 05:30 - 00000000 ____D C:\Users\Thor\AppData\Local\{EF8758E8-ECB9-48D1-A1C6-83010D984F9F}
2013-12-04 17:30 - 2013-12-04 17:30 - 00000000 ____D C:\Users\Thor\AppData\Local\{A42E06A3-CECA-47A1-AB70-C20F4995DA0D}
2013-12-04 12:53 - 2013-12-04 12:53 - 00002414 _____ C:\Users\Thor\Desktop\aswMBR.txt
2013-12-04 12:53 - 2013-12-04 12:53 - 00000512 _____ C:\Users\Thor\Desktop\MBR.dat
2013-12-04 12:42 - 2013-12-04 12:43 - 04745728 _____ (AVAST Software) C:\Users\Thor\Desktop\aswMBR (1).exe
2013-12-04 12:41 - 2013-12-04 12:41 - 00005257 _____ C:\Users\Thor\Desktop\attach.zip
2013-12-04 12:36 - 2013-12-04 12:36 - 00035388 _____ C:\Users\Thor\Desktop\dds.txt
2013-12-04 12:36 - 2013-12-04 12:36 - 00015596 _____ C:\Users\Thor\Desktop\attach.txt
2013-12-04 12:35 - 2013-12-04 12:35 - 00688992 ____R (Swearware) C:\Users\Thor\Desktop\dds.scr
2013-12-04 12:33 - 2013-08-06 11:24 - 00000000 ____D C:\Windows\ERDNT
2013-12-04 12:32 - 2013-12-04 12:32 - 00000909 _____ C:\Users\UpdatusUser.Thor-PC.000\Desktop\ERUNT.lnk
2013-12-04 12:32 - 2013-12-04 12:32 - 00000909 _____ C:\Users\Thor\Desktop\ERUNT.lnk
2013-12-04 12:32 - 2013-12-04 12:32 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-12-04 12:32 - 2011-09-06 15:15 - 00000000 ____D C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-04 12:19 - 2013-03-28 17:07 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-12-04 06:53 - 2011-09-06 15:15 - 00000000 ____D C:\Users\Thor\AppData\Local\VirtualStore
2013-12-04 06:20 - 2009-07-14 12:04 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.original
2013-12-04 05:30 - 2013-12-04 05:29 - 00000000 ____D C:\Users\Thor\AppData\Local\{AB432236-8B46-4604-9F0C-A7E8A84B67E1}
2013-12-03 17:29 - 2013-12-03 17:29 - 00000000 ____D C:\Users\Thor\AppData\Local\{B62718D9-4665-4CD9-8013-C0E70091B7A6}
2013-12-03 05:29 - 2013-12-03 05:28 - 00000000 ____D C:\Users\Thor\AppData\Local\{F53F9816-300E-4A94-BA28-70447A2DBC1E}
2013-12-02 17:28 - 2013-12-02 17:28 - 00000000 ____D C:\Users\Thor\AppData\Local\{6E7578EC-75AD-4A04-BF3D-E724CBEED224}
2013-12-02 05:28 - 2013-12-02 05:27 - 00000000 ____D C:\Users\Thor\AppData\Local\{3ADC6853-BA48-4CB6-A2F4-98DCFC3203C9}
2013-12-01 18:56 - 2013-12-01 18:56 - 00000893 _____ C:\Users\Public\Desktop\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk
2013-12-01 17:27 - 2013-12-01 17:27 - 00000000 ____D C:\Users\Thor\AppData\Local\{D4AF4D06-D8E7-4BB5-A6EE-CBB25B89B34C}
2013-12-01 05:27 - 2013-12-01 05:26 - 00000000 ____D C:\Users\Thor\AppData\Local\{EDC45451-3EB8-45F7-8987-CCEAEA462EF4}
2013-11-30 19:38 - 2011-09-06 19:58 - 00030528 _____ C:\Windows\GVTDrv64.sys
2013-11-30 17:26 - 2013-11-30 17:26 - 00000000 ____D C:\Users\Thor\AppData\Local\{73457022-53B1-463B-97DC-15B7484FB346}
2013-11-30 17:14 - 2013-11-30 17:14 - 00000000 ____D C:\Users\Thor\AppData\Roaming\MPC-HC
2013-11-30 17:09 - 2013-11-30 17:09 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2013-11-30 17:08 - 2013-04-21 00:54 - 00000000 ____D C:\Program Files\DirectVobSub
2013-11-30 17:01 - 2011-09-07 00:23 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\etdrv.sys
2013-11-30 16:39 - 2013-03-13 11:17 - 00000000 ____D C:\Program Files\K-Lite Codec Pack x64
2013-11-30 05:25 - 2013-11-30 05:25 - 00000000 ____D C:\Users\Thor\AppData\Local\{E9921A5E-AC51-42E1-9AEB-1AAAA11AF817}
2013-11-29 20:18 - 2013-11-10 03:46 - 00002272 _____ C:\Windows\system32\ASOROSet.bin
2013-11-29 20:18 - 2009-07-14 12:04 - 95420416 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-11-29 20:18 - 2009-07-14 12:04 - 28311552 _____ C:\Windows\system32\config\SYSTEM.bak
2013-11-29 20:18 - 2009-07-14 12:04 - 00032768 _____ C:\Windows\system32\config\SECURITY.bak
2013-11-29 20:14 - 2009-07-14 12:04 - 00028672 _____ C:\Windows\system32\config\SAM.bak
2013-11-29 17:25 - 2013-11-29 17:24 - 00000000 ____D C:\Users\Thor\AppData\Local\{DA3C05D3-61CB-4359-8160-3AA938F1B1D2}
2013-11-29 05:24 - 2013-11-29 05:24 - 00000000 ____D C:\Users\Thor\AppData\Local\{A4B42952-B061-4C8A-80E9-6FB5A73CC9EA}
2013-11-28 17:24 - 2013-11-28 17:23 - 00000000 ____D C:\Users\Thor\AppData\Local\{F0331BDD-5A4B-4A3D-B0C5-07E9763A6F23}
2013-11-28 04:15 - 2013-11-28 04:15 - 00000000 ____D C:\Users\Thor\AppData\Local\{A045844B-BACC-4D46-AECF-44ECEB853DDA}
2013-11-27 16:15 - 2013-11-27 16:14 - 00000000 ____D C:\Users\Thor\AppData\Local\{9AD0B4FA-71CD-4421-B5D7-350208F28F0D}
2013-11-27 04:04 - 2013-11-27 04:04 - 00000000 ____D C:\Users\Thor\AppData\Local\{8945C753-1FE8-4C07-9241-4E9A9BC6B685}
2013-11-26 15:32 - 2013-11-26 15:32 - 00000000 ____D C:\Users\Thor\AppData\Local\{454F3AF2-BAF4-4490-931A-A8DB2A1DE4B9}
2013-11-25 19:58 - 2013-11-25 19:57 - 00000000 ____D C:\Users\Thor\AppData\Local\{454AC5C1-992C-40DF-9F2F-2D1B159C8076}
2013-11-25 04:48 - 2013-11-25 04:48 - 00000000 ____D C:\Users\Thor\AppData\Local\{87BCAB07-A8FA-4768-8631-71C9EF63D695}
2013-11-25 04:46 - 2009-07-14 14:38 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-24 16:31 - 2013-11-24 16:31 - 00000000 ____D C:\Users\Thor\AppData\Local\{38DD516B-B5CC-444B-BECD-7EE74F9197BA}
2013-11-24 14:44 - 2013-11-24 14:44 - 00274869 _____ C:\Users\Thor\Desktop\ccc.htm
2013-11-24 04:31 - 2013-11-24 04:30 - 00000000 ____D C:\Users\Thor\AppData\Local\{D4234DD3-C092-48B4-AB82-4A9F8CB388E9}
2013-11-23 16:30 - 2013-11-23 16:30 - 00000000 ____D C:\Users\Thor\AppData\Local\{D618B4A1-94D4-4348-85A2-6514E168F301}
2013-11-23 04:30 - 2013-11-23 04:29 - 00000000 ____D C:\Users\Thor\AppData\Local\{569D1019-96E4-4641-B6E6-D7A695F164D5}
2013-11-22 16:29 - 2013-11-22 16:29 - 00000000 ____D C:\Users\Thor\AppData\Local\{8155AEA8-B1CC-44C0-B49B-FD7892403DB8}
2013-11-22 03:33 - 2013-11-22 03:33 - 00000000 ____D C:\Users\Thor\AppData\Local\{28474E01-1D0D-4632-86A4-ABDFFD66BC7B}
2013-11-21 15:33 - 2013-11-21 15:32 - 00000000 ____D C:\Users\Thor\AppData\Local\{2144590C-67FE-4CA1-AE1D-0707156D5923}
2013-11-21 03:32 - 2013-11-21 03:32 - 00000000 ____D C:\Users\Thor\AppData\Local\{031CA1E0-963A-493D-BEEF-0E60AE20B098}
Files to move or delete:
====================
C:\Users\Thor\jagex_cl_speccollect_LIVE.dat
C:\Users\Thor\random.dat
Some content of TEMP:
====================
C:\Users\Thor\AppData\Local\Temp\i4jdel0.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-20 03:49
==================== End Of Log ============================
I think somehow Advanced System Protector is entwined with Advanced System Optimizer, it really is not needed so why dont you uninstall it and see what happens. You can try uninstalling it via programs and features or with Revo Uninstaller.
I am looking at Advanced System Protector starting up here
C:\Windows\System32\Tasks\ASO-System Protector_startup
I also see this program removing it, lets give it a go, the first run is just a report
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Its removing it here
http://www.bleepingcomputer.com/forums/t/517551/trying-to-find-a-recentsafe-version-of-smitfraudfixexe/
Uninstalling system optimizer seems to have taken it with it. I considered doing that at the start but now that I have zero use for that program again, which was recommended by a zillion sites and users, I'll be ignoring it forever. I did the scans as asked straight after though.
# AdwCleaner v3.015 - Report created 21/12/2013 at 18:46:59
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Thor - THOR-PC
# Running from : C:\Users\Thor\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found C:\Program Files (x86)\Vuze
Folder Found C:\Users\Thor\AppData\Local\eSupport.com
Folder Found C:\Users\Thor\AppData\Roaming\Systweak
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\Show-Password
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16421
-\\ Mozilla Firefox v24.0 (en-US)
[ File : C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3078 octets] - [21/12/2013 14:32:02]
AdwCleaner[R1].txt - [1195 octets] - [21/12/2013 18:46:59]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1255 octets] ##########
I pretty much want to keep vuze. I wasnt sure if you wanted the JRT report as well from that page you linked so I'll post it up anyway. Cant hurt. I feel I should mention that before I uninstalled the optimizer program, I did a quick scan with adwcleaner and one of the files listed was that roboot.exe you mentioned. After uninstalling optimizer that file doesnt seem to be popping up now.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by Thor on Sat 21/12/2013 at 18:28:52.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_line_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_line_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_sonicstage_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_sonicstage_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_winds-pro_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_winds-pro_RASMANCS
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\systweak"
Successfully deleted: [Folder] "C:\Users\Thor\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Thor\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\driver-soft"
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{017C5017-04C0-4188-B34D-4FF76BE11B4E}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{031CA1E0-963A-493D-BEEF-0E60AE20B098}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{03E90486-0F33-4325-9D5F-DB02EB1BE038}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{0412D884-19A6-478A-961B-2F28A10694EC}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{05D9B1BD-0ABB-4281-8C48-AE7521084C38}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{06688E29-B41B-4E04-889A-7901D15B64CC}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{08C9774A-DDBD-41EE-BA4F-9D047BE6B908}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{0A4C2735-2B1F-4019-92A7-942736A555FF}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{0C52CAD4-87AB-4419-A39E-CE1822F74616}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{0F1674CF-4ACD-442B-82CF-8B87788AFC92}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{101F369E-0BFF-427A-9B62-C11ADF58119A}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{112A8E7B-F782-43AC-94A9-A3732A7AB690}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{13475700-3CED-48D8-B047-AF6663628C6D}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{15A6B7F6-11F2-417C-867F-68F3F99AB053}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{15C68270-E495-477B-99C7-263979CA915B}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{16A7EE5B-11CE-44B4-A21D-8D72E525AD3A}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{16B0CCA7-7ECF-4FFA-95FE-B8DA9D941149}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{16C65EF6-F75A-4FD4-AFAE-CB2193E57295}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{16D8A7A3-4CF9-4573-8553-0D3F0DD3C5C9}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{175E7DCA-2C44-4838-B8B3-D6B22D0A5FE8}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{17FA845B-4390-45F9-9C53-B3AE303C6BDC}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{18421A1A-5B4E-4E9A-BA22-8C08363E1142}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{198C8F3C-DBAA-4134-90ED-D3EE89B01BE5}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{19F204E4-72DA-44CE-9788-03DD8EE772E3}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{1A865D02-3F13-48AE-837C-2A85E2028F73}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{1C1FAB4B-D248-4C25-AFC3-7689B0C546FF}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{1C91015F-65DC-48E8-8D6E-971383C6B5D1}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{1DAC29C7-3BAE-41E5-9174-A9131527BDDE}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{1DDAA627-9706-4DCB-B364-370BA19C9FC6}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{1FBF5138-EC9F-4B3E-B030-C03FD81FB0AC}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{1FCBF8AB-DA2F-4161-AD32-0D1D6615C029}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{21441A41-5ABC-46E0-84F9-66DDDBE12678}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{2144590C-67FE-4CA1-AE1D-0707156D5923}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{2160CA79-B805-43C7-AE3C-D5A104049F6A}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{22E2F08F-F481-47FF-9665-3D0EDDE4FD20}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{243FE7C7-1222-48D6-A138-D4CC48EAAE30}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{262A602A-2979-4E28-834A-7A28030594F4}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{28474E01-1D0D-4632-86A4-ABDFFD66BC7B}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{290A7296-BFE0-4091-94DE-FD73D513ACAA}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{293EFB66-AA5D-424E-91A3-04B32546EB42}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{29775709-3D35-44AF-9151-708B1E796672}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{2A408213-8DA3-4446-A743-0DBF5213517B}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{2AE70B9A-A634-4FCC-83B0-E1631687D8E6}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{311CC60E-A0EC-4945-AD91-BA59F67E81A4}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{3407706F-8E92-49F0-B096-06615962F52A}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{34D31BDD-AADD-4581-ADAF-41BF39FBC379}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{3507EA29-DE55-47B6-82C8-C5F71FD779D0}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{35D9B639-F1E0-42CF-BD3E-2A9F0DD5A87C}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{3892261E-4F3D-445B-82A8-BB686F7D7844}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{38DD516B-B5CC-444B-BECD-7EE74F9197BA}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{391AF573-5224-4A6F-B4A1-720BCF4F7662}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{3978CEF7-7ED5-4C84-BAA0-E6B9404A0511}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{39F65C81-3B31-45CE-8FCA-41C5E8F795AB}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{3A623475-3389-4650-97E7-DB64D9AD62CF}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{3ADC6853-BA48-4CB6-A2F4-98DCFC3203C9}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{3B95ABB2-76AE-48A5-93E9-8A1FBB4B4DA3}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{3C026D96-CDB4-4AED-9BFB-CDEAD7E65443}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{3DAEFC79-7B58-4E0A-88DB-C7800AB39F3F}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{3E356CD6-A5AA-402A-949E-04146767A862}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{3EC60169-3554-4BAB-995A-7BF0E3CC767C}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{4012B18B-9DAC-4420-A899-E67B197BA709}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{40BCAD90-914B-4D58-8468-B54427F806F9}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{40D22C3D-6144-4487-93A7-B820327F905B}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{413810F9-6D48-4191-B056-A3D93624D6FD}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{454AC5C1-992C-40DF-9F2F-2D1B159C8076}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{454F3AF2-BAF4-4490-931A-A8DB2A1DE4B9}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{45BFC7C8-2265-4E18-95A5-86CB7E2B294C}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{45C8A11C-1044-4F26-923D-6CD3820F66EA}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{45E568FF-83E4-4D50-BDDA-F8DDD0DA9C25}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{4602F3C0-8F42-4493-A0BA-9E2C86652FF2}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{461F93BA-1288-4E9A-8AF6-095365A68195}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{46638B6D-5531-4328-8ADA-1AD7C8139CE4}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{477885F3-D797-43F9-9FBF-8486752D88E8}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{4ADDB3EB-98B7-4086-888B-A6CF3364BCA4}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{4B156860-AA3D-454F-ABF2-1F1F7FFE174F}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{4B4CDD3F-6E4E-4102-8A53-43F2861178FF}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{4BA782F4-C603-4330-B573-9FB9030C325C}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{4DC0664C-4775-40EE-A99D-A4C4BA0CFAE1}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{4EEBAE55-7C93-4247-847D-1D581662D4CC}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{4F86F887-EA02-41B9-9D5F-6C1AF9E27ACD}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{50F0B766-1A31-444D-9F3A-C98FAD4F8968}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{513D05B5-62C9-4EA7-B487-0034B42D4E45}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{5277A44B-CE8E-40A1-ACDE-CAF6EC7AD5F2}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{565B3608-BDB5-4921-8439-8294A3BE20E0}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{5681FC36-2F4B-4EDE-A61A-EE17AA8A490F}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{569D1019-96E4-4641-B6E6-D7A695F164D5}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{57C032F4-6FE9-4DCB-ADD5-8E637C80B4A5}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{584A5416-4C94-408C-998C-090AC2DC37CA}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{58B18ED8-1332-4A67-A458-0DEDFBC6D60D}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{599416A9-7FD1-473F-82F9-453D846D70DC}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{5E50356A-A060-4E5C-B791-1F5657477855}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{5F2279B3-499A-4BF8-8E96-CE75DFBBAD01}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{602108E4-4548-4B3C-BA96-8EC13A68EBAD}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{6221AB1C-FC19-45ED-B116-65BD109BD2AD}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{6333B17F-E306-4E0B-94CA-50E692E5892A}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{666872CA-1DC0-47CD-BC4C-4E5BE2B770B7}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{668F6638-ED09-4579-A820-E01A6C08239C}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{669A21C2-251A-4A3A-A007-2E11CC76923F}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{6719CD0E-5996-455C-AE59-5E5EDDD32FA2}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{6B468F06-EBF0-4815-A871-2E4BD7AC10F7}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{6C2041C9-2D9D-4F8E-B8AE-D048D683A9EE}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{6C7DC9AC-9A1D-41E7-AD08-E31D1989AC52}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{6E6396E2-A117-4DB3-8ADA-D37BE6A13282}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{6E7578EC-75AD-4A04-BF3D-E724CBEED224}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{6EAE26C9-886D-4519-B372-C0F03D0D2E25}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{6F1E42CA-6542-40D4-989F-1D1BCC68FDC2}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{7267EC65-1B44-43D2-BCA4-85F84DA2486D}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{72786DD6-3A59-4986-9E8E-2325D60CC9D9}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{72BB2460-FE62-4027-9B0B-89FF0ECC468A}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{73457022-53B1-463B-97DC-15B7484FB346}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{73F379C5-371D-4002-866C-53D1E11CDFE5}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{750803AD-7F85-404A-816C-3C3F7A60C15A}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{7548A35C-6292-4E59-947A-ACC598C06349}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{763F6731-D213-4140-B854-6779BA325B2D}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{767901AF-AF47-4E4E-9B54-8EAA61A36891}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{78426AC0-2AAF-4181-9E94-EC23C18FF349}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{79C08127-695F-4A4F-AF3B-FB06CDC47176}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{7AF15A32-ABE2-46FA-9EA8-1242A7D58D9C}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{7C8D0E92-6CB8-4E77-B845-5976A5E4AF5A}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{7CF3A3A9-53C2-4A6A-82E8-561F98E82AE7}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{7E18F901-C862-4264-A599-58378563B50A}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{7E4886B6-AE3A-492A-8608-3184F0DA4EB5}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{7EFE4767-E25A-479F-90FE-6B8EC2FBA0B9}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{7FD14D40-4D16-4F95-84A9-1CA6060F624A}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{801E1445-784E-4E89-9744-F08F1AC7DFCB}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{8155AEA8-B1CC-44C0-B49B-FD7892403DB8}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{81796D22-D204-41BE-9933-290AA92396E8}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{829195F8-58BF-46C0-992D-41F4E160FF9B}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{83876463-4161-45E3-9DE7-EA29C4307231}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{841C091D-7CD3-4083-AF42-1D48EA7F1971}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{84383498-766C-4D70-9D43-0DF3B99CB927}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{849A18FE-AF8B-4FF6-846B-DF1D2C3E9BAB}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{85B8B65C-6CCC-4514-AF8A-63B5937A90F3}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{85D5880D-171E-40B1-902A-2A5D563B1FF7}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{867E6E83-3D0B-445F-9596-E376036A0FFD}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{8793877E-8543-4C2C-87C5-3B2A7FCE3131}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{87BCAB07-A8FA-4768-8631-71C9EF63D695}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{883BDDF2-E34F-419C-8C63-7F19F1063475}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{8945C753-1FE8-4C07-9241-4E9A9BC6B685}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{8AAFF0A1-0FC3-4583-AED6-CCAC7D800803}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{8AC0670E-8375-4E65-A99A-C3F37F5944A0}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{8B7C144B-F781-473A-9F36-C9A2E7E77808}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{8BB89354-3916-4EE1-B006-2122D18A2E11}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{8C93251B-4990-44D9-B0B7-1F86C74E5CF5}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{8CE2315D-DACA-4425-8B12-69BFD4757285}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{90D0003E-92B3-4AAE-9FFF-37EC21B0304B}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{91B95F0E-EF71-4838-ADCD-7E2364519E41}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{91CA5577-DE2E-4182-8373-291839184839}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{9225782B-CE11-4689-8123-8337B0573E9F}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{923A7B88-A047-4122-A7E5-26928668F0E9}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{92484D33-24BB-4421-9020-D94C55872C7B}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{93A85E4B-2CE2-41D3-BC00-DCEBC0F5D4B1}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{93BA163C-3A78-4043-B53B-9803E8F27C67}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{93C3A731-A7D0-4A80-846F-56391F6EA0A3}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{94949B8D-2C77-4432-8480-450F6ABED26D}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{9758D1EA-2F41-40F0-B523-DB4421A42865}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{97F255A1-2E53-4FAB-A375-0F60F6014565}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{98520726-C8CF-46AC-9463-EC3C3400665C}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{9AD0B4FA-71CD-4421-B5D7-350208F28F0D}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{9AD64C99-2829-4EFD-B7BA-6B07053046FD}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{9BC07651-817A-478E-A4D2-0C6116BD315A}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{9C967331-5FC6-4A1C-BDAC-0A8C6368A3A4}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{9DCD999C-74DE-4EDD-99B9-581277C71003}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{9ECB8073-0BE1-4A52-AFA2-6C2E9F2B59E4}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{A045844B-BACC-4D46-AECF-44ECEB853DDA}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{A0CC9941-0962-479E-A70E-7340F1AB5198}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{A226EA76-B129-4A0C-AE7D-6A51C0ED1E99}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{A2E89896-33CD-4F4B-A773-105E2741F6AC}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{A408D3E2-FB6D-40A6-A579-D3DDCA383E3A}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{A42E06A3-CECA-47A1-AB70-C20F4995DA0D}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{A495DBF5-7F43-4FF7-BD7E-38B001F7B858}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{A4B42952-B061-4C8A-80E9-6FB5A73CC9EA}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{A50666F2-EC41-47D1-9B63-FBCA3FC5BA67}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{A6058D25-2A1E-4A55-BFAC-39CC23280C9D}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{A6BBB693-C646-4E17-9CA7-BBB827327C74}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{A76C88EC-83FB-47E4-9AF5-6D274A893A47}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{A7B32628-DB1E-4E99-B11F-D5F14F0402FF}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{AAB8D00B-9216-4105-9E4D-91265CE80445}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{AB432236-8B46-4604-9F0C-A7E8A84B67E1}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{AC2AC958-D6BC-4EB5-8664-1CE964879FF6}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{AC832423-3227-4D81-B8FA-1C06F3967232}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{B6003203-FA2A-4357-8401-28D131955D34}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{B62718D9-4665-4CD9-8013-C0E70091B7A6}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{B76BF80F-EB0C-4201-A1C9-C5B691CDCE17}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{B83E1597-FF43-40B1-B78C-B1A9557C5670}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{B8725C47-0D3D-4C3F-8175-311572D190EB}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{BAA14FCB-EDA9-4151-B967-EBF1261B8647}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{BB002D96-EDFA-4998-9788-004514867C3C}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{BB912422-0F93-4498-894A-F51390C9DF81}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{BDC1CDDF-A75B-4AD1-9318-05B2B03C398F}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{BE00E3EE-A90A-4D9C-94FB-CB24958F3D83}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{BF61C201-C00C-48F5-9DB7-F52CECA77139}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{BF7B842C-AB2B-4ADC-AD00-8CC5381C8807}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{C14E2D3B-5F2B-4FBF-8FC5-1AE74C201F8F}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{C18E20F7-FF9C-4800-86BF-1F20BA866E43}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{C2004333-EE85-47DC-AE4E-CD4971B7C132}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{CAAA21A2-5502-4FE4-B5A8-9068F10CA4AB}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{CB0FAAFD-BFC6-411C-832D-CD0970224273}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{CBB65506-5BBC-4ABC-91A1-AEAACE9CE046}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{CC81C9EC-72E1-4C1D-AE3D-058DB66CD237}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{CD140EE2-D245-4610-A198-2E9F66BEE263}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{CE3573BE-66DF-4E4E-88B0-4244E23DEFC6}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{CE65CD13-6FF0-4FDB-AF72-E7515D94E81B}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{CEC9543C-9113-4ADE-88D3-E7F878DED8DC}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{CF452AE9-A654-4606-A4DB-3CF15EAFFA61}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{CF93DC3E-CFC9-4268-8433-9689F7AFF9B8}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{D0CE82F9-7496-422F-AFE7-FC402F805256}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{D215823D-FFB8-421B-99A5-016D68B04E70}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{D379789E-39B5-414C-82D5-2BE51BCBC894}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{D4234DD3-C092-48B4-AB82-4A9F8CB388E9}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{D4AF4D06-D8E7-4BB5-A6EE-CBB25B89B34C}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{D618B4A1-94D4-4348-85A2-6514E168F301}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{D777FB58-615A-4468-9E45-F0059355DB30}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{D896A6DE-27B1-486C-8661-003AD9160B72}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{D9A9312E-0B18-4718-8C77-1279FD4C5D39}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{DA3C05D3-61CB-4359-8160-3AA938F1B1D2}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{DA6AB3DE-DE51-4CB5-BA50-FF3A6957918D}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{DCD51B04-668D-49A6-901E-883D7D5DF021}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{DED07105-8A18-4635-BA2F-22EB0496A4F7}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{DF9F492E-DA5D-47CB-8741-765019A2A03C}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{E2A07AD7-A4D1-45F4-9C83-6525021BB16A}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{E2E4E388-7322-4AE9-BD3D-CB5B3D1DD7A7}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{E4304F79-64ED-41DC-8A0D-1D5F7D169A8D}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{E4D1A63D-53B3-40E6-B635-DAB08AA94778}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{E64EBC93-3E2F-4F3F-918D-7F719FE0AE6D}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{E88792A9-D1D6-40B2-8686-1F0F0C48F005}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{E9158B0E-4DFB-4E6A-8C24-4E946820CB2B}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{E920132B-52EA-48B6-9F1C-0B62E2C2DD3F}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{E9921A5E-AC51-42E1-9AEB-1AAAA11AF817}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{EB778C1B-1AEE-4F70-827C-EB9CE112CE15}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{ED7DC38F-7E31-4121-A27D-4E9165677E12}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{EDC45451-3EB8-45F7-8987-CCEAEA462EF4}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{EDC693A7-9D62-4FBC-B7DB-864969FB56AF}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{EE83E89D-966E-4BD9-8D0D-5E44346B37EC}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{EEF2CDD4-A988-48E0-92D2-6B304A91448A}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{EF8758E8-ECB9-48D1-A1C6-83010D984F9F}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{F0331BDD-5A4B-4A3D-B0C5-07E9763A6F23}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{F28CFC10-9C12-44AC-AB86-6B890943191A}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{F438014C-A393-4965-A8EF-6B67EA90970E}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{F5313BC1-68C8-4E41-9275-9B59ACF90819}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{F53F9816-300E-4A94-BA28-70447A2DBC1E}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{F5C1D855-B589-4421-BD9F-936F35B11C25}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{F6CB56E4-BFE3-4CCA-A6FA-B906E81738E8}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{F6FEE1DF-78E8-4EA0-99A0-8CFFA939A6D0}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{F826DA48-E6DC-477D-855D-E991A1F0BA6E}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{F8B8C758-4169-4659-82DD-8AF70B50D3B4}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{F8F2853D-0A99-42D6-9BBD-5101E3A99DA1}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{F9DCA46E-C9B9-46F0-8C1A-E75D2B92FC18}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{FA83290A-EBD7-4DAE-81B2-82508ECC6DA5}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{FBC50B7C-F75C-4FEE-81C3-616C585448A7}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{FE43D7E4-A47E-4567-AC35-2EEC678A083C}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{FEB081CA-1EB2-4582-924B-6AD5A77C88F2}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{FF2C2F00-54E6-46F5-9DC4-9C4B84989B0C}
Successfully deleted: [Empty Folder] C:\Users\Thor\appdata\local\{FFC261E3-6E50-4A96-9BC1-AF6F39C0A510}
~~~ FireFox
Successfully deleted: [File] C:\Users\Thor\AppData\Roaming\mozilla\firefox\profiles\z86reas3.default\user.js
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 21/12/2013 at 18:39:47.32
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Great , success :bigthumb:
The answer was right under our noses :) Been at this for many years and I have found that outside of a Anti Virus program and a good Firewall, and a Malware Prevention program that there really is no need for any third party programs, all the ones built into windows are more than adequate.
Go ahead and run AdwCleaner again to clean but uncheck Vuze if you want to keep it BUT, its a bittorrent program and P2P (File Sharing ) are very dangerous, your call but I would remove it
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
# AdwCleaner v3.015 - Report created 21/12/2013 at 21:54:58
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Thor - THOR-PC
# Running from : C:\Users\Thor\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
[x] Not Deleted : C:\Program Files (x86)\Vuze
Folder Deleted : C:\Users\Thor\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Thor\AppData\Roaming\Systweak
File Deleted : C:\END
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Show-Password
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16421
-\\ Mozilla Firefox v24.0 (en-US)
[ File : C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3078 octets] - [21/12/2013 14:32:02]
AdwCleaner[R1].txt - [1335 octets] - [21/12/2013 18:46:59]
AdwCleaner[R2].txt - [1395 octets] - [21/12/2013 18:52:18]
AdwCleaner[R3].txt - [1552 octets] - [21/12/2013 21:53:04]
AdwCleaner[S0].txt - [1455 octets] - [21/12/2013 21:54:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1515 octets] ##########
Great, forgot to mention that roboot64.exe was removed by one of the scanners.
How is your system behaving now ?
Seems ok. Probably run better without that erunt program annoying me at every bootup lol
You dont need that, uninstall it.
We need to update your Java to keep you more secure
Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 45, if not proceed with the instructions.
Go to the update Tab and update it
Important, during the upgrade UNCHECK ASK TOOL BAR. ( you do not need or want this )
Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.
You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Everything done. Thanks again for all the help. Appreciated.
Your very welcome my friend, first time working with ASP so now all that info is in my notes . Again thanks for hanging in with me, I appreciate that also
Take Care,
Ken :)
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.