Help clearing trojan/malware issues

**OCD** · 2013-08-09, 08:20

Please do not attach the logs unless requested to do so. When you attach the logs I still have to download them in order to review them which is time consuming. I appreciate your cooperation.

OTL logfile created on: 9/08/2013 3:08:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thor\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.98 Gb Total Physical Memory | 5.15 Gb Available Physical Memory | 64.55% Memory free
15.97 Gb Paging File | 13.16 Gb Available in Paging File | 82.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 34.67 Gb Free Space | 31.04% Space Free | Partition Type: NTFS
Drive F: | 878.92 Gb Total Space | 31.40 Gb Free Space | 3.57% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 568.00 Gb Free Space | 30.49% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 328.41 Gb Free Space | 35.26% Space Free | Partition Type: NTFS
Drive L: | 984.09 Gb Total Space | 121.45 Gb Free Space | 12.34% Space Free | Partition Type: NTFS

Computer Name: THOR-PC | User Name: Thor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Thor\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - J:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe (Cloanto Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
PRC - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
PRC - C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe ()

========== Modules (No Company Name) ==========

MOD - J:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - J:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - J:\Program Files (x86)\Steam\SDL2.dll ()
MOD - J:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - J:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - J:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\EpocCam.ax ()
MOD - C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\swscale-0.dll ()
MOD - C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avutil-51.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a742cb2e77b47300756506d52c96a8d1\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\work.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\SF.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\HM.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll ()
MOD - C:\Program Files (x86)\drahtwerk\iWebcamera\iWebcameraFilter.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\platform.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\device.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (KinoniSvc) -- C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
SRV - (HiPatchService) -- J:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (PanService) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (PinnacleUpdateSvc) -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe (PowerUp Software, LLC)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (CSObjectsSrv) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
SRV - (DES2 Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (kinonivd) -- C:\Windows\SysNative\drivers\kinonivd.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (KINONI_Wave) -- C:\Windows\SysNative\drivers\kinonivad.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (TEAM) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (CSCrySec) -- C:\Windows\SysNative\drivers\CSCrySec.sys (Infowatch)
DRV:64bit: - (CSVirtualDiskDrv) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys (Infowatch)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (tap0901t) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (VLAN) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTVLANPT) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (CamDrL64) -- C:\Windows\SysNative\drivers\CamDrL64.sys (Logitech Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://battlelog.battlefield.com/bf3...=|bf3|servers|
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 85 D0 F3 79 6C CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{922E6970-BD05-47bc-AF58-D431E6404A30}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: jyboy.yy%40gmail.com:1.0.4
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: greasemonkeybcsf%40stpors.net:0.2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mammoth.com.au/BigPondMediaDownloader,version=1.0.0: C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll (Mammoth Media)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thor\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thor\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\mammothmedia.com.au/BigPondMediaDownloaderDetector: C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll (Mammoth Media)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2012/11/01 16:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2012/11/01 16:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2012/11/01 16:25:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/27 21:37:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/27 21:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/27 21:37:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/27 21:37:36 | 000,000,000 | ---D | M]

[2011/09/06 19:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Extensions
[2013/06/27 21:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions
[2013/05/01 16:50:01 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/06/27 21:36:12 | 000,000,000 | ---D | M] (Greasemonkey Shared Script Folder) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\greasemonkeybcsf@stpors.net
[2012/08/03 05:10:26 | 000,000,000 | ---D | M] (YTshowRating) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\jid1-m7xzZLMj29zzjA@jetpack
[2012/04/24 23:27:17 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\jyboy.yy@gmail.com
[2012/05/17 17:45:26 | 000,000,000 | ---D | M] (Redirector) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\redirector@einaregilsson.com
[2013/03/23 10:06:08 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/06/08 07:00:45 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/06/27 21:35:10 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/06/27 21:37:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/27 21:37:35 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2013/06/27 21:37:38 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/12 19:10:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/12 19:10:10 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?hl=en&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.delta-search.com/?affID=1...0000ff73427270
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BigPond Media Downloader Detector (Enabled) = C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Thor\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: YouTube = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: FlashBlock = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdngiadmnkhgemkimkhiilgffbjijcie\1.2.11.12_0\
CHR - Extension: Adblock Plus = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.3_0\
CHR - Extension: YouTube\u2122 Ratings Preview = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\2.3.3_0\
CHR - Extension: OneTab = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.5_0\
CHR - Extension: Google Search = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\
CHR - Extension: Session Buddy = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.1_0\
CHR - Extension: Youtube Video Downloader = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgdjbcjnihndbfmmggceololenekadg\1.2_0\
CHR - Extension: Virtual Keyboard = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\
CHR - Extension: Chromium Wheel Smooth Scroller = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb\1.3.3_0\
CHR - Extension: Auto HD For YouTube = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\4.0.2_0\
CHR - Extension: Gmail = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\

**OCD** · 2013-08-09, 08:22

O1 HOSTS File: ([2013/08/09 05:09:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {45d30484-7ded-43d9-957a-d2fd1f046511} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CloantoSoftwareDirector] C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe (Cloanto Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Standby] c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] J:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\RunOnce\Setup: [Registering MS MPEG4 ActiveX filter...] C:\Windows\SysWOW64\MPG4ds32.ax (Microcrap Corporation)
O4 - Startup: C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51AF2091-0927-4023-86DB-142FD3B91A25}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73427270-A448-4497-95DC-8D915CF25F20}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/16 18:31:23 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/09 15:04:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thor\Desktop\OTL.exe
[2013/08/09 14:05:01 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{7A624CA0-422B-4A5E-929F-DA45B1874BCA}
[2013/08/09 05:27:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/09 05:01:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/09 05:01:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/09 05:01:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/09 05:01:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/09 04:58:51 | 005,100,713 | R--- | C] (Swearware) -- C:\Users\Thor\Desktop\ComboFix.exe
[2013/08/09 00:58:34 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{734DE282-704B-4FB8-9A2E-2353556E2DE9}
[2013/08/08 12:58:12 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E72FEF21-710B-47C2-B5C7-80795697EC0E}
[2013/08/08 00:01:19 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{F9A48F4F-1ED3-4F1B-9A89-44C2CB07FB1D}
[2013/08/07 12:00:57 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D7D429C6-65F3-455F-B627-114D033A5FA3}
[2013/08/07 00:00:22 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{8731FAA6-EBAD-4387-941F-481F5BBCC30F}
[2013/08/06 17:01:01 | 000,000,000 | ---D | C] -- C:\Users\Thor\Documents\ProcAlyzer Dumps
[2013/08/06 16:42:29 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Thor\Desktop\aswMBR.exe
[2013/08/06 11:42:25 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Thor\Desktop\dds.com
[2013/08/06 11:24:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/08/06 11:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/08/06 11:23:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/08/06 11:23:23 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Thor\Desktop\erunt-setup.exe
[2013/08/06 09:19:22 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{7039926E-B54A-4F22-B94D-F288F200E776}
[2013/08/06 02:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/08/06 02:40:44 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/08/06 02:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/08/05 15:32:43 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{55DB6940-210B-4FA1-8679-E8ECBBCE7C07}
[2013/08/05 03:32:07 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{AF1B77DA-3A34-4DB3-B8EF-19CB9379C83A}
[2013/08/04 22:39:09 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoldWave
[2013/08/04 22:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoldWave
[2013/08/04 15:31:55 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E30BE655-6283-48D2-8445-A6582FEE5CEA}
[2013/08/04 03:31:16 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{195B9657-19F9-434A-9366-61AF9B91635F}
[2013/08/03 15:30:48 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{98A1D2F6-9C45-410D-82B3-6FD80A479215}
[2013/08/03 02:42:39 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{9AAF0856-0111-4FBA-84E8-5242EC80E3FA}
[2013/08/02 14:42:17 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{709BFB3A-5669-4AF2-9208-4697C7B1620B}
[2013/08/02 02:41:43 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{68DF52BE-8952-4868-A5E1-0679639B30AB}
[2013/08/01 14:41:20 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{3B150860-428C-488E-A191-01AE112D5BEA}
[2013/08/01 02:40:46 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{8FEB8649-712E-42F8-A251-B11B86302D1C}
[2013/07/31 14:40:17 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{1D483449-EB9E-4D1B-A3C2-E20DBB681303}
[2013/07/30 22:51:27 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{85027127-8D1D-4F2F-8A9E-DB3770ED0FBB}
[2013/07/30 10:50:53 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{8D65548F-9DC0-4B76-8AD2-80001513E9B6}
[2013/07/29 20:42:50 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{1D651263-59BB-4AD9-A8C7-983E0BD9E099}
[2013/07/29 08:42:16 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{0FE0EE7E-130F-4F84-8DB8-B606305BD4C9}
[2013/07/28 17:02:10 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\Dxtory Software
[2013/07/28 17:02:08 | 008,300,544 | ---- | C] (Dxtory Software) -- C:\Windows\SysWow64\DxtoryCodec.dll
[2013/07/28 17:02:08 | 008,043,008 | ---- | C] (Dxtory Software) -- C:\Windows\SysNative\DxtoryCodec.dll
[2013/07/28 17:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
[2013/07/28 17:01:27 | 000,000,000 | ---D | C] -- C:\Users\Thor\Desktop\dxtory
[2013/07/28 16:02:14 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\Awesomium
[2013/07/28 14:24:59 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{58D73E0A-02D8-4A79-90FA-6069FB22FF5C}
[2013/07/28 02:24:17 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{951F2FDD-A978-4391-BAA9-F908CE75EBBB}
[2013/07/27 13:50:01 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{1702FC2C-B7F0-47CA-BE3B-6D7D92B76232}
[2013/07/27 00:33:21 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{B270282A-3D83-48BD-82D9-627DBE09EE8E}
[2013/07/26 12:32:59 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{2554CC7D-389D-408D-9B67-0DCB5E47AD32}
[2013/07/26 00:32:25 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{00B68FA6-9074-42EF-8002-39875877C3D6}
[2013/07/25 12:32:03 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{678B3312-1EC4-4668-9DD2-7FF71B6B1025}
[2013/07/25 03:33:13 | 000,000,000 | ---D | C] -- C:\Users\Thor\Desktop\Corel Auto-Preserve
[2013/07/25 00:31:26 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{362A26EF-DFF1-4433-8AC9-FEDF17ACCF79}
[2013/07/24 12:30:49 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{EF8F5872-3308-45C4-B53A-01E1C2DD50E8}
[2013/07/23 15:59:53 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{B1F1ABD8-7E2B-4350-8F8B-A1034612457C}
[2013/07/23 03:59:30 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{B983E4A4-2E94-41AB-AABB-6786072A0CE7}
[2013/07/22 15:59:08 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E046BB6F-CF51-443F-9C72-E23C4EC47FEC}
[2013/07/22 03:58:29 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{FA78F5E7-5889-4AA6-9730-FD9176F085F8}
[2013/07/21 15:58:07 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{033E6AD5-A7CB-443D-8F3B-A102276CFED5}
[2013/07/21 03:57:32 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{C5A51AF5-D153-4A3D-8CD8-003BC6A2AE87}
[2013/07/20 15:57:10 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{F4E20CF7-4C84-493F-BCAE-45D6B6A0FDCD}
[2013/07/20 03:56:47 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{43305700-B6AF-4952-B9CF-021288C3DF0F}
[2013/07/19 15:56:24 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E61C3896-3957-454C-BD92-C002D6C4FFB5}
[2013/07/18 15:55:27 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{02415797-4B9C-433E-9460-E108CD3FE8CE}
[2013/07/18 03:54:53 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{CF1E3B28-A8D3-41A0-B5E4-39008C3437A5}
[2013/07/17 15:54:31 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{7A0E8CCC-65C1-4C3A-B45A-C453093E4752}
[2013/07/16 15:53:45 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{01A27CD4-B174-4C20-BE55-A67CEBF55BAB}
[2013/07/16 03:42:35 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{6780E787-8887-4CE9-8411-BCAECFE80184}
[2013/07/15 15:42:24 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{3ACBFDCE-E4FE-4E57-A64F-FCEF81377C14}
[2013/07/15 03:41:57 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{34D78392-5F98-443C-8EE1-D25BC3A1145F}
[2013/07/14 15:41:36 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{9C2A61A4-68C2-4AA6-BC01-FF014CC5DA45}
[2013/07/14 03:41:00 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{EE8617D0-2800-425A-B900-859DFE3177F0}
[2013/07/13 15:40:37 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{168367BB-6636-4626-B3B2-EC05146093B5}
[2013/07/13 03:40:14 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{8E38913B-DDA1-4228-9DD3-7B288FB11820}
[2013/07/12 15:39:51 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{EF5BD903-78D0-4C37-B782-CC74ACFC540C}
[2013/07/11 15:39:05 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{B84B36A3-3A70-4F04-8FB0-E3459E70E9B4}
[2013/07/11 02:55:05 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{9B08C30A-422C-4FD1-9D14-2EE65A5EB47A}
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/09 15:01:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000UA.job
[2013/08/09 15:00:17 | 002,022,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/09 15:00:17 | 000,662,972 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/09 15:00:17 | 000,607,300 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013/08/09 15:00:17 | 000,418,406 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2013/08/09 15:00:17 | 000,121,840 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2013/08/09 15:00:17 | 000,121,840 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/09 15:00:17 | 000,110,638 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013/08/09 14:55:32 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2013/08/09 14:55:32 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2013/08/09 14:55:21 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013/08/09 14:54:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/09 14:54:13 | 2134,200,319 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/09 14:53:33 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/09 14:53:33 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/09 14:17:27 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/09 14:08:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thor\Desktop\OTL.exe
[2013/08/09 14:08:29 | 000,666,633 | ---- | M] () -- C:\Users\Thor\Desktop\AdwCleaner (1).exe
[2013/08/09 05:26:39 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2013/08/09 05:09:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/09 04:56:42 | 005,100,713 | R--- | M] (Swearware) -- C:\Users\Thor\Desktop\ComboFix.exe
[2013/08/09 04:53:59 | 000,891,098 | ---- | M] () -- C:\Users\Thor\Desktop\SecurityCheck.exe
[2013/08/08 19:01:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000Core.job
[2013/08/07 20:05:51 | 000,078,573 | ---- | M] () -- C:\Users\Thor\Desktop\Gordan taylor.jpg
[2013/08/07 20:01:42 | 000,033,422 | ---- | M] () -- C:\Users\Thor\Desktop\240_12GordonTaylor415.jpg
[2013/08/07 20:01:40 | 000,077,817 | ---- | M] () -- C:\Users\Thor\Desktop\PA-12343382.jpg
[2013/08/07 20:01:20 | 000,006,266 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2013/08/06 16:58:57 | 000,000,512 | ---- | M] () -- C:\Users\Thor\Desktop\MBR.dat
[2013/08/06 14:37:18 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Thor\Desktop\aswMBR.exe
[2013/08/06 14:04:35 | 000,005,762 | ---- | M] () -- C:\Users\Thor\Desktop\attach.zip
[2013/08/06 12:00:13 | 000,000,221 | ---- | M] () -- C:\Users\Thor\Desktop\Frozen Synapse.url
[2013/08/06 11:42:20 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Thor\Desktop\dds.com
[2013/08/06 11:24:03 | 000,001,108 | ---- | M] () -- C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/08/06 11:23:50 | 000,000,909 | ---- | M] () -- C:\Users\Thor\Desktop\ERUNT.lnk
[2013/08/06 11:23:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Thor\Desktop\erunt-setup.exe
[2013/08/04 23:25:23 | 007,453,272 | ---- | M] () -- C:\Users\Thor\Desktop\Untitled_Panorama2.jpg
[2013/08/04 22:45:01 | 010,584,044 | ---- | M] () -- C:\Users\Thor\Desktop\Untitled4.wav
[2013/08/04 22:39:09 | 000,000,748 | ---- | M] () -- C:\Users\Thor\Desktop\GoldWave.lnk
[2013/08/04 21:42:07 | 006,458,145 | ---- | M] () -- C:\Users\Thor\Desktop\Untitled_Panorama1.jpg
[2013/08/02 22:43:33 | 000,080,295 | ---- | M] () -- C:\Users\Thor\Desktop\card.jpg
[2013/08/02 18:58:35 | 001,153,113 | ---- | M] () -- C:\Users\Thor\Desktop\Test1.mp3
[2013/08/02 13:00:42 | 000,024,501 | ---- | M] () -- C:\Users\Thor\Desktop\avatar16770_1.jpg
[2013/08/02 13:00:09 | 000,002,937 | ---- | M] () -- C:\Users\Thor\Desktop\avatar16770_1.gif
[2013/07/29 11:39:09 | 005,656,683 | ---- | M] () -- C:\Users\Thor\Desktop\09 Track 09.mp3
[2013/07/29 00:22:00 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/07/29 00:22:00 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/07/29 00:17:43 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/07/28 18:08:40 | 000,001,892 | ---- | M] () -- C:\Windows\unins000.dat
[2013/07/28 18:08:38 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe
[2013/07/28 17:02:08 | 000,000,865 | ---- | M] () -- C:\Users\Thor\Desktop\Dxtory.lnk
[2013/07/25 14:47:23 | 000,022,100 | ---- | M] () -- C:\Users\Thor\Desktop\end message.GIF
[2013/07/25 03:35:56 | 000,027,243 | ---- | M] () -- C:\Users\Thor\Desktop\test1.GIF
[2013/07/25 00:18:16 | 000,000,222 | ---- | M] () -- C:\Users\Thor\Desktop\Sanctum 2.url
[2013/07/25 00:17:55 | 000,000,219 | ---- | M] () -- C:\Users\Thor\Desktop\Left 4 Dead 2.url
[2013/07/24 17:02:15 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013/07/24 13:44:25 | 000,400,522 | ---- | M] () -- C:\Users\Thor\Desktop\kitty proper.jpg
[2013/07/22 21:34:45 | 000,346,696 | ---- | M] () -- C:\Users\Thor\Desktop\kyo1.jpg
[2013/07/22 21:27:30 | 000,341,234 | ---- | M] () -- C:\Users\Thor\Desktop\kyo.jpg
[2013/07/22 14:28:49 | 000,135,506 | ---- | M] () -- C:\Users\Thor\Desktop\goblin1.png
[2013/07/17 14:26:56 | 000,141,699 | ---- | M] () -- C:\Users\Thor\Desktop\centrelink.GIF
[2013/07/17 06:51:56 | 000,150,362 | ---- | M] () -- C:\Users\Thor\Desktop\rock cup.jpg
[2013/07/13 12:12:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/13 12:12:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

**OCD** · 2013-08-09, 08:22

========== Files Created - No Company Name ==========

[2013/08/09 14:13:56 | 000,666,633 | ---- | C] () -- C:\Users\Thor\Desktop\AdwCleaner (1).exe
[2013/08/09 05:27:53 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref
[2013/08/09 05:01:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/09 05:01:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/09 05:01:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/09 05:01:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/09 05:01:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/09 04:55:47 | 000,891,098 | ---- | C] () -- C:\Users\Thor\Desktop\SecurityCheck.exe
[2013/08/07 20:05:51 | 000,078,573 | ---- | C] () -- C:\Users\Thor\Desktop\Gordan taylor.jpg
[2013/08/07 20:01:42 | 000,033,422 | ---- | C] () -- C:\Users\Thor\Desktop\240_12GordonTaylor415.jpg
[2013/08/07 20:01:38 | 000,077,817 | ---- | C] () -- C:\Users\Thor\Desktop\PA-12343382.jpg
[2013/08/06 16:58:57 | 000,000,512 | ---- | C] () -- C:\Users\Thor\Desktop\MBR.dat
[2013/08/06 14:04:35 | 000,005,762 | ---- | C] () -- C:\Users\Thor\Desktop\attach.zip
[2013/08/06 12:00:13 | 000,000,221 | ---- | C] () -- C:\Users\Thor\Desktop\Frozen Synapse.url
[2013/08/06 11:24:03 | 000,001,108 | ---- | C] () -- C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/08/06 11:23:50 | 000,000,909 | ---- | C] () -- C:\Users\Thor\Desktop\ERUNT.lnk
[2013/08/06 02:40:46 | 000,001,395 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/08/04 23:25:09 | 007,453,272 | ---- | C] () -- C:\Users\Thor\Desktop\Untitled_Panorama2.jpg
[2013/08/04 22:45:01 | 010,584,044 | ---- | C] () -- C:\Users\Thor\Desktop\Untitled4.wav
[2013/08/04 22:39:09 | 000,000,748 | ---- | C] () -- C:\Users\Thor\Desktop\GoldWave.lnk
[2013/08/04 21:42:06 | 006,458,145 | ---- | C] () -- C:\Users\Thor\Desktop\Untitled_Panorama1.jpg
[2013/08/02 22:43:24 | 000,080,295 | ---- | C] () -- C:\Users\Thor\Desktop\card.jpg
[2013/08/02 18:58:18 | 001,153,113 | ---- | C] () -- C:\Users\Thor\Desktop\Test1.mp3
[2013/08/02 13:00:42 | 000,024,501 | ---- | C] () -- C:\Users\Thor\Desktop\avatar16770_1.jpg
[2013/08/02 13:00:08 | 000,002,937 | ---- | C] () -- C:\Users\Thor\Desktop\avatar16770_1.gif
[2013/07/29 11:38:03 | 005,656,683 | ---- | C] () -- C:\Users\Thor\Desktop\09 Track 09.mp3
[2013/07/28 18:08:40 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/07/28 18:08:40 | 000,001,892 | ---- | C] () -- C:\Windows\unins000.dat
[2013/07/28 17:02:08 | 000,000,865 | ---- | C] () -- C:\Users\Thor\Desktop\Dxtory.lnk
[2013/07/25 14:47:23 | 000,022,100 | ---- | C] () -- C:\Users\Thor\Desktop\end message.GIF
[2013/07/25 03:35:56 | 000,027,243 | ---- | C] () -- C:\Users\Thor\Desktop\test1.GIF
[2013/07/25 00:18:16 | 000,000,222 | ---- | C] () -- C:\Users\Thor\Desktop\Sanctum 2.url
[2013/07/25 00:17:55 | 000,000,219 | ---- | C] () -- C:\Users\Thor\Desktop\Left 4 Dead 2.url
[2013/07/24 13:44:25 | 000,400,522 | ---- | C] () -- C:\Users\Thor\Desktop\kitty proper.jpg
[2013/07/22 21:34:45 | 000,346,696 | ---- | C] () -- C:\Users\Thor\Desktop\kyo1.jpg
[2013/07/22 21:27:30 | 000,341,234 | ---- | C] () -- C:\Users\Thor\Desktop\kyo.jpg
[2013/07/22 14:28:48 | 000,135,506 | ---- | C] () -- C:\Users\Thor\Desktop\goblin1.png
[2013/07/17 14:26:56 | 000,141,699 | ---- | C] () -- C:\Users\Thor\Desktop\centrelink.GIF
[2013/07/17 06:51:51 | 000,150,362 | ---- | C] () -- C:\Users\Thor\Desktop\rock cup.jpg
[2013/07/15 01:08:07 | 000,000,695 | ---- | C] () -- C:\Users\Thor\Desktop\Desktop stuff - Shortcut.lnk
[2013/04/19 08:08:36 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\Media Player - Codec Pack Disc handler.exe
[2013/04/19 08:08:36 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe
[2013/04/16 20:05:04 | 003,915,776 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2013/04/16 20:03:50 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/04/16 20:02:28 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2013/04/16 20:02:24 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2013/04/16 20:02:18 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2013/04/16 20:02:16 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2013/04/16 20:02:16 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2013/04/16 20:02:14 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2013/04/16 20:02:14 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2013/04/16 20:02:10 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2013/04/13 21:53:50 | 007,788,672 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-55.dll
[2013/04/13 21:53:50 | 001,300,152 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-55.dll
[2013/04/13 21:53:50 | 000,400,592 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2013/04/13 21:53:50 | 000,272,192 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-52.dll
[2013/04/13 21:53:50 | 000,194,632 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll
[2013/04/13 21:53:50 | 000,172,728 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-1.dll
[2012/11/21 23:39:33 | 000,000,045 | ---- | C] () -- C:\Users\Thor\jagex_cl_speccollect_LIVE.dat
[2012/11/21 23:39:33 | 000,000,001 | ---- | C] () -- C:\Users\Thor\random.dat
[2012/10/21 02:21:05 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/10/21 02:21:05 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2012/10/21 02:21:05 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2012/10/10 17:50:48 | 000,216,072 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/30 08:17:28 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\Formats.ini
[2012/09/18 13:05:01 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2012/09/16 15:31:11 | 001,239,424 | ---- | C] () -- C:\Users\Thor\P1010012-1.jpg
[2012/09/16 15:22:00 | 004,696,064 | ---- | C] () -- C:\Users\Thor\P1010012.JPG
[2012/09/16 15:22:00 | 004,167,168 | ---- | C] () -- C:\Users\Thor\P1010005.JPG
[2012/08/02 18:23:54 | 000,017,408 | ---- | C] () -- C:\Users\Thor\AppData\Local\WebpageIcons.db
[2012/07/05 01:34:25 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012/05/12 20:07:35 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2012/05/12 20:07:35 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.4.ini
[2012/04/29 00:49:27 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2012/03/07 01:40:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/01/18 16:14:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 16:14:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 16:14:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/12 18:08:03 | 000,000,600 | ---- | C] () -- C:\Users\Thor\AppData\Roaming\winscp.rnd
[2012/01/07 23:52:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012/01/07 23:51:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
[2012/01/07 23:51:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
[2012/01/07 23:51:50 | 000,203,306 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012/01/07 23:51:50 | 000,138,727 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2011/12/19 15:59:40 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/19 15:57:16 | 000,236,544 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/08 05:02:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2011/12/01 01:58:24 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/11/15 12:43:48 | 000,001,461 | ---- | C] () -- C:\Users\Thor\.recently-used.xbel
[2011/10/26 18:48:43 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/26 18:48:43 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/10/22 00:54:27 | 000,005,120 | ---- | C] () -- C:\Users\Thor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/22 00:52:12 | 000,006,266 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/20 00:10:11 | 000,000,017 | ---- | C] () -- C:\Users\Thor\AppData\Local\resmon.resmoncfg
[2011/09/10 04:40:37 | 002,004,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/09 22:05:16 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/09/08 23:30:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/09/08 23:30:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/09/08 23:30:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/09/08 23:30:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/09/08 23:30:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/09/08 23:30:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/09/08 23:30:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/09/08 23:30:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/09/08 23:29:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/09/08 23:29:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011/09/06 19:58:19 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011/09/06 19:55:32 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/09/06 15:41:31 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll

========== ZeroAccess Check ==========

[2009/07/14 14:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 22:57:25 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 21:51:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/10 04:39:10 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Allmyapps
[2012/11/19 01:21:30 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Atari
[2013/08/04 22:31:03 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Audacity
[2013/07/28 16:10:07 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Awesomium
[2013/08/09 03:21:23 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Azureus
[2011/09/23 04:25:55 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Canon
[2013/05/24 20:41:23 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Cloanto
[2013/07/27 14:17:14 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\com.doubleperfect.ggpo
[2011/12/03 20:47:54 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2011/10/09 15:57:50 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\cYo
[2013/05/15 17:23:01 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\DAEMON Tools Lite
[2013/08/07 16:29:47 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Dropbox
[2012/07/01 06:27:24 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\DVD Catalyst 4
[2012/06/13 02:20:26 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\DVDVideoSoft
[2013/05/22 16:12:36 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Evaer
[2012/09/27 19:30:54 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Fatshark
[2012/12/29 22:00:34 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Games
[2013/08/06 09:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Thor\AppData\Roaming\gjrgfujw
[2011/11/15 12:43:48 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\gtk-2.0
[2012/04/04 02:59:16 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\HandBrake
[2011/09/12 16:36:33 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Leadertech
[2011/12/16 11:55:52 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\LEAPS
[2013/03/28 18:37:59 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\MAGIX
[2012/06/29 22:56:53 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\mkvtoolnix
[2013/08/06 09:31:36 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Mumble
[2011/11/09 02:50:26 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Nucleosys
[2013/06/07 16:26:36 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Origin
[2012/06/12 21:33:36 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Pavtube
[2011/12/16 11:47:05 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Pegasys Inc
[2013/06/09 21:59:24 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\PlayClaw3
[2012/10/21 02:24:23 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\PowerUp Software
[2012/05/12 20:08:45 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\proDAD
[2013/03/26 22:46:52 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Publish Providers
[2013/01/28 17:50:53 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\QuickScan
[2013/02/14 07:39:56 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Reincubate
[2012/05/05 18:58:01 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\RenPy
[2011/12/01 20:57:49 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Screaming Bee
[2013/03/27 17:28:47 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Sony
[2011/11/06 16:50:46 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Splashtop
[2012/10/19 03:33:17 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Sports Interactive
[2012/03/19 06:09:37 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/17 17:17:51 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\TeamViewer
[2012/02/10 04:02:01 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\The Creative Assembly
[2012/08/05 06:50:39 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Tropico 3
[2012/12/02 00:26:10 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Tunngle
[2012/05/12 20:03:18 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Ulead Systems
[2012/05/09 14:01:14 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Vphonet
[2011/09/12 10:19:41 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Windows Live Writer
[2012/04/15 00:18:35 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Wondershare Video Converter Ultimate
[2011/09/07 15:05:50 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Zoner

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2013/05/16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) MD5=03250DB0886A23B1F6C077C5D9F152B0 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2011/02/26 14:49:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 15:49:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 15:49:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 15:49:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 15:44:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 21:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 15:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 15:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:54:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 11:09:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/14 11:09:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 11:09:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 10:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 10:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 10:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 11:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 11:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 11:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 21:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 21:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 21:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:55:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 22:55:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:55:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:55:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 22:55:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:55:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

========== Base Services ==========
SRV:64bit: - [2009/07/14 11:10:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 22:55:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 11:08:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 22:57:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 22:55:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 16:03:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 11:10:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 10:45:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2010/11/20 22:55:47 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2010/11/20 22:55:59 | 000,177,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 21:48:24 | 000,136,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 22:57:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 22:56:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 21:48:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 15:54:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 11:10:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 11:11:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 10:45:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 11:11:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 22:56:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 11:11:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 11:11:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 11:11:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 11:11:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 10:46:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010/11/20 22:57:22 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 11:11:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 21:12:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/11/20 22:55:21 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 16:03:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 11:11:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 22:57:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 22:57:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 22:57:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 16:03:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 11:11:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 22:57:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 22:57:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 21:51:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 22:57:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 22:57:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 21:51:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 11:11:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2010/11/20 22:57:23 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 22:55:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 22:55:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 22:55:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 22:57:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/14 11:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 22:57:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 22:56:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 22:57:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 22:54:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 21:47:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 11:11:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2010/11/20 22:57:32 | 002,420,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 22:56:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 11:11:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 22:57:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: KINGSTON SH100S3120G
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HD203WI
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD2002FAEX-007BA0
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HD103SJ
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 112.00GB
Starting Offset: 105906176
Hidden sectors: 0

DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 984.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #1, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 879.00GB
Starting Offset: 1056662618112
Hidden sectors: 0

DeviceID: Disk #2, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #3, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 1048576
Hidden sectors: 0

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >

**vlahka** · 2013-08-09, 08:23

Sorry, I wasnt sure. Should I paste them up now or wait for different instructions?

**OCD** · 2013-08-09, 08:24

OTL Extras logfile created on: 9/08/2013 3:08:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thor\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.98 Gb Total Physical Memory | 5.15 Gb Available Physical Memory | 64.55% Memory free
15.97 Gb Paging File | 13.16 Gb Available in Paging File | 82.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 34.67 Gb Free Space | 31.04% Space Free | Partition Type: NTFS
Drive F: | 878.92 Gb Total Space | 31.40 Gb Free Space | 3.57% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 568.00 Gb Free Space | 30.49% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 328.41 Gb Free Space | 35.26% Space Free | Partition Type: NTFS
Drive L: | 984.09 Gb Total Space | 121.45 Gb Free Space | 12.34% Space Free | Partition Type: NTFS

Computer Name: THOR-PC | User Name: Thor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

**OCD** · 2013-08-09, 08:25

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0296731B-C60F-432B-BDA0-59CCAF7F0B4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{129891D5-FCF5-4DFD-B2E3-06C45CD42069}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22EC12B2-2F55-4269-9281-81CF7665BA45}" = lport=56621 | protocol=6 | dir=in | name=pando media booster |
"{237123B4-3C00-4E12-83A0-D4DAEA61D3CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FC04034-9CC1-4076-83FC-0D9D50DF657D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{453F0B99-D647-4E66-953B-50CF48AF0E71}" = lport=10243 | protocol=6 | dir=in | app=system |
"{47F7C5EB-B1D7-4179-A0D4-A1D7CE82D13C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4992639F-13AF-40A9-8C0D-849FA1F4C5BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E8F577B-213A-496A-86D6-F463E3D5E4E5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4F56542F-A378-4E5B-8544-D969001744CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5000AEE2-6AA0-4656-B7F4-F07C363C5A0A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5014A777-F0F6-4AFC-9A83-14012AB3227B}" = lport=445 | protocol=6 | dir=in | app=system |
"{55C7D750-4F34-4E86-B5F5-94A4A63A1243}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5B9077EF-C5F9-400B-8CFD-40FA3EBE1ABC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5DEF54FE-B99D-4D70-9C48-E14B1CD05B43}" = rport=445 | protocol=6 | dir=out | app=system |
"{6BFCC6EF-7AC8-4C42-A023-57193B95EC6C}" = rport=139 | protocol=6 | dir=out | app=system |
"{77C9EFA1-C545-4312-9AA9-5FD611767D16}" = lport=138 | protocol=17 | dir=in | app=system |
"{86892FCA-6CEF-4973-AC04-124FD471FD5D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{89467CBD-406B-49B6-9BD5-C64EC207F079}" = lport=56621 | protocol=6 | dir=in | name=pando media booster |
"{94B3616B-2102-46F0-8889-274313391E6A}" = lport=137 | protocol=17 | dir=in | app=system |
"{A11AEDD7-5055-40F3-924C-9CC2AC24BE84}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4E6C1B2-D5DD-4364-9C42-C0B4658F0AC1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A80703EC-79A2-4DFA-9204-C22CF096757A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC7BAB00-BB40-4385-A515-40DD0B9E86DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AD0D1D9D-1936-4D3E-BC49-0D5E32710E49}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DB3BF7FB-AD5E-45EC-A1B9-28FFD43656D4}" = rport=137 | protocol=17 | dir=out | app=system |
"{E4EAC3FF-F8C2-4A60-847C-C8E4D042A312}" = lport=56621 | protocol=17 | dir=in | name=pando media booster |
"{F41ACDEF-305B-48E5-B99E-37CF3778419D}" = lport=56621 | protocol=17 | dir=in | name=pando media booster |
"{FC12B0E8-AD85-4523-B2F1-A33ECDC42349}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BC673D-CA12-440B-8B4E-D30AEC3E4929}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{012B39CB-AEDD-43F2-BD83-5E38ABF83822}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{02BBE037-EFEA-4384-8FA6-16C3D7B9E8D4}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the swapper\theswapper.exe |
"{033A7B73-7822-4431-BDB9-5E9FBE686ED4}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\pinball fx2\pinball fx2.exe |
"{049E0FCA-3184-4A9B-963A-F2B30C4221A1}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{05AB7179-6AD1-4B29-965C-0297D3574506}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe |
"{06AD006E-E70E-460A-B066-76F5C1B40237}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{07676BF3-7407-45FC-BB63-7A1321BCC22E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0769F049-AAE7-4E8D-B97C-9B89B3A5CF5F}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{07A21FF4-E918-4DA8-ABCD-7BF5A6C60E83}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\poxnora\launchpad.exe |
"{096C1616-819D-4EC6-82CA-E87E4DD0C71D}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{0C7786AF-762B-4E63-B458-2D4084E18C1F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0D32E838-426C-4126-A08B-818324A42546}" = protocol=17 | dir=in | app=j:\program files (x86)\tera\tera-launcher.exe |
"{0EA0ADB3-DFCC-4210-9008-2A2AE4FAAB1D}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\greed corp\game.exe |
"{0ED9F101-216C-4B8B-9264-59400D63094F}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\shoot many robots\shootmanyrobots\binaries\shootmanyrobots.exe |
"{0FC09566-1F8D-442E-872D-0CBA746B64FA}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dino d-day\dinodday.exe |
"{10482388-8B8C-4130-A145-B6242628BDED}" = protocol=17 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\rm.exe |
"{13890B5C-D544-4DD3-A942-77D19BD0F51D}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{18919617-B9D6-477D-8BD5-DFE70808CA8A}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\bunch of heroes\game.exe |
"{191EF0D1-6B4E-45A7-80B7-49928921D27D}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\pinball fx2\pinball fx2.exe |
"{1937B7AE-EB23-4FE8-99E3-53663AA378D9}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1B5EC5A3-B2E6-4A28-98AD-84537D54112C}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{1BA87EFD-550C-4CF1-8F60-5B6B9EA5A5BC}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{1C662277-2DB9-4861-8DB2-3616BD873D50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1CF8A7BB-CDCA-4F04-B983-4A5E1515A4DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1D82C45C-9C37-497B-BB32-F264C51308E5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1D8A448A-DF5D-47B7-8D6C-323375CECB64}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{1E6384BE-CB4F-4C43-B40E-BC3B9BD83EBD}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sherlock holmes the secret of the silver earring\game.exe |
"{207062F8-6800-4CD5-A731-B0B3FEE5524B}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{2506B3A3-9605-4065-8CF1-0A30F61B848B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{252FBE5B-756E-4414-940C-1B329762FE36}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{26DFD814-77F8-4CB9-9FE8-03F7F08BFDB1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{278E25DD-7671-455E-8CF0-C0D304EF82C1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{285C17CF-F82E-4F85-B610-82209E6D6C32}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{292AD10E-D934-40DB-9E3A-6BF56B0DB0C3}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{2975C060-85CA-4C53-8E74-110AAD28CFAA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A4D07D1-7F31-4DF9-B2D0-2A4A49F693A0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{2A771313-0506-453E-91C9-2504B8BA9EBF}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe |
"{2C2A2B92-6BC0-4B33-9806-AFB79BC0BD4C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{2D35FAB3-C50B-49D2-AA4C-32CB3BC38F00}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{2D946790-C34E-4731-BB5B-4D6D3DDA92AE}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{2E580B96-84D8-4113-B78A-BA0548F3217F}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{2EEAC723-8A93-40B6-927D-97B6CE591193}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dino d-day\dinodday.exe |
"{2EF4EA70-1317-4BF2-BDB0-023E2D70334D}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dragon commander\shipping\betauploader.exe |
"{2F1D2F63-79DA-4B80-85EA-96C8F564F423}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{310176EE-77F6-4F81-91D8-91D3D486220B}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{319DCBD7-63B7-44C6-A32C-6421B1C48A60}" = protocol=6 | dir=in | app=j:\program files (x86)\tera\client\tl.exe |
"{31EC5F31-DD80-4514-BA9B-7EE3283376ED}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{33DF39C2-93D1-49C1-82E2-EFD4A8701874}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{362E6066-66C6-4955-859D-A787807227E1}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{39086CAB-78F1-4240-B116-A1AE68AEB516}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe |
"{3B3F55C7-EAD0-4E59-9117-A043DA30C971}" = protocol=6 | dir=in | app=c:\program files (x86)\kinoni\epoccam_and_barcode_drivers\kinonisvc.exe |
"{3BA12D4E-9069-4A8B-8051-2D606FD2927D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3BCA4841-645E-4627-B3BE-927C6725EC65}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{3F78CB1C-3809-4059-B9DD-AFDB76D0A1E2}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{3FE2AAD7-D342-436E-B7EA-7BF48CEE94D8}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{409A011E-2A01-49CE-BA4D-237C9EFD956B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{40C8ABAC-8002-4897-9970-1FF4E116A06B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{42EDF02F-2078-41C1-85F0-A88CA998CF32}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{43415205-D41B-47D9-93AD-A1012002DF7B}" = protocol=17 | dir=in | app=j:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{43978724-37A0-491B-891C-A812636F999A}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\skydriftdemo\skydrift.exe |
"{449F9C42-AFB3-49BD-B3AE-B81E3ACD92DC}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\launcher.exe |
"{47D0D9F2-F160-4FA4-8CD2-CE710167B376}" = protocol=6 | dir=in | app=j:\program files (x86)\tera\tera-launcher.exe |
"{47F0DE5D-8844-4BD5-A7F9-16FA7E15517F}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\shoot many robots\shootmanyrobots\binaries\shootmanyrobots.exe |
"{4A100514-E23B-4562-818E-4749406BD81F}" = protocol=6 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\ngstudio.exe |
"{4B07C912-BDD7-4AA1-BF6B-14EBBB29990D}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\painkiller hell & damnation\binaries\win32\pkhdgame-win32-shipping.exe |
"{4B4DDC54-BD0F-4E94-A925-05C8A22EB131}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
"{4E746127-C150-4983-9FCF-318D27656183}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4E8E7D8F-CC71-4FAE-97C3-6303D4B78061}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe |
"{4F757323-567C-459E-A041-69B411F29B5E}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{504C75F2-DC71-4DA5-82AF-79B2B192D872}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{510D29E7-FC2D-46DE-8E7E-A934D07AEF3F}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\launcher.exe |
"{5247366C-D9BD-4DA8-A878-AF07ECE7AB0D}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\painkiller hell & damnation\binaries\win32\pkhdgame-win32-shipping.exe |
"{52D4C3B0-D111-4EB7-9BDC-96629C31CEE3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{538ECB25-A06B-496D-86B9-73FA27537C50}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\grid 2\grid2.exe |
"{542FE241-1D43-47D8-9BAE-65A188AA8826}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{54543FFF-EB11-4D4F-A8A3-29EC13B055D8}" = protocol=6 | dir=in | app=j:\program files (x86)\origin\games\battlefield 3\bf3.exe |
"{55C9B959-725C-4DF4-97F6-82D989710B56}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe |
"{57ABCE6F-90A0-4ABE-B30E-A2BF66F5E7C3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{58FFFF5C-348C-4CCC-9B3B-3B82F834342B}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\restaurant empire 2\re2.exe |
"{5C224E4D-E133-421E-AFD1-B6457FD79F57}" = protocol=17 | dir=in | app=c:\users\thor\appdata\roaming\dropbox\bin\dropbox.exe |
"{5C534FC0-9E89-474C-8BDA-12AB8A4992CC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{5D020262-8C23-4EBC-9C80-331AD9E29722}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5D57D753-E6CA-49D3-8A24-F614812E7106}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{5DE808F0-0CAE-48EB-B0D8-85F45B58EFCC}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe |
"{5FC7AB70-6223-4465-84C9-FCF6C5D645D5}" = protocol=17 | dir=out | app=j:\program files (x86)\tera\client\tl.exe |
"{612EB092-8D88-43C5-8DAA-66F88A9B4F1D}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\blackwell legacy\blackwell1.exe |
"{6136729A-B79F-4615-B566-C085852C973F}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\rock of ages\binaries\win32\roa.exe |
"{693F28D6-AAF8-43B8-96AE-A83255442643}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe |
"{6946D538-12D8-4BAC-8672-74B43470E660}" = protocol=6 | dir=out | app=j:\program files (x86)\tera\tera-launcher.exe |
"{69650794-1BF5-46B6-9BF1-6E8056CC3410}" = protocol=6 | dir=out | app=j:\program files (x86)\tera\client\tl.exe |
"{6A1329D5-C2FB-41B1-BAF0-0302CA948E61}" = protocol=17 | dir=in | app=j:\program files (x86)\tera\client\tl.exe |
"{6A4C5510-CBCA-451E-BBC5-B8FFA367BD60}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{6AEF5BF8-CFCB-4FDB-8169-22D1024A293E}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{6B8567CC-BE4B-49EB-BA4B-09FC0D64560B}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sherlock holmes the mystery of the mummy\game.exe |
"{6DB7B489-D8D3-4C71-97EB-BD486342CB15}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{6F534FBB-0EE3-445E-8713-A33363B799A6}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\poxnora\launchpad.exe |
"{70157775-3BED-471F-9E98-8FAB7E6831B7}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{703E78F4-945F-46CE-84BC-8E0A239AA70C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{72AC1B9F-9894-4C2E-8ECB-C5C4ECBAC3A5}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{72C47FD8-73FB-409D-B27C-C842436A3974}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{73AA990B-336C-4640-A993-0977FF56FAEA}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{76A21391-F716-4D04-A88E-FD0DE4588B54}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7713605C-C61D-45D2-BBD8-004383972403}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{77451E5F-20F5-474F-8C54-CE85A51184FD}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{78AC5D0F-A787-4A6E-9AB1-A0F0D4C4277D}" = protocol=17 | dir=in | app=j:\program files (x86)\diablo iii\diablo iii.exe |
"{79CDA04C-D57D-4831-B8C8-F8437A1CDAC9}" = protocol=17 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\umi.exe |
"{7B0C24CA-7B98-4025-AE45-AC2A9E987ED6}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\magic 2014\dotp_d14.exe |
"{7BCC3922-FC0A-4F81-A839-E4E294C4C2C5}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\skydriftdemo\skydrift.exe |
"{7E56F07E-EBDA-4AF5-8CB0-91F450360764}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\bunch of heroes\keyconfig.exe |
"{80297E6C-4587-4E5E-B520-8115CAF72521}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe |
"{818959BE-457B-4D2E-97DB-0ADC82D3CEFA}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{83092CA0-DBB1-496D-B647-6CB6A10BB473}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{848EF153-F763-4B76-8281-A53E8DB9C740}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dragon commander\shipping\betauploader.exe |
"{84C54B1B-FA4E-4228-8B13-9551DCA0A95C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{8671F8B1-2E73-4572-BE5F-FACA1595846F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{86E387B6-D045-42C1-BEB1-3BBCE3892374}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{8B6280E4-1402-4152-B0D7-807C1657E59D}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
"{8BA515A4-67C4-4BCA-B163-6F87DB18E66F}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\rock of ages\binaries\win32\roa.exe |
"{8C7C9955-AB7D-48B6-AC13-7D197B51CD84}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8CABC277-DBC5-4C96-8FCF-2218AA1269C5}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{8E6E3D7C-88A1-4175-917C-A250743D8962}" = protocol=17 | dir=in | app=j:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{8EEBE51E-6087-49C2-8BA9-FB05E06426ED}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\magic 2014\dotp_d14.exe |
"{937DC820-015B-4AA5-A839-5A29DF4F7411}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{93FE19BB-411A-428D-93AA-029F9F633A59}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{95A4EA33-4FF9-4151-9EA1-1B2B8EFA6CD1}" = protocol=17 | dir=out | app=j:\program files (x86)\tera\tera-launcher.exe |
"{95D644C5-33D7-4DAB-AFF5-0D8809169E73}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{960EC588-3DE0-4EFA-9185-73DD584CB8B4}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\rusty hearts\clientlauncher.exe |
"{970A9791-08CC-420F-9332-AFD331428480}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{980DB033-E615-44F4-A36D-827811FF7951}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\blackwell legacy\blackwell1.exe |
"{9D9F4CAA-A6E8-41A6-8EAD-5ED35261526B}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{9E62C6C1-7813-49A4-A817-E8DA6997BD0F}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{9F697F68-E618-4154-B16F-7B9F7CDDE1FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A004C04D-C15F-4CBD-AF13-CEEB475EED1B}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{A0775501-653B-442B-9CCD-B5227A5CA941}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1652EC2-8955-407F-8FF8-26C39D6DF8AB}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe |
"{A24FECD2-9E0B-44E7-B0B6-9908083BA2F7}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{A62F8653-D028-4BD7-90E0-51830654BAE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A8351F36-033B-430C-9783-3EC3A1C990DD}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{A963AB53-28EF-4580-BC59-0A1BAE275D24}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{AB459E01-E9FF-43C1-B5B4-809E54D5C90D}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{ABB25392-B798-4EDB-8555-0841A4E78582}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe |
"{ABF0BA12-54DD-475B-8CE9-52C171009EC7}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{ABFFDA16-7578-4196-B394-95DFDD56C8BC}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{AD1EBF28-185E-45A7-8F40-63CCBBDF0260}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AE35E012-75FD-46A7-AF23-2FFBABF5E7B9}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sherlock holmes the mystery of the mummy\game.exe |
"{AF89BA33-C223-46C2-9DAD-9B9D41D7C5A2}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\endless space\endlessspace.exe |
"{B0775AE2-0914-4892-9567-8F0EA85A8187}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{B0FD172C-E57C-4C77-A071-278255267576}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B11798FE-DA81-4384-B629-159A45D78283}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{B219B5F9-2BB3-411D-8A62-2CE583451FF0}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the swapper\theswapper.exe |
"{B290171F-DC1D-447E-8672-F356BC5A2FF3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3A4192D-C59A-46F6-8E80-BF1B24092C4D}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{B41AB17A-5E7E-46BE-9ADF-C110CBDA49E6}" = protocol=6 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\umi.exe |
"{B4F1050F-7337-4DCA-8E94-7A063EB61F02}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{B8FDF449-377C-4466-87AC-2B5CDEE0BD72}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{B98E6E2F-A0C6-4660-8114-D82487F7701C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{BCCAD4DC-7E88-473A-A7AA-13190CDF664A}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe |
"{BD36B485-0BCB-4F7D-BA5E-3F26E8444CF7}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe |
"{BDE93427-42D0-43EA-8B14-643E82A2CDAB}" = protocol=6 | dir=out | app=c:\program files (x86)\kinoni\epoccam_and_barcode_drivers\kinonisvc.exe |
"{BE668661-38A7-4BBF-ABBB-9A5B432B4075}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{BF833962-8B82-458C-8B79-61A9EE8617D1}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\restaurant empire 2\re2.exe |
"{BFAB6E66-021E-4201-9CD1-FD29FF29201F}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{C2AF7E26-1C49-46A2-896A-AD41F8A8A347}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sherlock holmes the secret of the silver earring\game.exe |
"{C4A3C800-AC57-406A-8C33-52ACA9561046}" = protocol=6 | dir=in | app=j:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{C637B44A-3C95-48F4-B8CF-48D802E42A36}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C65940E2-1254-4ACC-92A8-1C53C54C53B4}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{C70CD81A-0B3E-4264-988E-0806D1DE7128}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\rusty hearts\clientlauncher.exe |
"{C8958BFA-4574-4526-BDAD-A4C5C578428B}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{C8A43B87-18D3-4EE1-884B-A5D35D518A05}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{C9AF3014-10B2-40E0-A2C5-B2798FD5945B}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\grid 2\grid2.exe |
"{CAC4761A-1CCB-4428-A161-4D51BC362CF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB2E67FD-834D-4D75-AED0-4AE3B3EB75E7}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\king's bounty - warriors of the north\kbwotn.exe |
"{CBA77A2A-EB6A-4264-8D17-C248CD7536EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD4B9C04-4677-401F-9C8E-3885C7EE8FF6}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{CD60C295-2234-497B-BB2D-D4E1B633E16F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{CDB66DB9-B85F-43F9-8750-7F8F4608EC80}" = protocol=6 | dir=in | app=j:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{CDF57D6C-9F39-42EC-8B69-5F0FCB454E6C}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{CECB736F-A5E7-4F17-89CC-3614F374BDD6}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\hotel giant 2\hg2.exe |
"{CEF69441-A2AB-4C50-AAC1-5E0ADA602D95}" = protocol=17 | dir=in | app=j:\program files (x86)\origin\games\fifa 13\game\fifa13.exe |
"{CFDD81F6-1B77-4401-9423-20B3037C5414}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{D005BD1E-A634-4277-AE0E-79D82C6C2759}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe |
"{D1436489-9AAB-4D34-BA4E-E2FD5C3FB892}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{D1990E46-50C6-4271-A003-5BF4D0090FA1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D4932A6C-8E7A-4971-9E72-723927886C4A}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{D89CB0B0-E987-4771-B7E9-3236DA92FC80}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{D8BE81EB-152C-421C-A31A-D0025A8B14E2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{DB560EE7-EF38-4655-B4BC-D6F418EF1C03}" = protocol=6 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\rm.exe |
"{DB8183EB-48B6-479F-9188-C82E4F9056D8}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\bunch of heroes\keyconfig.exe |
"{DC0CC9AD-9DF8-4CAB-AEFD-7DB77DF66E1C}" = protocol=6 | dir=in | app=c:\users\thor\appdata\roaming\dropbox\bin\dropbox.exe |
"{DC31E367-6428-4FFB-8860-815DE0C75030}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE1B3A23-43E7-4B53-8A40-CBA3CC325E38}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe |
"{DF183EB8-AB86-470E-81BB-BB2C060D9A5F}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\king's bounty - warriors of the north\kbwotn.exe |
"{DF34AC00-57C7-4F58-B5C5-7CF15995E893}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{E067C706-5D53-4F15-857B-8777A3CAB94F}" = protocol=17 | dir=in | app=j:\program files (x86)\origin\games\battlefield 3\bf3.exe |
"{E0A10353-7349-4CA8-8390-18C3042329BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E0AB9B0F-944B-4106-89B0-D9ED3E8497EE}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\bunch of heroes\game.exe |
"{E35DEB28-39A7-4797-AFB2-4FE41C656DB0}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe |
"{E40547F5-EFBF-4F1F-B442-4A4A1B91E5CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E46523E4-C0F6-4A06-8397-0970E3A73BCA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E518E686-7F62-45F5-9B6C-1B39771D7559}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{E57AAD25-5D3F-4F2A-BAA1-7E6DBBF2CB0F}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{E8761D6F-C968-443B-AA56-0A10F7FC5CA1}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{E9E5BCB1-656C-4D08-9369-9915F1000504}" = protocol=6 | dir=in | app=j:\program files (x86)\origin\games\fifa 13\game\fifa13.exe |
"{EB972F49-292A-471A-8967-EAA4D04ACDD9}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{ECE08F47-36BD-466D-8D44-B89D27480D06}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{ED28C681-2A51-424A-85BE-A89492BE0998}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\endless space\endlessspace.exe |
"{EE497647-49FE-487E-A86A-6344536A08F4}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{EE9573BD-68DF-4ADB-BE09-B82848C3A4CD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F0515D1A-9BB2-48BF-B06D-924628F5CF22}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F0934744-C3CC-45F8-A84F-8AB68C8A9136}" = protocol=6 | dir=out | app=system |
"{F0B2854B-BF50-4F3C-8FD0-104B82BCB620}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{F2B58789-3568-45D7-B7C7-8252DA89571E}" = protocol=17 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\ngstudio.exe |
"{F3BCA730-B017-42C1-AA6A-38E2FD857B5E}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{F3C99B27-8887-4667-A048-F6D81E1C2B1B}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\greed corp\game.exe |
"{F4FBC633-455F-41DC-9BA6-D73C120F1CD3}" = dir=in | app=c:\users\thor\appdata\roaming\allmyapps\allmyapps.exe |
"{F7E1601D-05CC-42D1-911C-1DD084A2F838}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{F86CFE52-910B-4410-A724-F37258E98298}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{F876FC1A-864D-4629-B1E5-1CBD9CA96023}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F885CF03-6903-4F77-8356-74BE3D73A8A0}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steam.exe |
"{F8F65D74-3CB7-4181-93C7-4692250E2463}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{FA500071-4352-401F-8EDF-968101483965}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\hotel giant 2\hg2.exe |
"{FAFB854B-F02F-4A3C-AAD8-CA7CD3C30FE9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FB43A610-4365-4F4B-90C1-071333DDE970}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{FB82B1D4-8768-47F0-81BD-4F38831F063D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FCEFC653-31AF-4186-9761-814EA769D6B1}" = protocol=6 | dir=in | app=j:\program files (x86)\diablo iii\diablo iii.exe |
"{FE93B181-2B09-40AE-93CB-23CEE9C52747}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{FE99F3FA-FDD7-4535-BAC4-B777CD4F7FFA}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steam.exe |
"{FEE1F993-F114-48A9-88E5-603D3FCCCB1F}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe |
"TCP Query User{0FD82494-D36C-4D57-9FCE-40BEF99ECB44}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{203DB1D8-3FA1-49D8-A49A-6F874444FF81}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"TCP Query User{212B7DE8-DC1A-4F85-B890-3E024E3E727B}F:\backup stuff\ggpo\ggpo.exe" = protocol=6 | dir=in | app=f:\backup stuff\ggpo\ggpo.exe |
"TCP Query User{24237234-F5A8-42ED-9471-20757642CD81}C:\users\thor\desktop\programs\ratiomaster.net.exe" = protocol=6 | dir=in | app=c:\users\thor\desktop\programs\ratiomaster.net.exe |
"TCP Query User{4AF6A521-893D-4589-AC10-AEDF6FB31F92}J:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{4FF81B39-3421-4910-A2C6-4FCF79F03706}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"TCP Query User{56FD6CC0-0E53-49D9-83E8-38BAA1CA4C51}G:\ggpo\ggpofba.exe" = protocol=6 | dir=in | app=g:\ggpo\ggpofba.exe |
"TCP Query User{5759B9AF-A915-4332-AE7C-A87959287A56}C:\program files (x86)\gigabyte\@bios\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gbtupd.exe |
"TCP Query User{65062F1F-133C-4390-8B8C-828AE77AF229}J:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{71A37ED6-27E3-46B4-8BD3-5D49EEA73BB5}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{8FC7339D-1AC8-4EE4-BBB7-9346BC3B2757}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
"TCP Query User{A5E95334-12D9-47F6-BFE9-17CBD4FA5691}J:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{B3C31F1A-C930-4205-A6E2-467615E7AC05}J:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=j:\program files (x86)\the witcher 2\bin\witcher2.exe |
"TCP Query User{D328B1FF-69AD-4E70-9FA1-6D00DC452AB7}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
"TCP Query User{D67AEC24-56FC-49B7-A9AD-E1A91012742D}J:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"TCP Query User{DA05FADE-AA11-4BC5-91FD-7E81016DC94D}C:\program files (x86)\gigabyte\@bios\updexe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\updexe.exe |
"TCP Query User{DBB04AA7-19AF-4B10-8C2E-18FC4A7155AD}J:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{F3F788CA-E462-453B-8FC1-EE13610A73F5}G:\ggpo\ggpo.exe" = protocol=6 | dir=in | app=g:\ggpo\ggpo.exe |
"TCP Query User{FB8320F8-CDDF-481B-ADF7-9BF76C1B7252}J:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
"UDP Query User{066EFEF0-0F4C-4858-82BF-2CBF101DAA1B}F:\backup stuff\ggpo\ggpo.exe" = protocol=17 | dir=in | app=f:\backup stuff\ggpo\ggpo.exe |
"UDP Query User{61146518-AD39-4214-BEBF-489F60192418}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
"UDP Query User{6B5A3915-8275-4091-A2ED-8645CF4501D4}G:\ggpo\ggpo.exe" = protocol=17 | dir=in | app=g:\ggpo\ggpo.exe |
"UDP Query User{6C156A94-D386-4C68-8929-07656956D749}G:\ggpo\ggpofba.exe" = protocol=17 | dir=in | app=g:\ggpo\ggpofba.exe |
"UDP Query User{6DE38980-76AC-4F36-A2D1-E56CA87EF86A}J:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
"UDP Query User{6FBA7870-5DB8-4DA0-AFAA-7615635B4173}J:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{75ECC5ED-0BB7-4AB0-9F82-CE5039FC690C}J:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"UDP Query User{87E410D1-0860-4FDC-905F-1AAA29F30492}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{90526D14-8FDD-4261-B926-A001CDA3B441}C:\users\thor\desktop\programs\ratiomaster.net.exe" = protocol=17 | dir=in | app=c:\users\thor\desktop\programs\ratiomaster.net.exe |
"UDP Query User{B06687AA-62E6-4F5C-8118-D3E559A8EEE6}J:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=j:\program files (x86)\the witcher 2\bin\witcher2.exe |
"UDP Query User{C57D4718-3C39-4C05-86BF-C97286032997}C:\program files (x86)\gigabyte\@bios\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gbtupd.exe |
"UDP Query User{D6A9F9F5-9C94-4CB8-BC31-F74EEA3A3329}J:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{D7B7FA52-F8F5-4964-AC0B-A4E338FFAFA9}J:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{DC6C4A52-F8EA-4061-9B67-8DD222D4B846}J:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{E1DE465B-4DCB-4296-B05D-42510EDC7A14}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{E5DBF925-E051-4DB2-B8A2-F3820BEDD625}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
"UDP Query User{E712E149-E313-4342-BB38-FDAF62F9C671}C:\program files (x86)\gigabyte\@bios\updexe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\updexe.exe |
"UDP Query User{FA1C406C-7376-4EEB-A12E-48B3DFA20394}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{FF959B48-2019-40A1-9221-C2CBE0F7766F}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client
"{190BC83F-D54E-4494-830E-7FB4A5F4B964}" = Local Subtitles for 64-bit WMP
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2599B6F1-92AC-472C-BE60-9F17565E4938}" = PowerDirector
"{2F74F544-9A53-4787-A6B1-0844359040D7}" = MAGIX Speed burnR (MSI)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}_is1" = WinDS PRO 2012.10.2
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5CF4CFE-3080-4436-A8A5-00CFDC0F7918}" = MAGIX Video deluxe Premium 2013 Update
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D000D1C0-6E80-4FC4-BE4E-A88872C0616F}" = Share64
"{D5FE818E-F1C7-44F8-A3C0-C08761906E27}" = Share64
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}" = PowerDirector
"{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}" = MAGIX Movie Edit Pro 2013 Premium
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.144
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"DriverAgent.exe" = DriverAgent by eSupport.com
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.8.0 (64-bit)
"Logitech Gaming Software" = Logitech Gaming Software 8.30
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NewBlue Art Effects for PowerDirector" = Newblue Art Effects for PowerDirector
"Recuva" = Recuva
"sp6" = Logitech SetPoint 6.32
"vsfilter64_is1" = DirectVobSub 2.41.7036 (64-bit)
"WinRAR archiver" = WinRAR archiver
"ZonerPhotoStudio13_EN_is1" = Zoner Photo Studio 13

**OCD** · 2013-08-09, 08:26

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{1A1BD41E-9854-4957-8959-F9559A8862A7}" = Corel VideoStudio Ultimate X5
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{02E12A07-1BB9-44D6-A480-4EA42DB9E122}" = Boris Graffiti for Corel
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06ACD0D6-537A-4831-9608-AA74A5795698}" = Fantasy Sound Pack
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DB44859-4112-4946-BE5E-A4275B3FFB5E}" = Furry Voices for Second Life
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA
"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A1BD41E-9854-4957-8959-F9559A8862A7}" = ICA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F8BC72D-14B1-4DCA-BD9E-49D712CF035D}" = C64 Forever
"{20052CA0-FF43-4901-8261-E6DBF0A09ED1}" = Farm Animal Sounds
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216E21F4-0489-4311-92D6-20D1FB950FCE}" = Sci-Fi Voice Pack
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}" = Pinnacle Studio 16
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}" = Update Manager B10.0728.1
"{29C042AB-059B-414C-840E-94775E3F24A8}" = Personality Voices
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336E1A2D-E3EB-4846-B7D0-BD75BBBBC0A4}" = Deep Space Voices
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B11.0512.1
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0630.1
"{45BF4F8E-7BE7-4384-94C6-60AC70C401C6}" = Male Voice Pack
"{48A00644-2D97-43B5-A614-603DECF3E5F6}" = Boris Graffiti for Corel
"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}" = SpyHunter
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B616A3F-43D9-4F0B-9F49-D39342A98592}" = Creatures of Darkness
"{602A1471-063B-4E03-9DCE-0210B914EFF5}" = Translator Fun Voice Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66C70B5F-730F-4C5D-9FC5-8E56D0FE7D53}" = IPM_VS_Pro
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{682B3199-76C3-4745-B7AE-FC13F6676421}_is1" = Pavtube Blu-ray Video Converter Ultimate Ver 4.0.2.2902
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A6F7B28-E178-47AC-8654-A654ADA6C777}" = VSHelp
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{71F8C486-8A13-468E-8B73-06051075556A}" = Female Voice Pack
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79A743FA-FF99-42DF-8C35-BA40EAEA6668}" = Comic Sound Pack
"{8061C2C9-C2A3-4550-A3FC-585B646840CB}" = Fantasy Voice Pack
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8AA4F966-EF4B-44D8-99AA-C4EA93B46863}" = VSClassic
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BB86DF-EE99-41EB-9446-B4623A725E2A}" = Livestream for Producers
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8887C7B-0BCC-4FBF-BCEB-9BB4D4B14999}" = Setup
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABBC8011-1E42-4ADA-9794-574349612CEF}" = iWebcamera
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0C00181-ECF5-4124-A6DE-14EA663D4799}" = Blue Satin Skin
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C717B4D4-2EFA-4DC3-8EDB-79543E43666C}" = VSUltimate
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{CA486743-5F44-40D5-A38B-77911FB27579}" = Contents
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D13F2D95-1CE0-4147-846F-89ECB2E9A5CD}" = Sci-Fi Sound Pack
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents
"{D813EF9B-69CF-4996-893C-B400AE7292FA}" = Spooky Sounds
"{D84B7C7E-2E4D-4002-8CA8-EED4EDB333AC}" = MLE
"{D875FFEE-2FCE-4774-902A-749198C00A68}" = PureHD
"{D91802D9-6A42-4563-BC37-B3E2D04DC95B}" = Ancient Weapon Sounds
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share
"{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO
"{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCDC6934-7428-489E-8651-90B53191488B}" = ISCOM
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF3FE308-58F2-45E2-9BB0-6A993794AD5C}" = Galactic Voices
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7E76513-335F-4995-86CF-A85B77D8D975}" = Sci-Fi 2 Sound Pack
"{EEBEF66A-70FD-4DF6-B173-82D07E61853E}" = Share
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}" = Pinnacle Studio 16 - Install Manager
"{F2979728-5C01-4D39-8974-DBC579C3BD49}" = Usage Agent
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FC6DAF3E-52C2-43AD-9C50-810F8943C79E}" = BigPond Media Downloader
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.3
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cloanto Software Director" = Software Director
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Desura" = Desura
"Diablo III" = Diablo III
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVD Catalyst" = DVD Catalyst 4.1.5.2
"Dxtory2.0_is1" = Dxtory version 2.0.122
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ESN Sonar-0.70.4" = ESN Sonar
"Evaer Video Recorder for Skype" = Evaer Video Recorder for Skype 1.3.4.15
"Fraps" = Fraps (remove only)
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.13.608
"Free Video to Android Converter_is1" = Free Video to Android Converter version 5.0.13.608
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.8.4.920
"GoldWave v5.68" = GoldWave v5.68
"HandBrake" = HandBrake 0.9.6
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0630.1
"InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"KinoniDrivers" = KinoniDrivers 2.8.1
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Logitech Vid" = Logitech Vid HD
"MAGIX_{2F74F544-9A53-4787-A6B1-0844359040D7}" = MAGIX Speed burnR (MSI)
"MAGIX_{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}" = MAGIX Movie Edit Pro 2013 Premium
"MagniDriver" = marvell 91xx driver
"MakeMKV" = MakeMKV v1.8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Media Player - Codec Pack" = Media Player Codec Pack 4.2.7
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.1.0.4
"MKVToolNix" = MKVToolNix 5.6.0
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Origin" = Origin
"proDAD-HeroglyphRoute-4.0" = proDAD Route 4.0
"proDAD-Mercalli-2.0" = proDAD Mercalli 2.0
"proDAD-Vitascene-2.0" = proDAD Vitascene 2.0
"PS3 Media Server" = PS3 Media Server
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"SopCast" = SopCast 3.4.8
"Stardock Central" = Stardock Central
"Steam App 102600" = Orcs Must Die!
"Steam App 105600" = Terraria
"Steam App 11130" = Sherlock Holmes: The Mystery of The Mummy
"Steam App 111400" = Bunch Of Heroes
"Steam App 11150" = Sherlock Holmes: The Secret of the Silver Earring
"Steam App 113420" = Fallen Earth
"Steam App 1250" = Killing Floor
"Steam App 17080" = Tribes: Ascend
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 200170" = Worms Revolution
"Steam App 200710" = Torchlight II
"Steam App 201210" = PoxNora
"Steam App 201790" = Orcs Must Die! 2
"Steam App 203140" = Hitman: Absolution
"Steam App 203160" = Tomb Raider
"Steam App 203350" = King's Bounty: Warriors of the North
"Steam App 207170" = Legend of Grimrock
"Steam App 207890" = Football Manager 2013
"Steam App 208140" = Endless Space
"Steam App 209540" = Strike Suit Zero
"Steam App 210770" = Sanctum 2
"Steam App 212680" = FTL: Faster Than Light
"Steam App 213850" = Magic 2014
"Steam App 214870" = Painkiller Hell & Damnation
"Steam App 218230" = PlanetSide 2
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 220" = Half-Life 2
"Steam App 22230" = Rock of Ages
"Steam App 223220" = Giana Sisters: Twisted Dreams
"Steam App 22600" = Worms Reloaded
"Steam App 226980" = Pinball FX2
"Steam App 230410" = Warframe
"Steam App 231160" = The Swapper
"Steam App 24240" = PAYDAY: The Heist
"Steam App 32900" = Restaurant Empire II
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 35130" = Lara Croft and the Guardian of Light
"Steam App 35720" = Trine 2
"Steam App 36630" = Rusty Hearts
"Steam App 38230" = Hotel Giant 2
"Steam App 44350" = GRID 2
"Steam App 48950" = Greed Corp
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 55230" = Saints Row: The Third
"Steam App 620" = Portal 2
"Steam App 630" = Alien Swarm
"Steam App 65800" = Dungeon Defenders
"Steam App 70000" = Dino D-Day
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8870" = BioShock Infinite
"Steam App 91110" = SkyDrift Demo
"Steam App 91310" = Dead Island
"Steam App 91600" = Sanctum
"Steam App 9340" = Company of Heroes: Opposing Fronts
"Steam App 96400" = Shoot Many Robots
"Steam App 98200" = Frozen Synapse
"Steam App 9900" = Star Trek Online
"TeamViewer 7" = TeamViewer 7
"The KMPlayer" = The KMPlayer (remove only)
"TMPGEnc Video Mastering Works" = TMPGEnc Video Mastering Works
"Tunngle beta_is1" = Tunngle beta
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.6
"Wondershare Video Converter Ultimate_is1" = Wondershare Video Converter Ultimate(Build 5.7.4.2)
"xvid" = Xvid MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/08/2013 1:27:18 AM | Computer Name = Thor-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 9/08/2013 1:27:29 AM | Computer Name = Thor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/08/2013 1:27:29 AM | Computer Name = Thor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/08/2013 1:27:29 AM | Computer Name = Thor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/08/2013 1:27:30 AM | Computer Name = Thor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/08/2013 1:27:30 AM | Computer Name = Thor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/08/2013 1:27:30 AM | Computer Name = Thor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/08/2013 1:27:30 AM | Computer Name = Thor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/08/2013 1:32:15 AM | Computer Name = Thor-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 28.0.1500.95, time
stamp: 0x51f05c5f Faulting module name: ole32.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x0003bc21 Faulting process
id: 0x12d0 Faulting application start time: 0x01ce94c1278de004 Faulting application
path: C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: C:\Windows\syswow64\ole32.dll Report Id: 0bf435f4-00b5-11e3-af1c-50e549b16d48

Error - 9/08/2013 1:37:21 AM | Computer Name = Thor-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 28.0.1500.95, time
stamp: 0x51f05c5f Faulting module name: ole32.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x0003bc21 Faulting process
id: 0x8c8 Faulting application start time: 0x01ce94c256a2d8ba Faulting application
path: C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: C:\Windows\syswow64\ole32.dll Report Id: c24bab43-00b5-11e3-af1c-50e549b16d48

[ Spybot - Search and Destroy Events ]
Error - 5/08/2013 1:37:44 PM | Computer Name = Thor-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 8/08/2013 3:37:24 PM | Computer Name = Thor-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 8/08/2013 3:39:58 PM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/08/2013 3:56:40 PM | Computer Name = Thor-PC | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 8/08/2013 3:57:40 PM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/08/2013 12:29:59 AM | Computer Name = Thor-PC | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 9/08/2013 12:30:58 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/08/2013 12:46:27 AM | Computer Name = Thor-PC | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 9/08/2013 12:47:26 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/08/2013 1:24:18 AM | Computer Name = Thor-PC | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 9/08/2013 1:25:19 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).

< End of report >

**OCD** · 2013-08-09, 08:28

Should I paste them up now or wait for different instructions?

I have taken care of posting them. But it's late and I still have to review the logs. I will pick back up later today.

**vlahka** · 2013-08-09, 08:31

Thanks for the help.

**OCD** · 2013-08-09, 18:13

Hi vlahka,

1. Reset / Change Homepage in Chrome

Click the Chrome menu on the browser toolbar.
Select Settings.
- Add the home button to the browser toolbar
  Home page button is off by default. Select the "Show Home button" checkbox in the "Appearance" section to show it on the browser toolbar.
- Set your home page
  When the "Show Home button" checkbox is selected, a web address appears below it. This is the address you will want to change. (hxxp://www.delta-search.com/)
  Click Change to enter a link (i.e. http://www.google.com). You can also choose the New Tab page as your home page.

=========================

2. Delete cache and other browser data in Chrome

Click the Chrome menu on the browser toolbar.
Select Tools.
Select Clear browsing data.
In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.
- Clear browsing history
- Clear download history
- Empty the cache
- Delete cookies and other site and plug-in data
- Clear saved passwords
- Clear saved Autofill form data
- Clear data from hosted apps
- Deauthorize content licenses
Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
Click Clear browsing data.

=========================

3. Junkware Removal Tool (I changed the download link)

Please download Junkware Removal Tool to your desktop.

Right click and select "Run as Administrator".

Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

=========================

4. Run OTL.exe

Windows Vista and Windows 7 users Right Click and select "Run as Administrator"

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL
CHR - homepage: http://www.delta-search.com/?affID=1...0000ff73427270
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll
O2 - BHO: (no name) - {45d30484-7ded-43d9-957a-d2fd1f046511} - No CLSID value found.
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
[2013/08/06 09:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Thor\AppData\Roaming\gjrgfujw

:Files
ipconfig /flushdns /c

:Commands
[purity]
[createrestorepoint]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

=========================

In your next post please provide the following:

JRT.txt
OTL.txt
How is the computer running, what issues still remain?

Thread: Help clearing trojan/malware issues

Thread Tools

Display

Posting Permissions