Advanced system protector help removal

[vlahka]

OTL logfile created on: 19/12/2013 11:32:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thor\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.98 Gb Total Physical Memory | 5.70 Gb Available Physical Memory | 71.37% Memory free
15.97 Gb Paging File | 13.42 Gb Available in Paging File | 84.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 39.21 Gb Free Space | 35.11% Space Free | Partition Type: NTFS
Drive F: | 878.92 Gb Total Space | 38.02 Gb Free Space | 4.33% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 455.08 Gb Free Space | 24.43% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 435.18 Gb Free Space | 46.72% Space Free | Partition Type: NTFS
Drive L: | 984.09 Gb Total Space | 224.65 Gb Free Space | 22.83% Space Free | Partition Type: NTFS

Computer Name: THOR-PC | User Name: Thor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Thor\Desktop\OTL.exe (OldTimer Tools)
PRC - J:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe ()
PRC - C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe (Cloanto Corporation)
PRC - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - J:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - J:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - J:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlServ#\5660a2e02280885f4fb581688f8157e8\System.Data.SqlServerCe.ni.dll ()
MOD - J:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - J:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - J:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\6c7f57211a988e2f261dff251805e90e\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ec057796972ce41b751eaa3a8306fbcb\System.ServiceModel.Discovery.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dc86fe1c7a6e3a7ce9e9c1f13d9b1e8e\System.ServiceModel.Routing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d09c237ee72af3935f1a01388ef8e315\System.ServiceModel.Channels.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5055b60e339143bbace5871f5fe4b114\System.ServiceModel.Activities.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f42c2acdb000001066c78acfc6cd8655\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ASO3DiskOptimizer) -- C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe (Systweak Software, (www.systweak.com))
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (KinoniSvc) -- C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe ()
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
SRV - (HiPatchService) -- J:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (PanService) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (PinnacleUpdateSvc) -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe (PowerUp Software, LLC)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (CSObjectsSrv) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
SRV - (DES2 Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (LGSUsbFilt) -- C:\Windows\SysNative\drivers\LGSUsbFilt.sys (Logitech Inc.)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (kinonivd) -- C:\Windows\SysNative\drivers\kinonivd.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (KINONI_Wave) -- C:\Windows\SysNative\drivers\kinonivad.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (TEAM) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (CSCrySec) -- C:\Windows\SysNative\drivers\CSCrySec.sys (Infowatch)
DRV:64bit: - (CSVirtualDiskDrv) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys (Infowatch)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (tap0901t) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (VLAN) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTVLANPT) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (CamDrL64) -- C:\Windows\SysNative\drivers\CamDrL64.sys (Logitech Inc.)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://battlelog.battlefield.com/bf3...=|bf3|servers|
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 85 D0 F3 79 6C CC 01 [binary data]
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\..\SearchScopes,DefaultScope = {922E6970-BD05-47bc-AF58-D431E6404A30}
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\..\SearchScopes\{922E6970-BD05-47bc-AF58-D431E6404A30}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://battlelog.battlefield.com/bf3...=|bf3|servers|
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 85 D0 F3 79 6C CC 01 [binary data]
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\..\SearchScopes,DefaultScope = {922E6970-BD05-47bc-AF58-D431E6404A30}
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\..\SearchScopes\{922E6970-BD05-47bc-AF58-D431E6404A30}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: jyboy.yy%40gmail.com:1.0.4
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: greasemonkeybcsf%40stpors.net:0.2.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@mammoth.com.au/BigPondMediaDownloader,version=1.0.0: C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll (Mammoth Media)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thor\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thor\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\mammothmedia.com.au/BigPondMediaDownloaderDetector: C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll (Mammoth Media)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2012/11/01 16:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2012/11/01 16:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2012/11/01 16:25:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/29 15:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/29 15:30:40 | 000,000,000 | ---D | M]

[2011/09/06 19:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Extensions
[2013/11/03 00:27:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions
[2013/05/01 16:50:01 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/06/27 21:36:12 | 000,000,000 | ---D | M] (Greasemonkey Shared Script Folder) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\greasemonkeybcsf@stpors.net
[2012/08/03 05:10:26 | 000,000,000 | ---D | M] (YTshowRating) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\jid1-m7xzZLMj29zzjA@jetpack
[2012/04/24 23:27:17 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\jyboy.yy@gmail.com
[2012/05/17 17:45:26 | 000,000,000 | ---D | M] (Redirector) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\redirector@einaregilsson.com
[2013/03/23 10:06:08 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/10/29 14:00:45 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/03 00:27:19 | 000,282,570 | ---- | M] () (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/10/29 15:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/29 15:30:39 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2013/10/29 15:30:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/29 15:30:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BigPond Media Downloader Detector (Enabled) = C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Thor\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.0_0\
CHR - Extension: DownloadAll = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajffocjdcmpgjmdfdfkdfdbkjafbkcke\2.1.1_0\
CHR - Extension: YouTube = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: FlashBlock = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdngiadmnkhgemkimkhiilgffbjijcie\1.2.11.12_0\
CHR - Extension: Adblock Plus = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7_0\
CHR - Extension: YouTube\u2122 Ratings Preview = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\3.1.1_0\
CHR - Extension: OneTab = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.6_0\
CHR - Extension: Google Search = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\
CHR - Extension: Session Buddy = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.4_0\
CHR - Extension: Youtube Video Downloader = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgdjbcjnihndbfmmggceololenekadg\1.2_0\
CHR - Extension: Virtual Keyboard = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\
CHR - Extension: Chromium Wheel Smooth Scroller = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb\1.3.4_0\
CHR - Extension: Google Wallet = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\

[vlahka]

O1 HOSTS File: ([2013/12/19 22:12:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [ACPW06EN] C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe (ACD Systems)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CloantoSoftwareDirector] C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe (Cloanto Corporation)
O4 - HKLM..\Run: [LWS] H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Standby] c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000..\Run: [Steam] J:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011..\Run: [Steam] J:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51AF2091-0927-4023-86DB-142FD3B91A25}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73427270-A448-4497-95DC-8D915CF25F20}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/16 18:31:23 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/19 23:31:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thor\Desktop\OTL.exe
[2013/12/19 22:24:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/12/19 22:24:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/12/19 22:04:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/12/19 22:04:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/12/19 22:04:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/12/19 22:03:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/19 22:01:57 | 005,154,906 | R--- | C] (Swearware) -- C:\Users\Thor\Desktop\ComboFix.exe
[2013/12/19 14:29:32 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D896A6DE-27B1-486C-8661-003AD9160B72}
[2013/12/19 02:28:49 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{849A18FE-AF8B-4FF6-846B-DF1D2C3E9BAB}
[2013/12/18 14:28:05 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D0CE82F9-7496-422F-AFE7-FC402F805256}
[2013/12/18 14:14:51 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\ACD Systems
[2013/12/18 14:14:51 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\ACD Systems
[2013/12/18 14:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
[2013/12/18 14:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ACD Systems
[2013/12/18 14:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems
[2013/12/18 14:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2013/12/18 13:47:46 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\FastStone
[2013/12/18 13:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
[2013/12/18 13:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Image Viewer
[2013/12/18 13:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2013/12/18 13:45:59 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
[2013/12/18 13:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/12/18 13:23:42 | 000,000,000 | ---D | C] -- C:\Users\Thor\Documents\ZPS15
[2013/12/18 13:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 15
[2013/12/18 02:27:21 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{17FA845B-4390-45F9-9C53-B3AE303C6BDC}
[2013/12/17 17:44:05 | 000,000,000 | ---D | C] -- C:\Users\Thor\Desktop\adsadsadsadsf
[2013/12/17 14:26:37 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{6F1E42CA-6542-40D4-989F-1D1BCC68FDC2}
[2013/12/17 02:25:31 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{7EFE4767-E25A-479F-90FE-6B8EC2FBA0B9}
[2013/12/16 22:50:09 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\IObit
[2013/12/16 22:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/12/16 22:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
[2013/12/16 22:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/12/16 22:17:22 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\Xenocode
[2013/12/16 14:24:56 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{05D9B1BD-0ABB-4281-8C48-AE7521084C38}
[2013/12/16 02:24:22 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{35D9B639-F1E0-42CF-BD3E-2A9F0DD5A87C}
[2013/12/15 13:18:58 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{CB0FAAFD-BFC6-411C-832D-CD0970224273}
[2013/12/14 13:10:32 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{58B18ED8-1332-4A67-A458-0DEDFBC6D60D}
[2013/12/14 01:04:50 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{29775709-3D35-44AF-9151-708B1E796672}
[2013/12/13 13:04:20 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{A226EA76-B129-4A0C-AE7D-6A51C0ED1E99}
[2013/12/13 12:01:22 | 004,583,424 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2013/12/13 00:26:36 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{98520726-C8CF-46AC-9463-EC3C3400665C}
[2013/12/12 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{4DC0664C-4775-40EE-A99D-A4C4BA0CFAE1}
[2013/12/12 00:25:40 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{767901AF-AF47-4E4E-9B54-8EAA61A36891}
[2013/12/11 12:25:18 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{7C8D0E92-6CB8-4E77-B845-5976A5E4AF5A}
[2013/12/11 00:24:44 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E88792A9-D1D6-40B2-8686-1F0F0C48F005}
[2013/12/10 12:24:09 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{F9DCA46E-C9B9-46F0-8C1A-E75D2B92FC18}
[2013/12/10 00:23:43 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D215823D-FFB8-421B-99A5-016D68B04E70}
[2013/12/09 12:23:09 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{40BCAD90-914B-4D58-8468-B54427F806F9}
[2013/12/09 00:22:35 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{A495DBF5-7F43-4FF7-BD7E-38B001F7B858}
[2013/12/08 23:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3
[2013/12/08 23:24:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.3
[2013/12/08 23:23:45 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\cache
[2013/12/08 23:23:44 | 000,000,000 | ---D | C] -- C:\Users\Thor\Documents\Mobogenie
[2013/12/08 23:23:44 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\Mobogenie
[2013/12/08 23:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2013/12/08 22:45:25 | 000,000,000 | ---D | C] -- C:\Users\Thor\Documents\My Cheat Tables
[2013/12/08 22:42:43 | 000,000,000 | ---D | C] -- C:\Users\Thor\Documents\FLiNGTrainer
[2013/12/08 12:22:00 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{175E7DCA-2C44-4838-B8B3-D6B22D0A5FE8}
[2013/12/07 18:49:56 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{EE83E89D-966E-4BD9-8D0D-5E44346B37EC}
[2013/12/07 06:49:22 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E2E4E388-7322-4AE9-BD3D-CB5B3D1DD7A7}
[2013/12/06 17:32:09 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{EDC693A7-9D62-4FBC-B7DB-864969FB56AF}
[2013/12/06 16:21:19 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\PDF24
[2013/12/06 16:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2013/12/06 05:31:46 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{CEC9543C-9113-4ADE-88D3-E7F878DED8DC}
[2013/12/05 17:31:24 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E4304F79-64ED-41DC-8A0D-1D5F7D169A8D}
[2013/12/05 05:30:50 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{EF8758E8-ECB9-48D1-A1C6-83010D984F9F}
[2013/12/04 17:30:28 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{A42E06A3-CECA-47A1-AB70-C20F4995DA0D}
[2013/12/04 12:43:11 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Thor\Desktop\aswMBR (1).exe
[2013/12/04 12:35:36 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Thor\Desktop\dds.scr
[2013/12/04 12:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/12/04 12:32:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/12/04 06:54:15 | 000,000,000 | ---D | C] -- C:\hijackthis
[2013/12/04 05:29:53 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{AB432236-8B46-4604-9F0C-A7E8A84B67E1}
[2013/12/03 17:29:32 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{B62718D9-4665-4CD9-8013-C0E70091B7A6}
[2013/12/03 05:28:57 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{F53F9816-300E-4A94-BA28-70447A2DBC1E}
[2013/12/02 17:28:23 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{6E7578EC-75AD-4A04-BF3D-E724CBEED224}
[2013/12/02 05:27:46 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{3ADC6853-BA48-4CB6-A2F4-98DCFC3203C9}
[2013/12/01 17:27:24 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D4AF4D06-D8E7-4BB5-A6EE-CBB25B89B34C}
[2013/12/01 05:26:49 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{EDC45451-3EB8-45F7-8987-CCEAEA462EF4}
[2013/11/30 17:26:01 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{73457022-53B1-463B-97DC-15B7484FB346}
[2013/11/30 17:14:26 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\MPC-HC
[2013/11/30 17:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013/11/30 17:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013/11/30 05:25:27 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E9921A5E-AC51-42E1-9AEB-1AAAA11AF817}
[2013/11/29 17:24:53 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{DA3C05D3-61CB-4359-8160-3AA938F1B1D2}
[2013/11/29 05:24:17 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{A4B42952-B061-4C8A-80E9-6FB5A73CC9EA}
[2013/11/28 17:23:43 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{F0331BDD-5A4B-4A3D-B0C5-07E9763A6F23}
[2013/11/28 04:15:01 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{A045844B-BACC-4D46-AECF-44ECEB853DDA}
[2013/11/27 16:14:39 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{9AD0B4FA-71CD-4421-B5D7-350208F28F0D}
[2013/11/27 04:04:29 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{8945C753-1FE8-4C07-9241-4E9A9BC6B685}
[2013/11/26 15:32:07 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{454F3AF2-BAF4-4490-931A-A8DB2A1DE4B9}
[2013/11/25 19:57:53 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{454AC5C1-992C-40DF-9F2F-2D1B159C8076}
[2013/11/25 04:48:17 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{87BCAB07-A8FA-4768-8631-71C9EF63D695}
[2013/11/24 16:31:29 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{38DD516B-B5CC-444B-BECD-7EE74F9197BA}
[2013/11/24 04:30:55 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D4234DD3-C092-48B4-AB82-4A9F8CB388E9}
[2013/11/23 20:32:52 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhoreCraft
[2013/11/23 16:30:20 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D618B4A1-94D4-4348-85A2-6514E168F301}
[2013/11/23 04:29:45 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{569D1019-96E4-4641-B6E6-D7A695F164D5}
[2013/11/22 16:29:23 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{8155AEA8-B1CC-44C0-B49B-FD7892403DB8}
[2013/11/22 03:33:21 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{28474E01-1D0D-4632-86A4-ABDFFD66BC7B}
[2013/11/21 15:32:59 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{2144590C-67FE-4CA1-AE1D-0707156D5923}
[2013/11/21 03:32:24 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{031CA1E0-963A-493D-BEEF-0E60AE20B098}
[2013/11/20 19:21:56 | 000,000,000 | ---D | C] -- C:\Users\Thor\Documents\GOG.com Downloads
[2013/11/20 19:07:57 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\GOG.com
[2013/11/20 15:32:02 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{92484D33-24BB-4421-9020-D94C55872C7B}
[2013/11/20 03:31:28 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{461F93BA-1288-4E9A-8AF6-095365A68195}

========== Files - Modified Within 30 Days ==========

[2013/12/19 23:30:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thor\Desktop\OTL.exe
[2013/12/19 23:13:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000UA.job
[2013/12/19 22:32:12 | 002,027,386 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/19 22:32:12 | 000,664,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/19 22:32:12 | 000,608,354 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013/12/19 22:32:12 | 000,419,460 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2013/12/19 22:32:12 | 000,122,392 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2013/12/19 22:32:12 | 000,122,392 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/19 22:32:12 | 000,111,190 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013/12/19 22:26:17 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013/12/19 22:26:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/19 22:26:14 | 2134,200,319 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/19 22:25:38 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/19 22:25:38 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/19 22:12:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/19 22:01:53 | 005,154,906 | R--- | M] (Swearware) -- C:\Users\Thor\Desktop\ComboFix.exe
[2013/12/19 12:56:55 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2013/12/18 14:14:27 | 000,002,835 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Pro 6 (64-bit).lnk
[2013/12/18 13:47:14 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
[2013/12/16 03:23:09 | 000,006,318 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2013/12/13 13:03:03 | 005,192,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/13 12:01:22 | 004,583,424 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2013/12/12 12:13:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000Core.job
[2013/12/06 16:14:25 | 000,119,438 | ---- | M] () -- C:\Users\Thor\Desktop\ELR_candidate_form-signed.pdf
[2013/12/06 04:51:44 | 000,000,220 | ---- | M] () -- C:\Users\Thor\Desktop\Star Trek Online.url
[2013/12/05 23:32:42 | 000,000,222 | ---- | M] () -- C:\Users\Thor\Desktop\Batman Arkham City GOTY.url
[2013/12/05 15:34:27 | 000,000,222 | ---- | M] () -- C:\Users\Thor\Desktop\Broken Sword 5.url
[2013/12/04 12:53:59 | 000,000,512 | ---- | M] () -- C:\Users\Thor\Desktop\MBR.dat
[2013/12/04 12:42:58 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Thor\Desktop\aswMBR (1).exe
[2013/12/04 12:41:34 | 000,005,257 | ---- | M] () -- C:\Users\Thor\Desktop\attach.zip
[2013/12/04 12:35:28 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Thor\Desktop\dds.scr
[2013/12/04 12:32:49 | 000,001,108 | ---- | M] () -- C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/12/04 12:32:28 | 000,000,909 | ---- | M] () -- C:\Users\Thor\Desktop\ERUNT.lnk
[2013/12/04 06:20:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.original
[2013/12/01 18:56:24 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk
[2013/11/30 19:38:24 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2013/11/30 17:01:17 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\etdrv.sys
[2013/11/29 20:18:05 | 000,002,272 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2013/11/24 14:44:19 | 000,274,869 | ---- | M] () -- C:\Users\Thor\Desktop\ccc.htm


========== Files Created - No Company Name ==========

[2013/12/19 22:04:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/19 22:04:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/19 22:04:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/19 22:04:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/19 22:04:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/12/18 14:14:27 | 000,002,835 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee Pro 6 (64-bit).lnk
[2013/12/18 13:47:14 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
[2013/12/12 14:21:29 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2013/12/06 16:14:25 | 000,119,438 | ---- | C] () -- C:\Users\Thor\Desktop\ELR_candidate_form-signed.pdf
[2013/12/06 04:51:44 | 000,000,220 | ---- | C] () -- C:\Users\Thor\Desktop\Star Trek Online.url
[2013/12/05 23:32:42 | 000,000,222 | ---- | C] () -- C:\Users\Thor\Desktop\Batman Arkham City GOTY.url
[2013/12/05 15:34:27 | 000,000,222 | ---- | C] () -- C:\Users\Thor\Desktop\Broken Sword 5.url
[2013/12/04 12:53:59 | 000,000,512 | ---- | C] () -- C:\Users\Thor\Desktop\MBR.dat
[2013/12/04 12:41:34 | 000,005,257 | ---- | C] () -- C:\Users\Thor\Desktop\attach.zip
[2013/12/04 12:32:49 | 000,001,108 | ---- | C] () -- C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/12/04 12:32:28 | 000,000,909 | ---- | C] () -- C:\Users\Thor\Desktop\ERUNT.lnk
[2013/12/01 18:56:24 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk
[2013/11/30 17:09:39 | 000,256,088 | ---- | C] () -- C:\Windows\SysNative\unrar64.dll
[2013/11/24 14:44:18 | 000,274,869 | ---- | C] () -- C:\Users\Thor\Desktop\ccc.htm
[2013/11/01 22:30:31 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/11/01 22:30:31 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/11/01 22:30:31 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/11/01 22:30:31 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/11/01 22:30:31 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/11/01 22:30:31 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/11/01 22:30:31 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/11/01 22:30:31 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/11/01 22:30:31 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/11/01 22:30:31 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2013/11/01 22:30:31 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/11/01 22:30:31 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/11/01 22:30:31 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/11/01 22:30:31 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/11/01 22:30:31 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/11/01 22:30:31 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2013/11/01 22:30:31 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2013/11/01 22:30:31 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/11/01 22:30:31 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/08/26 06:04:24 | 000,000,008 | RHS- | C] () -- C:\ProgramData\1F764CA33D.sys
[2013/08/11 15:22:56 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-THOR-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
[2013/07/28 18:08:40 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/07/28 18:08:40 | 000,001,892 | ---- | C] () -- C:\Windows\unins000.dat
[2013/04/19 08:08:36 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\Media Player - Codec Pack Disc handler.exe
[2012/11/21 23:39:33 | 000,000,045 | ---- | C] () -- C:\Users\Thor\jagex_cl_speccollect_LIVE.dat
[2012/11/21 23:39:33 | 000,000,001 | ---- | C] () -- C:\Users\Thor\random.dat
[2012/10/21 02:21:05 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/10/21 02:21:05 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2012/10/21 02:21:05 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2012/10/10 17:50:48 | 000,216,072 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/18 13:05:01 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2012/09/16 15:31:11 | 001,239,424 | ---- | C] () -- C:\Users\Thor\P1010012-1.jpg
[2012/09/16 15:22:00 | 004,696,064 | ---- | C] () -- C:\Users\Thor\P1010012.JPG
[2012/09/16 15:22:00 | 004,167,168 | ---- | C] () -- C:\Users\Thor\P1010005.JPG
[2012/08/02 18:23:54 | 000,017,408 | ---- | C] () -- C:\Users\Thor\AppData\Local\WebpageIcons.db
[2012/07/05 01:34:25 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012/05/12 20:07:35 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2012/05/12 20:07:35 | 000,001,651 | ---- | C] () -- C:\Windows\Graffiti5.4.ini
[2012/04/29 00:49:27 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2012/03/07 01:40:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/01/18 16:14:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 16:14:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 16:14:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/12 18:08:03 | 000,000,600 | ---- | C] () -- C:\Users\Thor\AppData\Roaming\winscp.rnd
[2011/11/15 12:43:48 | 000,001,461 | ---- | C] () -- C:\Users\Thor\.recently-used.xbel
[2011/10/22 00:54:27 | 000,005,120 | ---- | C] () -- C:\Users\Thor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/22 00:52:12 | 000,006,318 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/09/20 00:10:11 | 000,000,017 | ---- | C] () -- C:\Users\Thor\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/14 14:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 22:57:25 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 21:51:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/18 14:14:51 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\ACD Systems
[2013/05/10 04:39:10 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Allmyapps
[2012/11/19 01:21:30 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Atari
[2013/11/15 15:12:46 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Audacity
[2013/07/28 16:10:07 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Awesomium
[2013/12/19 21:26:29 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Azureus
[2013/09/12 19:58:12 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Cakewalk
[2011/09/23 04:25:55 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Canon
[2013/05/24 20:41:23 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Cloanto
[2013/07/27 14:17:14 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\com.doubleperfect.ggpo
[2011/12/03 20:47:54 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2011/10/09 15:57:50 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\cYo
[2013/09/13 02:53:29 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\DAEMON Tools Lite
[2013/12/09 18:37:49 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Dropbox
[2012/07/01 06:27:24 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\DVD Catalyst 4
[2012/06/13 02:20:26 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\DVDVideoSoft
[2013/05/22 16:12:36 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Evaer
[2012/09/27 19:30:54 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Fatshark
[2012/12/29 22:00:34 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Games
[2011/11/15 12:43:48 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\gtk-2.0
[2013/12/11 19:45:11 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\HandBrake
[2013/12/16 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\IObit
[2011/09/12 16:36:33 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Leadertech
[2011/12/16 11:55:52 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\LEAPS
[2013/03/28 18:37:59 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\MAGIX
[2012/06/29 22:56:53 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\mkvtoolnix
[2013/11/30 17:14:26 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\MPC-HC
[2013/08/06 09:31:36 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Mumble
[2011/11/09 02:50:26 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Nucleosys
[2013/08/15 22:48:52 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Origin
[2012/06/12 21:33:36 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Pavtube
[2011/12/16 11:47:05 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Pegasys Inc
[2013/06/09 21:59:24 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\PlayClaw3
[2012/10/21 02:24:23 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\PowerUp Software
[2012/05/12 20:08:45 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\proDAD
[2013/03/26 22:46:52 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Publish Providers
[2013/01/28 17:50:53 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\QuickScan
[2013/02/14 07:39:56 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Reincubate
[2012/05/05 18:58:01 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\RenPy
[2011/12/01 20:57:49 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Screaming Bee
[2013/10/23 18:12:46 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\ShiningStar
[2013/12/16 22:57:14 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Sony
[2012/10/19 03:33:17 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Sports Interactive
[2012/03/19 06:09:37 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/12/19 22:26:19 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Systweak
[2013/12/12 14:41:28 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\TeamViewer
[2012/02/10 04:02:01 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\The Creative Assembly
[2012/08/05 06:50:39 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Tropico 3
[2012/12/02 00:26:10 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Tunngle
[2012/05/12 20:03:18 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Ulead Systems
[2013/12/16 22:23:26 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Vphonet
[2011/09/12 10:19:41 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Windows Live Writer
[2012/04/15 00:18:35 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Wondershare Video Converter Ultimate
[2013/12/18 13:23:42 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Zoner

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >












OTL Extras logfile created on: 19/12/2013 11:32:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thor\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.98 Gb Total Physical Memory | 5.70 Gb Available Physical Memory | 71.37% Memory free
15.97 Gb Paging File | 13.42 Gb Available in Paging File | 84.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 39.21 Gb Free Space | 35.11% Space Free | Partition Type: NTFS
Drive F: | 878.92 Gb Total Space | 38.02 Gb Free Space | 4.33% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 455.08 Gb Free Space | 24.43% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 435.18 Gb Free Space | 46.72% Space Free | Partition Type: NTFS
Drive L: | 984.09 Gb Total Space | 224.65 Gb Free Space | 22.83% Space Free | Partition Type: NTFS

Computer Name: THOR-PC | User Name: Thor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 6.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 6.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0296731B-C60F-432B-BDA0-59CCAF7F0B4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{044B4C36-A368-45C8-92B8-D88E67BFB3EB}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{129891D5-FCF5-4DFD-B2E3-06C45CD42069}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{237123B4-3C00-4E12-83A0-D4DAEA61D3CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{252B65FA-7EBA-4C77-BA00-F0DE80101DB9}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{2FC04034-9CC1-4076-83FC-0D9D50DF657D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{453F0B99-D647-4E66-953B-50CF48AF0E71}" = lport=10243 | protocol=6 | dir=in | app=system |
"{47F7C5EB-B1D7-4179-A0D4-A1D7CE82D13C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4992639F-13AF-40A9-8C0D-849FA1F4C5BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E8F577B-213A-496A-86D6-F463E3D5E4E5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4F56542F-A378-4E5B-8544-D969001744CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5000AEE2-6AA0-4656-B7F4-F07C363C5A0A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5014A777-F0F6-4AFC-9A83-14012AB3227B}" = lport=445 | protocol=6 | dir=in | app=system |
"{55C7D750-4F34-4E86-B5F5-94A4A63A1243}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57AEDA44-8624-44C1-88FE-63C4DCBE33FC}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{5B9077EF-C5F9-400B-8CFD-40FA3EBE1ABC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5DEF54FE-B99D-4D70-9C48-E14B1CD05B43}" = rport=445 | protocol=6 | dir=out | app=system |
"{6BFCC6EF-7AC8-4C42-A023-57193B95EC6C}" = rport=139 | protocol=6 | dir=out | app=system |
"{77C9EFA1-C545-4312-9AA9-5FD611767D16}" = lport=138 | protocol=17 | dir=in | app=system |
"{86892FCA-6CEF-4973-AC04-124FD471FD5D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{94B3616B-2102-46F0-8889-274313391E6A}" = lport=137 | protocol=17 | dir=in | app=system |
"{A11AEDD7-5055-40F3-924C-9CC2AC24BE84}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4E6C1B2-D5DD-4364-9C42-C0B4658F0AC1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A80703EC-79A2-4DFA-9204-C22CF096757A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC7BAB00-BB40-4385-A515-40DD0B9E86DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AD0D1D9D-1936-4D3E-BC49-0D5E32710E49}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D04F087D-E070-4FC9-A710-FC3D2C700ECE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{DB3BF7FB-AD5E-45EC-A1B9-28FFD43656D4}" = rport=137 | protocol=17 | dir=out | app=system |
"{FC12B0E8-AD85-4523-B2F1-A33ECDC42349}" = rport=138 | protocol=17 | dir=out | app=system |

[vlahka]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03245FD4-CA55-4916-86E6-3DF4D942B500}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{036EA3AD-AFBF-4CE9-B441-5AB69074C53E}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{045EC768-F082-4E94-B6FE-96C8424CFBD8}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{04A896A0-2DB9-44F7-973C-92307693B143}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\gstd - rise of the owlverlord\launcher\gslauncher.exe |
"{04E3E3C6-93FA-4432-98DE-5AC694398FD8}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{05B3CB89-8366-4176-81C1-9EACDCC8EBE8}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\broken sword 5\bs5.exe |
"{07676BF3-7407-45FC-BB63-7A1321BCC22E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{076E050F-9458-466F-AD7B-62436418E3C6}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{0B18E854-905C-42EF-95A8-8B1E8208E7AC}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{0D32E838-426C-4126-A08B-818324A42546}" = protocol=17 | dir=in | app=j:\program files (x86)\tera\tera-launcher.exe |
"{0DF751B2-B4CB-4FF2-BBFC-2520019C90C9}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\launcher.exe |
"{0FC038A8-FAD8-4B0C-AFFB-459ACDC275E9}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{10482388-8B8C-4130-A145-B6242628BDED}" = protocol=17 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\rm.exe |
"{188F91FE-06FF-4D77-9DD4-8D6AF390DE5A}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{1937B7AE-EB23-4FE8-99E3-53663AA378D9}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1C40033E-3AE1-4335-9AE0-82C7189162D4}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\football manager 2014\fm.exe |
"{1C662277-2DB9-4861-8DB2-3616BD873D50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1CF8A7BB-CDCA-4F04-B983-4A5E1515A4DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1D82C45C-9C37-497B-BB32-F264C51308E5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1F169BAF-0F73-4895-B173-7F781911E74C}" = protocol=17 | dir=in | app=j:\program files (x86)\origin\games\dead space 3\deadspace3.exe |
"{205EBF63-516C-483C-9044-944EF792A3DF}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{20E30094-C1D6-41D9-9CA3-1C2BFB3D513E}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{23162F58-E5E6-4677-B2BC-0FD65DA343C1}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\king's bounty - warriors of the north\kbwotn.exe |
"{241E22CB-1680-4B75-9C03-30ACC94F857C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\nation red\nationred.exe |
"{24748187-FCC1-4834-A307-50A83343310C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steam.exe |
"{2506B3A3-9605-4065-8CF1-0A30F61B848B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{250E1F8B-5B17-4C27-9E0D-C8FC55D9D469}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\broken sword 5\bs5.exe |
"{26DFD814-77F8-4CB9-9FE8-03F7F08BFDB1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2975C060-85CA-4C53-8E74-110AAD28CFAA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E977CE4-A6BF-40C2-902B-13BB53E1C3C2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{2FD359A4-3DC1-4D48-9CC6-7EAA83561761}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\broken sword 5\bs5.exe |
"{317C0E9A-5DE6-4536-920A-94B0CB79908D}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strike suit infinity\pc\main\binary\ssz.exe |
"{319DCBD7-63B7-44C6-A32C-6421B1C48A60}" = protocol=6 | dir=in | app=j:\program files (x86)\tera\client\tl.exe |
"{352DFB2C-1CC7-494E-858C-5C5D048AFCB9}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{35DAE44B-9407-42A4-9010-881F41DAFD89}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\restaurant empire 2\re2.exe |
"{36EAE5D0-349B-401F-AC30-12EF75962E00}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{381B6867-9B7C-4485-81D7-7C9DEAB0AA79}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{3B3F55C7-EAD0-4E59-9117-A043DA30C971}" = protocol=6 | dir=in | app=c:\program files (x86)\kinoni\epoccam_and_barcode_drivers\kinonisvc.exe |
"{3E2BA346-9CEB-408E-B804-E2FF9DEF332C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{40C8ABAC-8002-4897-9970-1FF4E116A06B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47D0D9F2-F160-4FA4-8CD2-CE710167B376}" = protocol=6 | dir=in | app=j:\program files (x86)\tera\tera-launcher.exe |
"{489FB914-58C5-4079-9A6A-0E0978BF63D8}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strike suit infinity\pc\main\binary\ssz.exe |
"{4A100514-E23B-4562-818E-4749406BD81F}" = protocol=6 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\ngstudio.exe |
"{4A86390F-4A79-4AF1-9053-039778375323}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{4C435E78-1FE0-43DB-8C0C-BBB4ACCFBF5D}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{4D50782B-F9E6-479A-870D-FA43AEFC7029}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\broken sword 5\bs5.exe |
"{4E746127-C150-4983-9FCF-318D27656183}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5055451F-57E2-4D21-AB7E-414784841D4E}" = protocol=6 | dir=in | app=j:\program files (x86)\origin\games\dead space 3\deadspace3.exe |
"{52D4C3B0-D111-4EB7-9BDC-96629C31CEE3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{542FE241-1D43-47D8-9BAE-65A188AA8826}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{55C9B959-725C-4DF4-97F6-82D989710B56}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe |
"{55DC9091-AAB9-40C0-9583-B8EFCFA8637D}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{57ABCE6F-90A0-4ABE-B30E-A2BF66F5E7C3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5A958567-E70E-4565-BD20-1C7A1A9C0BF8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{5C12C1DA-6CE6-4F79-9F9F-58FDD2225432}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{5C224E4D-E133-421E-AFD1-B6457FD79F57}" = protocol=17 | dir=in | app=c:\users\thor\appdata\roaming\dropbox\bin\dropbox.exe |
"{5FC7AB70-6223-4465-84C9-FCF6C5D645D5}" = protocol=17 | dir=out | app=j:\program files (x86)\tera\client\tl.exe |
"{62578B19-8E16-42DA-8341-C3F58E5CE6C7}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{62D31C75-35B1-49C5-822B-2AAB69B4FC4E}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{655264B9-93EC-425A-9D11-4EF7CD668E65}" = protocol=17 | dir=in | app=j:\program files (x86)\origin\games\battlefield 4\bf4.exe |
"{6946D538-12D8-4BAC-8672-74B43470E660}" = protocol=6 | dir=out | app=j:\program files (x86)\tera\tera-launcher.exe |
"{69650794-1BF5-46B6-9BF1-6E8056CC3410}" = protocol=6 | dir=out | app=j:\program files (x86)\tera\client\tl.exe |
"{6A1329D5-C2FB-41B1-BAF0-0302CA948E61}" = protocol=17 | dir=in | app=j:\program files (x86)\tera\client\tl.exe |
"{6A62BC18-0A3E-495B-B241-7FCB3EFB9A40}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{6AEF5BF8-CFCB-4FDB-8169-22D1024A293E}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{703E78F4-945F-46CE-84BC-8E0A239AA70C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{72998535-CA1D-4D32-9E6F-DE9A600DDC83}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{72A532B7-FFB0-4F10-89AB-51EFF875BB9E}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\football manager 2014\fm.exe |
"{76A21391-F716-4D04-A88E-FD0DE4588B54}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7713605C-C61D-45D2-BBD8-004383972403}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{78AC5D0F-A787-4A6E-9AB1-A0F0D4C4277D}" = protocol=17 | dir=in | app=j:\program files (x86)\diablo iii\diablo iii.exe |
"{79860829-9BB9-48B5-B9E0-A827B8574C52}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\broken sword 5\bs5.exe |
"{79CDA04C-D57D-4831-B8C8-F8437A1CDAC9}" = protocol=17 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\umi.exe |
"{7CDE8E72-E1E8-49E0-8E5A-D14CA6CA12CE}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{7E01A260-B97D-4E0A-A389-B6A91749709E}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{7E78A5E7-5786-4284-A235-FDD546D3E458}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\king's bounty - warriors of the north\kbwotn.exe |
"{80297E6C-4587-4E5E-B520-8115CAF72521}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe |
"{818959BE-457B-4D2E-97DB-0ADC82D3CEFA}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{8671F8B1-2E73-4572-BE5F-FACA1595846F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8A2089F8-05BE-44D9-99A7-D43E9346E96C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{8AA171D3-44A7-4416-9EA4-D8F7179CE37E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8DB0071A-5B11-46FA-B94B-3602FBA11010}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steam.exe |
"{8E6E3D7C-88A1-4175-917C-A250743D8962}" = protocol=17 | dir=in | app=j:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{8F3A03FE-4905-49B3-82B8-89D70C2EE34B}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{95A4EA33-4FF9-4151-9EA1-1B2B8EFA6CD1}" = protocol=17 | dir=out | app=j:\program files (x86)\tera\tera-launcher.exe |
"{98A9BFBD-C7FF-48FC-BDF0-88A0375B6D0D}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{9B8DBA77-69A2-4F03-8714-52238253CB99}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{9F697F68-E618-4154-B16F-7B9F7CDDE1FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0775501-653B-442B-9CCD-B5227A5CA941}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A24FECD2-9E0B-44E7-B0B6-9908083BA2F7}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{A2E48599-7489-4B1E-A4E3-6F6C79EFAEC1}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{A41DA63D-DC4A-41F7-B145-7EF5BF1A2C70}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{A5E78DA6-6AA3-45BD-972F-C250F1E4206A}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\batman arkham city goty\runlauncher.bat |
"{A62F8653-D028-4BD7-90E0-51830654BAE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A695C555-8B9D-4ECF-9944-25C58CDA6DFA}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\restaurant empire 2\re2.exe |
"{AC0AF909-648A-4F96-83B5-05522F82A14F}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{ACF19106-5DA9-402E-A99E-918D4E287E24}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{AD1EBF28-185E-45A7-8F40-63CCBBDF0260}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B06D9B51-FBBC-4DB6-A7FC-43D5C89486ED}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{B0FD172C-E57C-4C77-A071-278255267576}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B1BD8D6F-A9EA-4454-914F-F981B4EAD670}" = protocol=6 | dir=in | app=j:\program files (x86)\origin\games\battlefield 4\bf4.exe |
"{B290171F-DC1D-447E-8672-F356BC5A2FF3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B41AB17A-5E7E-46BE-9ADF-C110CBDA49E6}" = protocol=6 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\umi.exe |
"{B4F1050F-7337-4DCA-8E94-7A063EB61F02}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{B78813FE-AB34-4FE3-A1B7-54E4757B401D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B8FDF449-377C-4466-87AC-2B5CDEE0BD72}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{B96AAF52-D344-426A-B5ED-29F01BD779A6}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\launcher.exe |
"{B98E6E2F-A0C6-4660-8114-D82487F7701C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{BB1572CA-4108-464D-BC27-AD74809A2180}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{BBC5C788-9C10-41BD-A067-4BA53FB67310}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{BC97CF15-F299-4F7F-BDF7-E56417A3C21C}" = protocol=17 | dir=in | app=j:\program files (x86)\origin\games\battlefield 4\bf4_x86.exe |
"{BDE93427-42D0-43EA-8B14-643E82A2CDAB}" = protocol=6 | dir=out | app=c:\program files (x86)\kinoni\epoccam_and_barcode_drivers\kinonisvc.exe |
"{CAC4761A-1CCB-4428-A161-4D51BC362CF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB0C6B7B-C6A6-45F2-B0F6-29D055C0C535}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CBA77A2A-EB6A-4264-8D17-C248CD7536EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCA063FA-28C1-4BD8-8B93-FB92440120DA}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{CD60C295-2234-497B-BB2D-D4E1B633E16F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{CDB66DB9-B85F-43F9-8750-7F8F4608EC80}" = protocol=6 | dir=in | app=j:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{CEC84D4D-711A-47DC-A8DE-BA697F8002F9}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\batman arkham city goty\runlauncher.bat |
"{CFDA5928-6BF5-4F75-A618-81C872A2EE86}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{D005BD1E-A634-4277-AE0E-79D82C6C2759}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe |
"{D135AA02-E72B-42F5-98B5-74F64A11AC7E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D1436489-9AAB-4D34-BA4E-E2FD5C3FB892}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{D1990E46-50C6-4271-A003-5BF4D0090FA1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3870C2B-9B29-4F50-A68A-B1FE5CC09DE9}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\nation red\nationred.exe |
"{D54E983E-ADC7-4EF6-B0DC-73978EC09284}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe |
"{D7B39753-DCA2-440D-AFC7-82358CBAEEBD}" = protocol=6 | dir=in | app=j:\program files (x86)\origin\games\battlefield 4\bf4_x86.exe |
"{D8CF11B1-9637-4FFF-8795-8406A278F179}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{D9A942CB-BCE1-4400-BEFA-DAB844924C0F}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\broken sword 5\bs5.exe |
"{DABAC0C9-7FC3-4AE9-9B88-E6A6043EF8D8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DB560EE7-EF38-4655-B4BC-D6F418EF1C03}" = protocol=6 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\rm.exe |
"{DC0CC9AD-9DF8-4CAB-AEFD-7DB77DF66E1C}" = protocol=6 | dir=in | app=c:\users\thor\appdata\roaming\dropbox\bin\dropbox.exe |
"{DC31E367-6428-4FFB-8860-815DE0C75030}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE1B3A23-43E7-4B53-8A40-CBA3CC325E38}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe |
"{DE7F3CC3-DF12-4F19-AFBF-306C0B047171}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{E0A10353-7349-4CA8-8390-18C3042329BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E40547F5-EFBF-4F1F-B442-4A4A1B91E5CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E46523E4-C0F6-4A06-8397-0970E3A73BCA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9551D78-6AE3-4E79-9F63-F4CF47EE77B4}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{E9824F88-9362-4E4C-8494-CE24B1B10C3C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{E9DA698F-CD94-4FB6-9216-A500E211ADD4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{EA8D0CD7-522B-47D1-935A-280B3BD3244A}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\gstd - rise of the owlverlord\launcher\gslauncher.exe |
"{EC75AA72-5D6E-4FA5-A962-DD36F9DA1EAF}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{EE9573BD-68DF-4ADB-BE09-B82848C3A4CD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F037A718-EE5F-4A91-A7FA-18742D4CBED5}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{F0515D1A-9BB2-48BF-B06D-924628F5CF22}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F0934744-C3CC-45F8-A84F-8AB68C8A9136}" = protocol=6 | dir=out | app=system |
"{F0B2854B-BF50-4F3C-8FD0-104B82BCB620}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{F275DF25-91B5-4F84-BF4E-3E8C54F62E4F}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe |
"{F27F2BF0-5F69-43FA-AAF0-86395EE39C39}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{F2B58789-3568-45D7-B7C7-8252DA89571E}" = protocol=17 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\ngstudio.exe |
"{F86CFE52-910B-4410-A724-F37258E98298}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{FAC03808-A545-4194-A89E-852833B6DDD4}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{FB11F2C7-83EB-4C1B-A48A-01E8C3E914CD}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{FB82B1D4-8768-47F0-81BD-4F38831F063D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FCEFC653-31AF-4186-9761-814EA769D6B1}" = protocol=6 | dir=in | app=j:\program files (x86)\diablo iii\diablo iii.exe |
"{FEBDCC2E-6F90-4761-B216-5CB4FF4BFEA9}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"TCP Query User{0FD82494-D36C-4D57-9FCE-40BEF99ECB44}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{203DB1D8-3FA1-49D8-A49A-6F874444FF81}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"TCP Query User{212B7DE8-DC1A-4F85-B890-3E024E3E727B}F:\backup stuff\ggpo\ggpo.exe" = protocol=6 | dir=in | app=f:\backup stuff\ggpo\ggpo.exe |
"TCP Query User{24237234-F5A8-42ED-9471-20757642CD81}C:\users\thor\desktop\programs\ratiomaster.net.exe" = protocol=6 | dir=in | app=c:\users\thor\desktop\programs\ratiomaster.net.exe |
"TCP Query User{4AF6A521-893D-4589-AC10-AEDF6FB31F92}J:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{4FF81B39-3421-4910-A2C6-4FCF79F03706}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"TCP Query User{56FD6CC0-0E53-49D9-83E8-38BAA1CA4C51}G:\ggpo\ggpofba.exe" = protocol=6 | dir=in | app=g:\ggpo\ggpofba.exe |
"TCP Query User{5759B9AF-A915-4332-AE7C-A87959287A56}C:\program files (x86)\gigabyte\@bios\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gbtupd.exe |
"TCP Query User{71A37ED6-27E3-46B4-8BD3-5D49EEA73BB5}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{8FC7339D-1AC8-4EE4-BBB7-9346BC3B2757}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
"TCP Query User{A5E95334-12D9-47F6-BFE9-17CBD4FA5691}J:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{D328B1FF-69AD-4E70-9FA1-6D00DC452AB7}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
"TCP Query User{DA05FADE-AA11-4BC5-91FD-7E81016DC94D}C:\program files (x86)\gigabyte\@bios\updexe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\updexe.exe |
"TCP Query User{F3F788CA-E462-453B-8FC1-EE13610A73F5}G:\ggpo\ggpo.exe" = protocol=6 | dir=in | app=g:\ggpo\ggpo.exe |
"UDP Query User{066EFEF0-0F4C-4858-82BF-2CBF101DAA1B}F:\backup stuff\ggpo\ggpo.exe" = protocol=17 | dir=in | app=f:\backup stuff\ggpo\ggpo.exe |
"UDP Query User{61146518-AD39-4214-BEBF-489F60192418}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
"UDP Query User{6B5A3915-8275-4091-A2ED-8645CF4501D4}G:\ggpo\ggpo.exe" = protocol=17 | dir=in | app=g:\ggpo\ggpo.exe |
"UDP Query User{6C156A94-D386-4C68-8929-07656956D749}G:\ggpo\ggpofba.exe" = protocol=17 | dir=in | app=g:\ggpo\ggpofba.exe |
"UDP Query User{6FBA7870-5DB8-4DA0-AFAA-7615635B4173}J:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{87E410D1-0860-4FDC-905F-1AAA29F30492}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{90526D14-8FDD-4261-B926-A001CDA3B441}C:\users\thor\desktop\programs\ratiomaster.net.exe" = protocol=17 | dir=in | app=c:\users\thor\desktop\programs\ratiomaster.net.exe |
"UDP Query User{C57D4718-3C39-4C05-86BF-C97286032997}C:\program files (x86)\gigabyte\@bios\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gbtupd.exe |
"UDP Query User{D6A9F9F5-9C94-4CB8-BC31-F74EEA3A3329}J:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{E1DE465B-4DCB-4296-B05D-42510EDC7A14}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{E5DBF925-E051-4DB2-B8A2-F3820BEDD625}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
"UDP Query User{E712E149-E313-4342-BB38-FDAF62F9C671}C:\program files (x86)\gigabyte\@bios\updexe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\updexe.exe |
"UDP Query User{FA1C406C-7376-4EEB-A12E-48B3DFA20394}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{FF959B48-2019-40A1-9221-C2CBE0F7766F}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client
"{190BC83F-D54E-4494-830E-7FB4A5F4B964}" = Local Subtitles for 64-bit WMP
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2599B6F1-92AC-472C-BE60-9F17565E4938}" = PowerDirector
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{2F74F544-9A53-4787-A6B1-0844359040D7}" = MAGIX Speed burnR (MSI)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}_is1" = WinDS PRO 2012.10.2
"{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{6879B3DC-9DEF-4D60-BFF0-C96F2588685D}" = Intel(R) Rapid Storage Technology
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
"{B5CF4CFE-3080-4436-A8A5-00CFDC0F7918}" = MAGIX Video deluxe Premium 2013 Update
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CAF674E0-808C-4CF4-8868-A755EBABA228}" = ACDSee Pro 6
"{D000D1C0-6E80-4FC4-BE4E-A88872C0616F}" = Share64
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D5FE818E-F1C7-44F8-A3C0-C08761906E27}" = Share64
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}" = PowerDirector
"{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}" = MAGIX Movie Edit Pro 2013 Premium
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.144
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.67.1
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"DriverAgent.exe" = DriverAgent by eSupport.com
"Logitech Gaming Software" = Logitech Gaming Software 8.50
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NewBlue Art Effects for PowerDirector" = Newblue Art Effects for PowerDirector
"Recuva" = Recuva
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR archiver
"ZonerPhotoStudio15_EN_is1" = Zoner Photo Studio 15


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{1A1BD41E-9854-4957-8959-F9559A8862A7}" = Corel VideoStudio Ultimate X5
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{02E12A07-1BB9-44D6-A480-4EA42DB9E122}" = Boris Graffiti for Corel
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06ACD0D6-537A-4831-9608-AA74A5795698}" = Fantasy Sound Pack
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DB44859-4112-4946-BE5E-A4275B3FFB5E}" = Furry Voices for Second Life
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA
"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A1BD41E-9854-4957-8959-F9559A8862A7}" = ICA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F8BC72D-14B1-4DCA-BD9E-49D712CF035D}" = C64 Forever
"{20052CA0-FF43-4901-8261-E6DBF0A09ED1}" = Farm Animal Sounds
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216E21F4-0489-4311-92D6-20D1FB950FCE}" = Sci-Fi Voice Pack
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}" = Pinnacle Studio 16
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}" = Update Manager B10.0728.1
"{29C042AB-059B-414C-840E-94775E3F24A8}" = Personality Voices
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336E1A2D-E3EB-4846-B7D0-BD75BBBBC0A4}" = Deep Space Voices
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B11.0512.1
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.6.0
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0630.1
"{45BF4F8E-7BE7-4384-94C6-60AC70C401C6}" = Male Voice Pack
"{48A00644-2D97-43B5-A614-603DECF3E5F6}" = Boris Graffiti for Corel
"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}" = SpyHunter
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B616A3F-43D9-4F0B-9F49-D39342A98592}" = Creatures of Darkness
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{602A1471-063B-4E03-9DCE-0210B914EFF5}" = Translator Fun Voice Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66C70B5F-730F-4C5D-9FC5-8E56D0FE7D53}" = IPM_VS_Pro
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A6F7B28-E178-47AC-8654-A654ADA6C777}" = VSHelp
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{71F8C486-8A13-468E-8B73-06051075556A}" = Female Voice Pack
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79A743FA-FF99-42DF-8C35-BA40EAEA6668}" = Comic Sound Pack
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}" = LUMIX Map Tool
"{8061C2C9-C2A3-4550-A3FC-585B646840CB}" = Fantasy Voice Pack
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8AA4F966-EF4B-44D8-99AA-C4EA93B46863}" = VSClassic
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A1E21995-127E-4B7F-8C4D-CB04AA8A58EF}_is1" = Advanced System Optimizer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BB86DF-EE99-41EB-9446-B4623A725E2A}" = Livestream for Producers
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8887C7B-0BCC-4FBF-BCEB-9BB4D4B14999}" = Setup
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{ABBC8011-1E42-4ADA-9794-574349612CEF}" = iWebcamera
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B0C00181-ECF5-4124-A6DE-14EA663D4799}" = Blue Satin Skin
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C13FE7DE-D34D-48CC-9FA3-8DB9A3621B98}" = PHOTOfunSTUDIO 9.1 PE
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C2A254F4-AC74-482F-8F09-DB2843AC2AAE}_is1" = LoiLoScope Download
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C717B4D4-2EFA-4DC3-8EDB-79543E43666C}" = VSUltimate
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{CA486743-5F44-40D5-A38B-77911FB27579}" = Contents
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D13F2D95-1CE0-4147-846F-89ECB2E9A5CD}" = Sci-Fi Sound Pack
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents
"{D813EF9B-69CF-4996-893C-B400AE7292FA}" = Spooky Sounds
"{D84B7C7E-2E4D-4002-8CA8-EED4EDB333AC}" = MLE
"{D875FFEE-2FCE-4774-902A-749198C00A68}" = PureHD
"{D91802D9-6A42-4563-BC37-B3E2D04DC95B}" = Ancient Weapon Sounds
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share
"{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO
"{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCDC6934-7428-489E-8651-90B53191488B}" = ISCOM
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF3FE308-58F2-45E2-9BB0-6A993794AD5C}" = Galactic Voices
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E7E76513-335F-4995-86CF-A85B77D8D975}" = Sci-Fi 2 Sound Pack
"{EEBEF66A-70FD-4DF6-B173-82D07E61853E}" = Share
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}" = Pinnacle Studio 16 - Install Manager
"{F2979728-5C01-4D39-8974-DBC579C3BD49}" = Usage Agent
"{F38DC282-11BE-45D8-8754-D3D40F3D7FBE}" = Google+ Auto Backup
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FC6DAF3E-52C2-43AD-9C50-810F8943C79E}" = BigPond Media Downloader
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 7_is1" = Advanced SystemCare 7
"Audacity_is1" = Audacity 2.0.3
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.3_is1" = Cheat Engine 6.3
"Cloanto Software Director" = Software Director
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Desura" = Desura
"Diablo III" = Diablo III
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Duplicate Commander" = Duplicate Commander 3.0
"DVD Catalyst" = DVD Catalyst 4.1.5.2
"Dxtory2.0_is1" = Dxtory version 2.0.122
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"Evaer Video Recorder for Skype" = Evaer Video Recorder for Skype 1.3.4.15
"FastStone Image Viewer" = FastStone Image Viewer 4.9
"Fraps" = Fraps (remove only)
"GOGPACKTHEWITCHER2EE_is1" = The Witcher 2 - Assassins of Kings Enhanced Edition
"GoldWave v5.68" = GoldWave v5.68
"HandBrake" = HandBrake 0.9.9.1
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0630.1
"InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"InstallShield_{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}" = LUMIX Map Tool
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"KinoniDrivers" = KinoniDrivers 2.8.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.1.5 Full
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Lightspark" = Lightspark 0.5.3-git
"Logitech Vid" = Logitech Vid HD
"MAGIX_{2F74F544-9A53-4787-A6B1-0844359040D7}" = MAGIX Speed burnR (MSI)
"MAGIX_{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}" = MAGIX Movie Edit Pro 2013 Premium
"MagniDriver" = marvell 91xx driver
"MakeMKV" = MakeMKV v1.8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.1.0.4
"MKVToolNix" = MKVToolNix 5.6.0
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Origin" = Origin
"Picasa 3" = Picasa 3
"proDAD-HeroglyphRoute-4.0" = proDAD Route 4.0
"proDAD-Mercalli-2.0" = proDAD Mercalli 2.0
"proDAD-Vitascene-2.0" = proDAD Vitascene 2.0
"PS3 Media Server" = PS3 Media Server
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"SopCast" = SopCast 3.4.8
"Stardock Central" = Stardock Central
"Steam App 105600" = Terraria
"Steam App 200260" = Batman: Arkham City GOTY
"Steam App 203350" = King's Bounty: Warriors of the North
"Steam App 209540" = Strike Suit Zero
"Steam App 210770" = Sanctum 2
"Steam App 215530" = The Incredible Adventures of Van Helsing
"Steam App 223220" = Giana Sisters: Twisted Dreams
"Steam App 231670" = Football Manager 2014
"Steam App 234160" = Strike Suit Infinity
"Steam App 238960" = Path of Exile
"Steam App 246960" = Giana Sisters: Twisted Dreams - Rise of the Owlverlord
"Steam App 262940" = Broken Sword 5
"Steam App 32900" = Restaurant Empire II
"Steam App 39800" = Nation Red
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 620" = Portal 2
"Steam App 9900" = Star Trek Online
"TeamViewer 9" = TeamViewer 9
"The KMPlayer" = The KMPlayer (remove only)
"TMPGEnc Video Mastering Works" = TMPGEnc Video Mastering Works
"Tunngle beta_is1" = Tunngle beta
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"VLC media player" = VLC media player 2.0.8
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.6
"xvid" = Xvid MPEG-4 Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19/12/2013 6:04:55 AM | Computer Name = Thor-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 19/12/2013 6:04:55 AM | Computer Name = Thor-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 19/12/2013 6:07:05 AM | Computer Name = Thor-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 19/12/2013 6:58:28 AM | Computer Name = Thor-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "F:\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 19/12/2013 7:57:31 AM | Computer Name = Thor-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 19/12/2013 7:57:31 AM | Computer Name = Thor-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 19/12/2013 7:59:46 AM | Computer Name = Thor-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 19/12/2013 8:56:19 AM | Computer Name = Thor-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 19/12/2013 8:56:19 AM | Computer Name = Thor-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 19/12/2013 8:58:34 AM | Computer Name = Thor-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.)
active for over two minutes. This places considerable burden on the network.

[ System Events ]
Error - 19/12/2013 8:39:55 AM | Computer Name = Thor-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 19/12/2013 8:42:12 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 19/12/2013 8:56:18 AM | Computer Name = Thor-PC | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 19/12/2013 8:56:17 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the CryptoStorage
control service service to connect.

Error - 19/12/2013 8:56:17 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7000
Description = The CryptoStorage control service service failed to start due to the
following error: %%1053

Error - 19/12/2013 8:56:17 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Intel(R)
Capability Licensing Service Interface service to connect.

Error - 19/12/2013 8:56:17 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7000
Description = The Intel(R) Capability Licensing Service Interface service failed
to start due to the following error: %%1053

Error - 19/12/2013 8:56:18 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Skype
Updater service to connect.

Error - 19/12/2013 8:57:19 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 19/12/2013 8:57:54 AM | Computer Name = Thor-PC | Source = DCOM | ID = 10010
Description =


< End of report >






And thats the last of the monster files.

[ken545]

Run this quick scan and if dont find that bad program we will look deeper into it

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or from here
  
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

[vlahka]

The program finds a few things but then crashes before it can finish scanning. Does it each time.

[ken545]

OK, you will need to download and run the 64 bit version of System Look

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :folderfind
  Advanced System Protector
  :filefind
  Advanced System Protector
  :regfind
  Advanced System Protector

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[vlahka]

SystemLook 30.07.11 by jpshortstuff
Log created at 01:02 on 20/12/2013 by Thor
Administrator - Elevation successful

========== folderfind ==========

Searching for "Advanced System Protector"
C:\ProgramData\Systweak\Advanced System Protector d------ [12:56 19/12/2013]
C:\Users\All Users\Systweak\Advanced System Protector d------ [12:56 19/12/2013]
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector d------ [12:56 19/12/2013]

========== filefind ==========

Searching for "Advanced System Protector"
No files found.

========== regfind ==========

Searching for "Advanced System Protector"
No data found.

-= EOF =-

[ken545]

After you run this fix and post the log from the fix, open Malwarebytes....check for updates....and then run a new Quick Scan


Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :OTL
  
  
  :Services
  
  :Reg
  
  :Files
  C:\ProgramData\Systweak\Advanced System Protector
  C:\Users\All Users\Systweak\Advanced System Protector
  C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector
  ipconfig /flushdns /c
  
  
  :Commands
  [purity]
  [resethosts]
  [CLEARALLRESTOREPOINTS]
  [EMPTYJAVA] 
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces

[vlahka]

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\ProgramData\Systweak\Advanced System Protector\updates folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector folder moved successfully.
File\Folder C:\Users\All Users\Systweak\Advanced System Protector not found.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Thor\Desktop\cmd.bat deleted successfully.
C:\Users\Thor\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Thor
->Java cache emptied: 0 bytes

User: UpdatusUser

User: UpdatusUser.Thor-PC

User: UpdatusUser.Thor-PC.000

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Thor
->Temp folder emptied: 3354456 bytes
->Temporary Internet Files folder emptied: 6753104 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4252737 bytes
->Google Chrome cache emptied: 399598959 bytes
->Flash cache emptied: 723 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser.Thor-PC
->Temp folder emptied: 0 bytes

User: UpdatusUser.Thor-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54547 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50461 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 395.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12202013_015125

Files\Folders moved on Reboot...
C:\Users\Thor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Thor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6P27UKE\ADSAdClient31[2].htm not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...






I'm not sure if you wanted me to post the malwarebytes after the scan but it found a bunch of stuff..



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.19.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thor :: THOR-PC [administrator]

20/12/2013 1:56:20 AM
mbam-log-2013-12-20 (01-56-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296251
Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.

Files Detected: 19
C:\ProgramData\Systweak\Advanced System Protector\signatures\completedatabase.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Cookies.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\DigSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FilePaths.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FileSignature.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Folders.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Md5.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Registry.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\SetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\StrSetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1545completedatabase.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1615mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1616update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1617update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1618update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\Update.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.

(end)

[ken545]

Go ahead and reboot run Malwarebytes again, this time open Malwarebytes ...check for updates then close it

Boot to safemode

To Enter Safemode

• Go to Start> Shut off your Computer> Restart
• As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
  this will bring up a menu.
• Use the Up and Down Arrow Keys to scroll up to Safemode
• Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode


Then in safemode run the quick scan again, reboot back to normal windows and post the log