Advanced system protector help removal

Status
Not open for further replies.
V

vlahka

New member
I've been trying to remove this thing but its proving difficult. At first I thought it was part of the Advanced system optimizer I installed so I didnt pay attention to it.



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Thor at 12:35:53 on 2013-12-04
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.4618 [GMT 9.5:30]
.
AV: Kaspersky PURE 2.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 2.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 2.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
J:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
J:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\drahtwerk\iWebcamera\iWebcameraApp.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtblfs.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://battlelog.battlefield.com/bf3/gate/?returnUrl=|bf3|servers|
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Thor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "J:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LWS] H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [CloantoSoftwareDirector] "C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe" -s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Thor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{51AF2091-0927-4023-86DB-142FD3B91A25} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{73427270-A448-4497-95DC-8D915CF25F20} : DHCPNameServer = 7.254.254.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - <no file>
Notify: klogon - <no file>
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll
FF - plugin: C:\Users\Thor\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;J:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-2 8704]
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2012-11-1 85048]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-9-27 630632]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-9-27 28008]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2011-11-11 313648]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-18 55952]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-9-25 21104]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2012-11-1 66104]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-4-22 283200]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-10-20 13616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2013-11-10 264488]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [2012-8-30 202328]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-9-10 21992]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-9-25 68136]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-9-27 15720]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-7 629984]
R2 KinoniSvc;Kinoni Service;C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [2013-2-27 525312]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-30 15122208]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-8-11 625816]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-9-25 390672]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-9-6 27136]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-8-12 1153368]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-9-25 114688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-1 2754984]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-6 363800]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-11-11 65408]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-8-17 94208]
R3 KINONI_Wave;Kinoni Audio Source;C:\Windows\System32\drivers\kinonivad.sys [2013-2-27 23040]
R3 kinonivd;Kinoni Video Source;C:\Windows\System32\drivers\kinonivd.sys [2013-2-27 2782848]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-11-15 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-31 64280]
R3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;C:\Windows\System32\drivers\LGSUsbFilt.sys [2013-5-31 41752]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-11-15 16008]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-2-3 58528]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-10-30 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-11 883928]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-9-25 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\System32\drivers\CamDrL64.sys [2007-2-3 955680]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-12-13 131912]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-9-25 21712]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-9-7 25640]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-14 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-9-6 30528]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2013-4-16 410008]
S3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\System32\drivers\ladfDHP2amd64.sys [2010-9-29 62168]
S3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2013-4-16 102808]
S3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\System32\drivers\ladfSBVMamd64.sys [2010-9-29 377176]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-15 351392]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-6-13 343856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-9-6 20992]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-9-12 31800]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2011-9-6 51712]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-9-6 24064]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2011-9-6 51712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-6 59392]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-12-1 745368]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-9-6 24064]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-03 21:24:15 -------- d-----w- C:\hijackthis
2013-12-03 19:59:53 -------- d-----w- C:\Users\Thor\AppData\Local\{AB432236-8B46-4604-9F0C-A7E8A84B67E1}
2013-12-03 07:59:32 -------- d-----w- C:\Users\Thor\AppData\Local\{B62718D9-4665-4CD9-8013-C0E70091B7A6}
2013-12-02 19:58:57 -------- d-----w- C:\Users\Thor\AppData\Local\{F53F9816-300E-4A94-BA28-70447A2DBC1E}
2013-12-02 07:58:23 -------- d-----w- C:\Users\Thor\AppData\Local\{6E7578EC-75AD-4A04-BF3D-E724CBEED224}
2013-12-01 19:57:46 -------- d-----w- C:\Users\Thor\AppData\Local\{3ADC6853-BA48-4CB6-A2F4-98DCFC3203C9}
2013-12-01 07:57:24 -------- d-----w- C:\Users\Thor\AppData\Local\{D4AF4D06-D8E7-4BB5-A6EE-CBB25B89B34C}
2013-11-30 19:56:49 -------- d-----w- C:\Users\Thor\AppData\Local\{EDC45451-3EB8-45F7-8987-CCEAEA462EF4}
2013-11-30 07:56:01 -------- d-----w- C:\Users\Thor\AppData\Local\{73457022-53B1-463B-97DC-15B7484FB346}
2013-11-30 07:44:26 -------- d-----w- C:\Users\Thor\AppData\Roaming\MPC-HC
2013-11-30 07:39:39 256088 ----a-w- C:\Windows\System32\unrar64.dll
2013-11-30 07:39:37 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2013-11-29 19:55:27 -------- d-----w- C:\Users\Thor\AppData\Local\{E9921A5E-AC51-42E1-9AEB-1AAAA11AF817}
2013-11-29 07:54:53 -------- d-----w- C:\Users\Thor\AppData\Local\{DA3C05D3-61CB-4359-8160-3AA938F1B1D2}
2013-11-28 19:54:17 -------- d-----w- C:\Users\Thor\AppData\Local\{A4B42952-B061-4C8A-80E9-6FB5A73CC9EA}
2013-11-28 07:53:43 -------- d-----w- C:\Users\Thor\AppData\Local\{F0331BDD-5A4B-4A3D-B0C5-07E9763A6F23}
2013-11-27 18:45:01 -------- d-----w- C:\Users\Thor\AppData\Local\{A045844B-BACC-4D46-AECF-44ECEB853DDA}
2013-11-27 06:44:39 -------- d-----w- C:\Users\Thor\AppData\Local\{9AD0B4FA-71CD-4421-B5D7-350208F28F0D}
2013-11-26 18:34:29 -------- d-----w- C:\Users\Thor\AppData\Local\{8945C753-1FE8-4C07-9241-4E9A9BC6B685}
2013-11-26 06:02:07 -------- d-----w- C:\Users\Thor\AppData\Local\{454F3AF2-BAF4-4490-931A-A8DB2A1DE4B9}
2013-11-25 10:27:53 -------- d-----w- C:\Users\Thor\AppData\Local\{454AC5C1-992C-40DF-9F2F-2D1B159C8076}
2013-11-24 19:18:17 -------- d-----w- C:\Users\Thor\AppData\Local\{87BCAB07-A8FA-4768-8631-71C9EF63D695}
2013-11-24 07:01:29 -------- d-----w- C:\Users\Thor\AppData\Local\{38DD516B-B5CC-444B-BECD-7EE74F9197BA}
2013-11-23 19:00:55 -------- d-----w- C:\Users\Thor\AppData\Local\{D4234DD3-C092-48B4-AB82-4A9F8CB388E9}
2013-11-23 07:00:20 -------- d-----w- C:\Users\Thor\AppData\Local\{D618B4A1-94D4-4348-85A2-6514E168F301}
2013-11-22 18:59:45 -------- d-----w- C:\Users\Thor\AppData\Local\{569D1019-96E4-4641-B6E6-D7A695F164D5}
2013-11-22 06:59:23 -------- d-----w- C:\Users\Thor\AppData\Local\{8155AEA8-B1CC-44C0-B49B-FD7892403DB8}
2013-11-21 19:54:56 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F91E2F08-9FD5-4047-B782-E559D38CAC82}\mpengine.dll
2013-11-21 18:03:21 -------- d-----w- C:\Users\Thor\AppData\Local\{28474E01-1D0D-4632-86A4-ABDFFD66BC7B}
2013-11-21 06:02:59 -------- d-----w- C:\Users\Thor\AppData\Local\{2144590C-67FE-4CA1-AE1D-0707156D5923}
2013-11-20 18:02:24 -------- d-----w- C:\Users\Thor\AppData\Local\{031CA1E0-963A-493D-BEEF-0E60AE20B098}
2013-11-20 09:37:57 -------- d-----w- C:\Users\Thor\AppData\Local\GOG.com
2013-11-20 06:02:02 -------- d-----w- C:\Users\Thor\AppData\Local\{92484D33-24BB-4421-9020-D94C55872C7B}
2013-11-19 18:01:28 -------- d-----w- C:\Users\Thor\AppData\Local\{461F93BA-1288-4E9A-8AF6-095365A68195}
2013-11-19 06:01:04 -------- d-----w- C:\Users\Thor\AppData\Local\{3DAEFC79-7B58-4E0A-88DB-C7800AB39F3F}
2013-11-18 18:00:29 -------- d-----w- C:\Users\Thor\AppData\Local\{18421A1A-5B4E-4E9A-BA22-8C08363E1142}
2013-11-18 06:00:07 -------- d-----w- C:\Users\Thor\AppData\Local\{867E6E83-3D0B-445F-9596-E376036A0FFD}
2013-11-17 17:59:43 -------- d-----w- C:\Users\Thor\AppData\Local\{BF7B842C-AB2B-4ADC-AD00-8CC5381C8807}
2013-11-17 05:59:07 -------- d-----w- C:\Users\Thor\AppData\Local\{85B8B65C-6CCC-4514-AF8A-63B5937A90F3}
2013-11-16 17:58:32 -------- d-----w- C:\Users\Thor\AppData\Local\{198C8F3C-DBAA-4134-90ED-D3EE89B01BE5}
2013-11-16 11:20:34 -------- d-----w- C:\Users\Thor\AppData\Local\CrashDumps
2013-11-16 07:04:49 -------- d-----w- C:\ProgramData\Zoner
2013-11-16 05:57:44 -------- d-----w- C:\Users\Thor\AppData\Local\{22E2F08F-F481-47FF-9665-3D0EDDE4FD20}
2013-11-15 17:57:10 -------- d-----w- C:\Users\Thor\AppData\Local\{CAAA21A2-5502-4FE4-B5A8-9068F10CA4AB}
2013-11-15 05:56:47 -------- d-----w- C:\Users\Thor\AppData\Local\{93C3A731-A7D0-4A80-846F-56391F6EA0A3}
2013-11-14 17:56:13 -------- d-----w- C:\Users\Thor\AppData\Local\{50F0B766-1A31-444D-9F3A-C98FAD4F8968}
2013-11-14 05:55:49 -------- d-----w- C:\Users\Thor\AppData\Local\{BE00E3EE-A90A-4D9C-94FB-CB24958F3D83}
2013-11-13 17:55:23 -------- d-----w- C:\Users\Thor\AppData\Local\{4B4CDD3F-6E4E-4102-8A53-43F2861178FF}
2013-11-13 05:54:49 -------- d-----w- C:\Users\Thor\AppData\Local\{E4D1A63D-53B3-40E6-B635-DAB08AA94778}
2013-11-12 17:54:14 -------- d-----w- C:\Users\Thor\AppData\Local\{A76C88EC-83FB-47E4-9AF5-6D274A893A47}
2013-11-12 05:53:52 -------- d-----w- C:\Users\Thor\AppData\Local\{16C65EF6-F75A-4FD4-AFAE-CB2193E57295}
2013-11-11 17:53:17 -------- d-----w- C:\Users\Thor\AppData\Local\{EB778C1B-1AEE-4F70-827C-EB9CE112CE15}
2013-11-11 05:52:55 -------- d-----w- C:\Users\Thor\AppData\Local\{FBC50B7C-F75C-4FEE-81C3-616C585448A7}
2013-11-10 19:36:11 -------- d-----w- C:\Users\Thor\Intel
2013-11-10 19:35:20 65408 ----a-w- C:\Windows\System32\drivers\EtronHub3.sys
2013-11-10 19:33:52 883928 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2013-11-10 19:33:52 74456 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-11-10 19:28:13 -------- d-----w- C:\Windows\SysWow64\RTCOM
2013-11-10 19:28:13 -------- d-----w- C:\Program Files\Realtek
2013-11-10 19:13:42 -------- d-----w- C:\Program Files (x86)\Driver-Soft
2013-11-10 17:52:20 -------- d-----w- C:\Users\Thor\AppData\Local\{1FCBF8AB-DA2F-4161-AD32-0D1D6615C029}
2013-11-10 05:51:46 -------- d-----w- C:\Users\Thor\AppData\Local\{6719CD0E-5996-455C-AE59-5E5EDDD32FA2}
2013-11-09 18:16:46 2272 ----a-w- C:\Windows\System32\ASOROSet.bin
2013-11-09 18:10:45 -------- d-----w- C:\Users\Thor\AppData\Roaming\Systweak
2013-11-09 18:08:34 19752 ----a-w- C:\Windows\System32\roboot64.exe
2013-11-09 18:08:33 16896 ----a-w- C:\Windows\System32\sasnative64.exe
2013-11-09 18:08:30 -------- d-----w- C:\ProgramData\Systweak
2013-11-09 18:08:30 -------- d-----w- C:\Program Files (x86)\Advanced System Optimizer 3
2013-11-09 17:05:57 -------- d-----w- C:\Users\Thor\AppData\Local\{7E4886B6-AE3A-492A-8608-3184F0DA4EB5}
2013-11-09 05:05:22 -------- d-----w- C:\Users\Thor\AppData\Local\{DED07105-8A18-4635-BA2F-22EB0496A4F7}
2013-11-08 06:45:54 -------- d-----w- C:\Users\Thor\AppData\Local\{7FD14D40-4D16-4F95-84A9-1CA6060F624A}
2013-11-07 18:10:06 -------- d-----w- C:\Users\Thor\AppData\Local\{4EEBAE55-7C93-4247-847D-1D581662D4CC}
2013-11-07 06:09:45 -------- d-----w- C:\Users\Thor\AppData\Local\{45C8A11C-1044-4F26-923D-6CD3820F66EA}
2013-11-06 18:09:10 -------- d-----w- C:\Users\Thor\AppData\Local\{CF93DC3E-CFC9-4268-8433-9689F7AFF9B8}
2013-11-06 06:08:35 -------- d-----w- C:\Users\Thor\AppData\Local\{A7B32628-DB1E-4E99-B11F-D5F14F0402FF}
2013-11-05 18:08:01 -------- d-----w- C:\Users\Thor\AppData\Local\{94949B8D-2C77-4432-8480-450F6ABED26D}
2013-11-05 06:07:23 -------- d-----w- C:\Users\Thor\AppData\Local\{668F6638-ED09-4579-A820-E01A6C08239C}
2013-11-04 10:31:25 -------- d-----w- C:\ProgramData\Panasonic
2013-11-04 09:06:46 -------- d-----w- C:\Users\Thor\AppData\Local\{03E90486-0F33-4325-9D5F-DB02EB1BE038}
.
==================== Find3M ====================
.
2013-12-04 02:49:49 25640 ----a-w- C:\Windows\gdrv.sys
2013-12-03 20:37:02 119296 ----a-w- C:\Windows\SysWow64\zlib.dll
2013-12-03 12:30:01 6318 --sha-w- C:\ProgramData\KGyGaAvL.sys
2013-11-30 10:08:24 30528 ----a-w- C:\Windows\GVTDrv64.sys
2013-11-30 07:31:17 25640 ----a-w- C:\Windows\etdrv.sys
2013-11-10 19:32:22 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-11-01 11:28:59 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-11-01 11:12:13 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-10-28 19:15:35 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-10-23 08:20:08 6669600 ----a-w- C:\Windows\System32\nvcpl.dll
2013-10-23 08:20:07 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-10-23 08:20:05 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-10-23 08:20:05 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-10-23 08:20:05 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-10-23 08:20:03 3426956 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-10-22 17:32:36 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-10-22 11:08:24 3692632 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2013-10-22 07:41:30 151256 ----a-w- C:\Windows\System32\RCoInstII64.dll
2013-10-22 00:12:52 37850112 ----a-w- C:\Windows\System32\RCoRes64.dat
2013-10-21 05:01:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-21 05:01:18 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-21 01:16:30 2587352 ----a-w- C:\Windows\System32\RtkAPO64.dll
2013-10-18 07:11:34 1286360 ----a-w- C:\Windows\System32\RTCOM64.dll
2013-10-18 01:36:05 1063200 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-10-18 01:36:04 955168 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-10-15 18:13:50 209096 ----a-w- C:\Windows\System32\AERTAC64.dll
2013-10-11 03:17:14 113576 ----a-w- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2013-10-11 02:01:16 947760 ----a-w- C:\Windows\System32\SFSS_APO.dll
2013-10-09 15:47:17 17154952 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-10-07 22:20:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-07 01:35:20 2810072 ----a-w- C:\Windows\System32\RtPgEx64.dll
2013-10-02 07:40:54 617176 ----a-w- C:\Windows\System32\RtDataProc64.dll
2013-09-27 23:01:44 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-09-27 23:01:38 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-09-27 23:01:38 28960 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-09-27 01:15:00 630632 ----a-w- C:\Windows\System32\drivers\iaStorA.sys
2013-09-27 01:15:00 28008 ----a-w- C:\Windows\System32\drivers\iaStorF.sys
2013-09-26 06:41:38 1021656 ----a-w- C:\Windows\System32\RtkApi64.dll
2013-09-13 09:14:26 2080472 ----a-w- C:\Windows\RtlExUpd.dll
2013-09-10 05:50:52 1391104 ----a-w- C:\apploc.msi
2013-09-09 18:32:00 6217904 ----a-w- C:\Windows\System32\DDPP64A.dll
2013-09-09 18:32:00 313520 ----a-w- C:\Windows\System32\DDPO64A.dll
2013-09-09 18:31:58 260272 ----a-w- C:\Windows\System32\DDPA64.dll
2013-09-09 18:31:58 1938608 ----a-w- C:\Windows\System32\DDPD64A.dll
.
============= FINISH: 12:36:13.01 ===============






aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-04 12:43:27
-----------------------------
12:43:27.931 OS Version: Windows x64 6.1.7601 Service Pack 1
12:43:27.931 Number of processors: 4 586 0x2A07
12:43:27.932 ComputerName: THOR-PC UserName: Thor
12:44:00.699 Initialize success
12:46:49.270 AVAST engine defs: 13120301
12:47:18.027 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000075
12:47:18.028 Disk 0 Vendor: KINGSTON 332A Size: 114473MB BusType: 11
12:47:18.030 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000077
12:47:18.031 Disk 1 Vendor: SAMSUNG_ 1AN1 Size: 1907729MB BusType: 11
12:47:18.032 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000078
12:47:18.034 Disk 2 Vendor: WDC_____ 05.0 Size: 1907729MB BusType: 11
12:47:18.035 Disk 3 \Device\Harddisk3\DR3 -> \Device\00000079
12:47:18.037 Disk 3 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 11
12:47:18.044 Disk 0 MBR read successfully
12:47:18.046 Disk 0 MBR scan
12:47:18.050 Disk 0 Windows 7 default MBR code
12:47:18.052 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:47:18.055 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
12:47:18.065 Disk 0 scanning C:\Windows\system32\drivers
12:47:20.946 Service scanning
12:47:28.273 Modules scanning
12:47:28.277 Disk 0 trace - called modules:
12:47:28.282 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys ACPI.sys storport.sys hal.dll iaStorA.sys
12:47:28.284 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80096b0060]
12:47:28.287 3 CLASSPNP.SYS[fffff8800265143f] -> nt!IofCallDriver -> [0xfffffa80095a6940]
12:47:28.290 5 iaStorF.sys[fffff880029b8f84] -> nt!IofCallDriver -> [0xfffffa8006714e40]
12:47:28.293 7 ACPI.sys[fffff88000f677a1] -> nt!IofCallDriver -> \Device\00000075[0xfffffa8006d46250]
12:47:28.545 AVAST engine scan C:\Windows
12:47:29.129 AVAST engine scan C:\Windows\system32
12:48:41.383 AVAST engine scan C:\Windows\system32\drivers
12:48:48.634 AVAST engine scan C:\Users\Thor
12:51:11.144 AVAST engine scan C:\ProgramData
12:51:51.267 Scan finished successfully
12:53:59.458 Disk 0 MBR has been saved successfully to "C:\Users\Thor\Desktop\MBR.dat"
12:53:59.463 The log file has been saved successfully to "C:\Users\Thor\Desktop\aswMBR.txt"




Systweak.AdvSysProtector: [SBI $0042E83F] Program directory (Directory, fixed)
C:\ProgramData\Systweak\Advanced System Protector\

Systweak.AdvSysProtector: [SBI $AC761240] Program directory (Directory, fixed)
C:\ProgramData\Systweak\Advanced System Protector\signatures\

Systweak.AdvSysProtector: [SBI $C85FEF1E] Program directory (Directory, fixed)
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\

Systweak.AdvSysProtector: [SBI $820A137D] Data (File, nothing done)
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Systweak.AdvSysProtector: [SBI $F64AD8C9] Data (File, nothing done)
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\Settings.db
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Systweak.AdvSysProtector: [SBI $584FCF63] Configuration file (File, nothing done)
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\Update.ini
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
 

Attachments

:welcome:

Sorry for the delay, have no excuse, if you have not resolved this issue and still need help please let me know
 
I've given it my best shot but it doesnt appear any where on my system to remove. But its always there in the bottom corner loading up. I do have Advanced System Optimizer installed so I'm unsure if its actually part of that program or not.
 
Good Morning,

Advanced System Optimizer is legit , Advanced System Protector is malware

First go into Programs and Features in the Control Panel and see if you can uninstall it, either way lets run Malwarebytes



Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
 
I'd like to mention that I've done this step multiple times and it always picks it up and never actually gets rid of it which is weird when it says its quarantined.






Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.16.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thor :: THOR-PC [administrator]

19/12/2013 8:53:04 PM
mbam-log-2013-12-19 (20-53-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296033
Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.

Files Detected: 25
C:\ProgramData\Systweak\Advanced System Protector\signatures\completedatabase.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Cookies.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\DigSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FilePaths.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FileSignature.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Folders.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Md5.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Registry.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\SetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\StrSetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1545completedatabase.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1608mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1609update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1610update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1611update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1612update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1613update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1614update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1615update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1616update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1617update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\Update.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.

(end)
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.16.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thor :: THOR-PC [administrator]

19/12/2013 9:29:00 PM
mbam-log-2013-12-19 (21-29-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 294670
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.

Files Detected: 3
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.

(end)
 
Still Found more

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
File attached

ComboFix 13-12-18.01 - Thor 19/12/2013 22:05:15.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.6026 [GMT 9.5:30]
Running from: c:\users\Thor\Desktop\ComboFix.exe
AV: Kaspersky PURE 2.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 2.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 2.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-11-19 to 2013-12-19 )))))))))))))))))))))))))))))))
.
.
2013-12-19 12:42 . 2013-12-19 12:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-18 04:44 . 2013-12-18 04:46 -------- d-----w- c:\users\Thor\AppData\Local\ACD Systems
2013-12-18 04:44 . 2013-12-18 04:44 -------- d-----w- c:\users\Thor\AppData\Roaming\ACD Systems
2013-12-18 04:44 . 2013-12-18 04:44 -------- d-----w- c:\programdata\ACD Systems
2013-12-18 04:44 . 2013-12-18 04:44 -------- d-----w- c:\program files\Common Files\ACD Systems
2013-12-18 04:44 . 2013-12-18 04:44 -------- d-----w- c:\program files\ACD Systems
2013-12-18 04:17 . 2013-12-18 04:17 -------- d-----w- c:\users\Thor\AppData\Roaming\FastStone
2013-12-18 04:17 . 2013-12-18 04:17 -------- d-----w- c:\program files (x86)\FastStone Image Viewer
2013-12-18 04:15 . 2013-12-18 04:15 -------- d-----w- c:\program files (x86)\Google
2013-12-16 16:58 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{438F07C1-A550-4E8F-B423-2C79BAC14EF4}\mpengine.dll
2013-12-16 13:20 . 2013-12-16 13:20 -------- d-----w- c:\programdata\IObit
2013-12-16 13:20 . 2013-12-16 13:20 -------- d-----w- c:\users\Thor\AppData\Roaming\IObit
2013-12-16 13:19 . 2013-12-16 13:19 -------- d-----w- c:\program files (x86)\IObit
2013-12-16 12:47 . 2013-12-16 12:47 -------- d-----w- c:\users\Thor\AppData\Local\Xenocode
2013-12-13 02:31 . 2013-12-13 02:31 4583424 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-12-08 13:54 . 2013-12-08 13:54 -------- d-----w- c:\program files (x86)\Cheat Engine 6.3
2013-12-08 13:53 . 2013-12-08 13:53 -------- d-----w- c:\users\Thor\AppData\Local\cache
2013-12-08 13:53 . 2013-12-08 13:54 -------- d-----w- c:\users\Thor\AppData\Local\Mobogenie
2013-12-08 13:53 . 2013-12-08 14:01 -------- d-----w- c:\program files (x86)\Mobogenie
2013-12-06 06:51 . 2013-12-06 06:51 -------- d-----w- c:\users\Thor\AppData\Local\PDF24
2013-12-06 06:51 . 2013-12-06 06:53 -------- d-----w- c:\program files (x86)\PDF24
2013-12-04 03:02 . 2013-12-04 03:02 -------- d-----w- c:\program files (x86)\ERUNT
2013-12-03 21:24 . 2013-12-16 05:54 -------- d-----w- C:\hijackthis
2013-11-30 07:44 . 2013-11-30 07:44 -------- d-----w- c:\users\Thor\AppData\Roaming\MPC-HC
2013-11-30 07:39 . 2013-08-22 18:09 256088 ----a-w- c:\windows\system32\unrar64.dll
2013-11-30 07:39 . 2013-11-30 07:39 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2013-11-20 09:37 . 2013-11-20 09:52 -------- d-----w- c:\users\Thor\AppData\Local\GOG.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-19 11:57 . 2011-09-27 06:31 25640 ----a-w- c:\windows\gdrv.sys
2013-12-19 03:26 . 2012-10-20 16:51 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2013-12-15 17:53 . 2011-10-21 15:22 6318 --sha-w- c:\programdata\KGyGaAvL.sys
2013-11-30 10:08 . 2011-09-06 10:28 30528 ----a-w- c:\windows\GVTDrv64.sys
2013-11-30 07:31 . 2011-09-06 14:53 25640 ----a-w- c:\windows\etdrv.sys
2013-11-29 10:48 . 2013-11-09 18:16 2272 ----a-w- c:\windows\system32\ASOROSet.bin
2013-11-10 19:32 . 2012-07-04 15:48 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-11-01 11:28 . 2011-10-26 09:18 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-11-01 11:12 . 2011-10-26 09:18 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-10-28 19:15 . 2011-10-26 09:18 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-10-23 10:30 . 2013-10-30 04:16 9524088 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-10-23 10:30 . 2013-10-30 04:16 9480328 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-10-23 10:30 . 2013-10-30 04:16 696096 ----a-w- c:\windows\system32\NvFBC64.dll
2013-10-23 10:30 . 2013-10-30 04:16 655136 ----a-w- c:\windows\system32\NvIFR64.dll
2013-10-23 10:30 . 2013-10-30 04:16 599840 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-10-23 10:30 . 2013-10-30 04:16 560416 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-10-23 10:30 . 2013-10-30 04:16 317472 ----a-w- c:\windows\system32\nvoglshim64.dll
2013-10-23 10:30 . 2013-10-30 04:16 3131680 ----a-w- c:\windows\system32\nvcuvid.dll
2013-10-23 10:30 . 2013-10-30 04:16 3124512 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-10-23 10:30 . 2013-10-30 04:16 2946848 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-10-23 10:30 . 2013-10-30 04:16 2747168 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-10-23 10:30 . 2013-10-30 04:16 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2013-10-23 10:30 . 2013-10-30 04:16 25257248 ----a-w- c:\windows\system32\nvcompiler.dll
2013-10-23 10:30 . 2013-10-30 04:16 22933792 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-10-23 10:30 . 2013-10-30 04:16 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2013-10-23 10:30 . 2013-10-30 04:16 18199872 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-10-23 10:30 . 2013-10-30 04:16 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-10-23 10:30 . 2013-10-30 04:16 168616 ----a-w- c:\windows\system32\nvinitx.dll
2013-10-23 10:30 . 2013-10-30 04:16 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2013-10-23 10:30 . 2013-10-30 04:16 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-10-23 10:30 . 2013-10-30 04:16 12572960 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-10-23 10:30 . 2013-10-30 04:16 1241376 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-10-23 10:30 . 2013-10-30 04:16 11426568 ----a-w- c:\windows\system32\nvcuda.dll
2013-10-23 10:30 . 2013-10-30 04:16 11374520 ----a-w- c:\windows\system32\nvopencl.dll
2013-10-23 10:30 . 2013-03-26 15:29 30344480 ----a-w- c:\windows\system32\nvoglv64.dll
2013-10-23 10:30 . 2013-03-26 15:29 15855568 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-10-23 10:30 . 2012-10-25 06:33 15212336 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-10-23 10:30 . 2012-10-20 10:46 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-10-23 10:30 . 2012-10-20 10:46 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-10-23 10:30 . 2012-07-11 08:30 2695200 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-10-23 10:30 . 2012-02-25 11:17 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-10-23 10:30 . 2011-09-12 01:10 3067560 ----a-w- c:\windows\system32\nvapi64.dll
2013-10-23 10:30 . 2011-09-12 01:10 18286416 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-10-23 08:20 . 2013-03-26 16:14 6669600 ----a-w- c:\windows\system32\nvcpl.dll
2013-10-23 08:20 . 2013-03-26 16:14 3489568 ----a-w- c:\windows\system32\nvsvc64.dll
2013-10-23 08:20 . 2013-03-26 16:14 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-10-23 08:20 . 2013-03-26 16:14 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-10-23 08:20 . 2013-03-26 16:14 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-10-23 08:20 . 2013-03-26 16:14 3426956 ----a-w- c:\windows\system32\nvcoproc.bin
2013-10-22 17:32 . 2013-10-22 17:32 589600 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-10-22 11:08 . 2013-11-10 19:27 3692632 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2013-10-22 07:41 . 2013-11-10 19:27 151256 ----a-w- c:\windows\system32\RCoInstII64.dll
2013-10-22 00:12 . 2013-11-10 19:27 37850112 ----a-w- c:\windows\system32\RCoRes64.dat
2013-10-21 05:01 . 2012-05-09 09:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-21 05:01 . 2012-05-09 09:05 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-21 01:16 . 2013-11-10 19:27 2587352 ----a-w- c:\windows\system32\RtkAPO64.dll
2013-10-18 07:11 . 2013-11-10 19:27 1286360 ----a-w- c:\windows\system32\RTCOM64.dll
2013-10-18 01:36 . 2013-10-30 04:17 1063200 ----a-w- c:\windows\system32\nvspcap64.dll
2013-10-18 01:36 . 2013-10-30 04:17 955168 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-10-15 18:13 . 2013-11-10 19:27 209096 ----a-w- c:\windows\system32\AERTAC64.dll
2013-10-11 03:17 . 2013-11-10 19:27 113576 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
2013-10-11 02:01 . 2013-11-10 19:27 947760 ----a-w- c:\windows\system32\SFSS_APO.dll
2013-10-09 15:47 . 2013-10-09 09:47 17154952 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-10-07 22:20 . 2013-10-19 04:02 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-07 01:35 . 2013-11-10 19:27 2810072 ----a-w- c:\windows\system32\RtPgEx64.dll
2013-10-02 07:40 . 2013-11-10 19:27 617176 ----a-w- c:\windows\system32\RtDataProc64.dll
2013-09-27 23:01 . 2013-10-30 04:16 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-09-27 23:01 . 2013-10-30 04:16 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-09-27 23:01 . 2013-10-30 04:16 28960 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-09-27 01:15 . 2013-09-27 01:15 630632 ----a-w- c:\windows\system32\drivers\iaStorA.sys
2013-09-27 01:15 . 2013-09-27 01:15 28008 ----a-w- c:\windows\system32\drivers\iaStorF.sys
2013-09-26 06:41 . 2013-11-10 19:27 1021656 ----a-w- c:\windows\system32\RtkApi64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-30 12:54 496056 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20587680]
"Steam"="j:\program files (x86)\Steam\steam.exe" [2013-12-11 1823656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-30 202328]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LWS"="h:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"CloantoSoftwareDirector"="c:\program files (x86)\Common Files\Cloanto\Software Director\softdir.exe" [2013-02-01 370512]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-15 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-01 254336]
.
c:\users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 9.1 PE.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe -e "h:\program files (x86)\Panasonic\PHOTOfunSTUDIO 9.1 PE\PHOTOfunSTUDIO.exe" [2013-11-1 160256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 KinoniSvc;Kinoni Service;c:\program files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe;c:\program files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys;c:\windows\SYSNATIVE\DRIVERS\CamDrL64.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EagleX64;EagleX64; [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfDHP2amd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfSBVMamd64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe;c:\program files\Microsoft Fix it Center\Matsvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVLAN60.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 KINONI_Wave;Kinoni Audio Source;c:\windows\system32\drivers\kinonivad.sys;c:\windows\SYSNATIVE\drivers\kinonivad.sys [x]
S3 kinonivd;Kinoni Video Source;c:\windows\system32\DRIVERS\kinonivd.sys;c:\windows\SYSNATIVE\DRIVERS\kinonivd.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\DRIVERS\LGSUsbFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSUsbFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-16 c:\windows\Tasks\ASO-AutoCheckUpdate7Days.job
- c:\program files (x86)\Advanced System Optimizer 3\CheckUpdate.exe [2013-11-09 08:42]
.
2013-12-16 c:\windows\Tasks\ASO-OneClickCare.job
- c:\program files (x86)\Advanced System Optimizer 3\ASO3.exe [2013-11-09 08:41]
.
2013-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000Core.job
- c:\users\Thor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 08:42]
.
2013-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000UA.job
- c:\users\Thor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 08:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-30 12:56 566712 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-08-01 8290584]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-10-18 1063200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-18 13657304]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-10-21 1360600]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-09-27 36352]
"ACPW06EN"="c:\program files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" [2012-12-17 1234120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://battlelog.battlefield.com/bf3/gate/?returnUrl=|bf3|servers|
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Notify-igfxcui - (no file)
Notify-klogon - (no file)
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_«\00\00«\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~«\00\00«\00\00\00\00x\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:0f,8f,26,b6,2d,54,cd,01
.
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60po\UserChoice]
@Denied: (2) (S-1-5-21-2318490905-3519499422-1171420628-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60po"
.
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60pp\UserChoice]
@Denied: (2) (S-1-5-21-2318490905-3519499422-1171420628-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60pp"
.
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60ppf\UserChoice]
@Denied: (2) (S-1-5-21-2318490905-3519499422-1171420628-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60ppf"
.
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-2318490905-3519499422-1171420628-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf"
.
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-2318490905-3519499422-1171420628-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.xmp"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\03\07\05\022?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-19 22:24:15
ComboFix-quarantined-files.txt 2013-12-19 12:54
.
Pre-Run: 42,428,497,920 bytes free
Post-Run: 42,126,573,568 bytes free
.
- - End Of File - - 73DC48DCA9133BB6D8AE4163F4E61311
A36C5E4F47E84449FF07ED3517B43A31
 

Attachments

Last edited by a moderator:
Combofix did not remove much and I dont see Advanced System Protector on the log

OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
OTL logfile created on: 19/12/2013 11:32:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thor\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.98 Gb Total Physical Memory | 5.70 Gb Available Physical Memory | 71.37% Memory free
15.97 Gb Paging File | 13.42 Gb Available in Paging File | 84.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 39.21 Gb Free Space | 35.11% Space Free | Partition Type: NTFS
Drive F: | 878.92 Gb Total Space | 38.02 Gb Free Space | 4.33% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 455.08 Gb Free Space | 24.43% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 435.18 Gb Free Space | 46.72% Space Free | Partition Type: NTFS
Drive L: | 984.09 Gb Total Space | 224.65 Gb Free Space | 22.83% Space Free | Partition Type: NTFS

Computer Name: THOR-PC | User Name: Thor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Thor\Desktop\OTL.exe (OldTimer Tools)
PRC - J:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe ()
PRC - C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe (Cloanto Corporation)
PRC - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - J:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - J:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - J:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlServ#\5660a2e02280885f4fb581688f8157e8\System.Data.SqlServerCe.ni.dll ()
MOD - J:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - J:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - J:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\6c7f57211a988e2f261dff251805e90e\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ec057796972ce41b751eaa3a8306fbcb\System.ServiceModel.Discovery.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dc86fe1c7a6e3a7ce9e9c1f13d9b1e8e\System.ServiceModel.Routing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d09c237ee72af3935f1a01388ef8e315\System.ServiceModel.Channels.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5055b60e339143bbace5871f5fe4b114\System.ServiceModel.Activities.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f42c2acdb000001066c78acfc6cd8655\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ASO3DiskOptimizer) -- C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe (Systweak Software, (www.systweak.com))
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (KinoniSvc) -- C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe ()
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
SRV - (HiPatchService) -- J:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (PanService) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (PinnacleUpdateSvc) -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe (PowerUp Software, LLC)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (CSObjectsSrv) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
SRV - (DES2 Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (LGSUsbFilt) -- C:\Windows\SysNative\drivers\LGSUsbFilt.sys (Logitech Inc.)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (kinonivd) -- C:\Windows\SysNative\drivers\kinonivd.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (KINONI_Wave) -- C:\Windows\SysNative\drivers\kinonivad.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (TEAM) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (CSCrySec) -- C:\Windows\SysNative\drivers\CSCrySec.sys (Infowatch)
DRV:64bit: - (CSVirtualDiskDrv) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys (Infowatch)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (tap0901t) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (VLAN) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTVLANPT) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (CamDrL64) -- C:\Windows\SysNative\drivers\CamDrL64.sys (Logitech Inc.)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://battlelog.battlefield.com/bf3/gate/?returnUrl=|bf3|servers|
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 85 D0 F3 79 6C CC 01 [binary data]
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\..\SearchScopes,DefaultScope = {922E6970-BD05-47bc-AF58-D431E6404A30}
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\..\SearchScopes\{922E6970-BD05-47bc-AF58-D431E6404A30}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://battlelog.battlefield.com/bf3/gate/?returnUrl=|bf3|servers|
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 85 D0 F3 79 6C CC 01 [binary data]
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\..\SearchScopes,DefaultScope = {922E6970-BD05-47bc-AF58-D431E6404A30}
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\..\SearchScopes\{922E6970-BD05-47bc-AF58-D431E6404A30}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: jyboy.yy%40gmail.com:1.0.4
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: greasemonkeybcsf%40stpors.net:0.2.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@mammoth.com.au/BigPondMediaDownloader,version=1.0.0: C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll (Mammoth Media)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thor\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thor\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\mammothmedia.com.au/BigPondMediaDownloaderDetector: C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll (Mammoth Media)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2012/11/01 16:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2012/11/01 16:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2012/11/01 16:25:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/29 15:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/29 15:30:40 | 000,000,000 | ---D | M]

[2011/09/06 19:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Extensions
[2013/11/03 00:27:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions
[2013/05/01 16:50:01 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/06/27 21:36:12 | 000,000,000 | ---D | M] (Greasemonkey Shared Script Folder) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\greasemonkeybcsf@stpors.net
[2012/08/03 05:10:26 | 000,000,000 | ---D | M] (YTshowRating) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\jid1-m7xzZLMj29zzjA@jetpack
[2012/04/24 23:27:17 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\jyboy.yy@gmail.com
[2012/05/17 17:45:26 | 000,000,000 | ---D | M] (Redirector) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\redirector@einaregilsson.com
[2013/03/23 10:06:08 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/10/29 14:00:45 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/03 00:27:19 | 000,282,570 | ---- | M] () (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/10/29 15:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/29 15:30:39 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2013/10/29 15:30:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/29 15:30:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BigPond Media Downloader Detector (Enabled) = C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Thor\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.0_0\
CHR - Extension: DownloadAll = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajffocjdcmpgjmdfdfkdfdbkjafbkcke\2.1.1_0\
CHR - Extension: YouTube = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: FlashBlock = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdngiadmnkhgemkimkhiilgffbjijcie\1.2.11.12_0\
CHR - Extension: Adblock Plus = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7_0\
CHR - Extension: YouTube\u2122 Ratings Preview = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\3.1.1_0\
CHR - Extension: OneTab = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.6_0\
CHR - Extension: Google Search = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\
CHR - Extension: Session Buddy = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.4_0\
CHR - Extension: Youtube Video Downloader = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgdjbcjnihndbfmmggceololenekadg\1.2_0\
CHR - Extension: Virtual Keyboard = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\
CHR - Extension: Chromium Wheel Smooth Scroller = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb\1.3.4_0\
CHR - Extension: Google Wallet = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\
 
O1 HOSTS File: ([2013/12/19 22:12:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [ACPW06EN] C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe (ACD Systems)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CloantoSoftwareDirector] C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe (Cloanto Corporation)
O4 - HKLM..\Run: [LWS] H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Standby] c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000..\Run: [Steam] J:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011..\Run: [Steam] J:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2318490905-3519499422-1171420628-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51AF2091-0927-4023-86DB-142FD3B91A25}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73427270-A448-4497-95DC-8D915CF25F20}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/16 18:31:23 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/19 23:31:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thor\Desktop\OTL.exe
[2013/12/19 22:24:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/12/19 22:24:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/12/19 22:04:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/12/19 22:04:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/12/19 22:04:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/12/19 22:03:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/19 22:01:57 | 005,154,906 | R--- | C] (Swearware) -- C:\Users\Thor\Desktop\ComboFix.exe
[2013/12/19 14:29:32 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D896A6DE-27B1-486C-8661-003AD9160B72}
[2013/12/19 02:28:49 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{849A18FE-AF8B-4FF6-846B-DF1D2C3E9BAB}
[2013/12/18 14:28:05 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D0CE82F9-7496-422F-AFE7-FC402F805256}
[2013/12/18 14:14:51 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\ACD Systems
[2013/12/18 14:14:51 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\ACD Systems
[2013/12/18 14:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
[2013/12/18 14:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ACD Systems
[2013/12/18 14:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems
[2013/12/18 14:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2013/12/18 13:47:46 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\FastStone
[2013/12/18 13:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
[2013/12/18 13:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Image Viewer
[2013/12/18 13:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2013/12/18 13:45:59 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
[2013/12/18 13:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/12/18 13:23:42 | 000,000,000 | ---D | C] -- C:\Users\Thor\Documents\ZPS15
[2013/12/18 13:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 15
[2013/12/18 02:27:21 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{17FA845B-4390-45F9-9C53-B3AE303C6BDC}
[2013/12/17 17:44:05 | 000,000,000 | ---D | C] -- C:\Users\Thor\Desktop\adsadsadsadsf
[2013/12/17 14:26:37 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{6F1E42CA-6542-40D4-989F-1D1BCC68FDC2}
[2013/12/17 02:25:31 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{7EFE4767-E25A-479F-90FE-6B8EC2FBA0B9}
[2013/12/16 22:50:09 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\IObit
[2013/12/16 22:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/12/16 22:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
[2013/12/16 22:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/12/16 22:17:22 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\Xenocode
[2013/12/16 14:24:56 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{05D9B1BD-0ABB-4281-8C48-AE7521084C38}
[2013/12/16 02:24:22 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{35D9B639-F1E0-42CF-BD3E-2A9F0DD5A87C}
[2013/12/15 13:18:58 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{CB0FAAFD-BFC6-411C-832D-CD0970224273}
[2013/12/14 13:10:32 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{58B18ED8-1332-4A67-A458-0DEDFBC6D60D}
[2013/12/14 01:04:50 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{29775709-3D35-44AF-9151-708B1E796672}
[2013/12/13 13:04:20 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{A226EA76-B129-4A0C-AE7D-6A51C0ED1E99}
[2013/12/13 12:01:22 | 004,583,424 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2013/12/13 00:26:36 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{98520726-C8CF-46AC-9463-EC3C3400665C}
[2013/12/12 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{4DC0664C-4775-40EE-A99D-A4C4BA0CFAE1}
[2013/12/12 00:25:40 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{767901AF-AF47-4E4E-9B54-8EAA61A36891}
[2013/12/11 12:25:18 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{7C8D0E92-6CB8-4E77-B845-5976A5E4AF5A}
[2013/12/11 00:24:44 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E88792A9-D1D6-40B2-8686-1F0F0C48F005}
[2013/12/10 12:24:09 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{F9DCA46E-C9B9-46F0-8C1A-E75D2B92FC18}
[2013/12/10 00:23:43 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D215823D-FFB8-421B-99A5-016D68B04E70}
[2013/12/09 12:23:09 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{40BCAD90-914B-4D58-8468-B54427F806F9}
[2013/12/09 00:22:35 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{A495DBF5-7F43-4FF7-BD7E-38B001F7B858}
[2013/12/08 23:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3
[2013/12/08 23:24:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.3
[2013/12/08 23:23:45 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\cache
[2013/12/08 23:23:44 | 000,000,000 | ---D | C] -- C:\Users\Thor\Documents\Mobogenie
[2013/12/08 23:23:44 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\Mobogenie
[2013/12/08 23:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2013/12/08 22:45:25 | 000,000,000 | ---D | C] -- C:\Users\Thor\Documents\My Cheat Tables
[2013/12/08 22:42:43 | 000,000,000 | ---D | C] -- C:\Users\Thor\Documents\FLiNGTrainer
[2013/12/08 12:22:00 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{175E7DCA-2C44-4838-B8B3-D6B22D0A5FE8}
[2013/12/07 18:49:56 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{EE83E89D-966E-4BD9-8D0D-5E44346B37EC}
[2013/12/07 06:49:22 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E2E4E388-7322-4AE9-BD3D-CB5B3D1DD7A7}
[2013/12/06 17:32:09 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{EDC693A7-9D62-4FBC-B7DB-864969FB56AF}
[2013/12/06 16:21:19 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\PDF24
[2013/12/06 16:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2013/12/06 05:31:46 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{CEC9543C-9113-4ADE-88D3-E7F878DED8DC}
[2013/12/05 17:31:24 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E4304F79-64ED-41DC-8A0D-1D5F7D169A8D}
[2013/12/05 05:30:50 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{EF8758E8-ECB9-48D1-A1C6-83010D984F9F}
[2013/12/04 17:30:28 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{A42E06A3-CECA-47A1-AB70-C20F4995DA0D}
[2013/12/04 12:43:11 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Thor\Desktop\aswMBR (1).exe
[2013/12/04 12:35:36 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Thor\Desktop\dds.scr
[2013/12/04 12:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/12/04 12:32:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/12/04 06:54:15 | 000,000,000 | ---D | C] -- C:\hijackthis
[2013/12/04 05:29:53 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{AB432236-8B46-4604-9F0C-A7E8A84B67E1}
[2013/12/03 17:29:32 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{B62718D9-4665-4CD9-8013-C0E70091B7A6}
[2013/12/03 05:28:57 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{F53F9816-300E-4A94-BA28-70447A2DBC1E}
[2013/12/02 17:28:23 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{6E7578EC-75AD-4A04-BF3D-E724CBEED224}
[2013/12/02 05:27:46 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{3ADC6853-BA48-4CB6-A2F4-98DCFC3203C9}
[2013/12/01 17:27:24 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D4AF4D06-D8E7-4BB5-A6EE-CBB25B89B34C}
[2013/12/01 05:26:49 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{EDC45451-3EB8-45F7-8987-CCEAEA462EF4}
[2013/11/30 17:26:01 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{73457022-53B1-463B-97DC-15B7484FB346}
[2013/11/30 17:14:26 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\MPC-HC
[2013/11/30 17:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013/11/30 17:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013/11/30 05:25:27 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E9921A5E-AC51-42E1-9AEB-1AAAA11AF817}
[2013/11/29 17:24:53 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{DA3C05D3-61CB-4359-8160-3AA938F1B1D2}
[2013/11/29 05:24:17 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{A4B42952-B061-4C8A-80E9-6FB5A73CC9EA}
[2013/11/28 17:23:43 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{F0331BDD-5A4B-4A3D-B0C5-07E9763A6F23}
[2013/11/28 04:15:01 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{A045844B-BACC-4D46-AECF-44ECEB853DDA}
[2013/11/27 16:14:39 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{9AD0B4FA-71CD-4421-B5D7-350208F28F0D}
[2013/11/27 04:04:29 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{8945C753-1FE8-4C07-9241-4E9A9BC6B685}
[2013/11/26 15:32:07 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{454F3AF2-BAF4-4490-931A-A8DB2A1DE4B9}
[2013/11/25 19:57:53 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{454AC5C1-992C-40DF-9F2F-2D1B159C8076}
[2013/11/25 04:48:17 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{87BCAB07-A8FA-4768-8631-71C9EF63D695}
[2013/11/24 16:31:29 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{38DD516B-B5CC-444B-BECD-7EE74F9197BA}
[2013/11/24 04:30:55 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D4234DD3-C092-48B4-AB82-4A9F8CB388E9}
[2013/11/23 20:32:52 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhoreCraft
[2013/11/23 16:30:20 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D618B4A1-94D4-4348-85A2-6514E168F301}
[2013/11/23 04:29:45 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{569D1019-96E4-4641-B6E6-D7A695F164D5}
[2013/11/22 16:29:23 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{8155AEA8-B1CC-44C0-B49B-FD7892403DB8}
[2013/11/22 03:33:21 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{28474E01-1D0D-4632-86A4-ABDFFD66BC7B}
[2013/11/21 15:32:59 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{2144590C-67FE-4CA1-AE1D-0707156D5923}
[2013/11/21 03:32:24 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{031CA1E0-963A-493D-BEEF-0E60AE20B098}
[2013/11/20 19:21:56 | 000,000,000 | ---D | C] -- C:\Users\Thor\Documents\GOG.com Downloads
[2013/11/20 19:07:57 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\GOG.com
[2013/11/20 15:32:02 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{92484D33-24BB-4421-9020-D94C55872C7B}
[2013/11/20 03:31:28 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{461F93BA-1288-4E9A-8AF6-095365A68195}

========== Files - Modified Within 30 Days ==========

[2013/12/19 23:30:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thor\Desktop\OTL.exe
[2013/12/19 23:13:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000UA.job
[2013/12/19 22:32:12 | 002,027,386 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/19 22:32:12 | 000,664,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/19 22:32:12 | 000,608,354 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013/12/19 22:32:12 | 000,419,460 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2013/12/19 22:32:12 | 000,122,392 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2013/12/19 22:32:12 | 000,122,392 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/19 22:32:12 | 000,111,190 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013/12/19 22:26:17 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013/12/19 22:26:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/19 22:26:14 | 2134,200,319 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/19 22:25:38 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/19 22:25:38 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/19 22:12:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/19 22:01:53 | 005,154,906 | R--- | M] (Swearware) -- C:\Users\Thor\Desktop\ComboFix.exe
[2013/12/19 12:56:55 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2013/12/18 14:14:27 | 000,002,835 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Pro 6 (64-bit).lnk
[2013/12/18 13:47:14 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
[2013/12/16 03:23:09 | 000,006,318 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2013/12/13 13:03:03 | 005,192,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/13 12:01:22 | 004,583,424 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2013/12/12 12:13:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000Core.job
[2013/12/06 16:14:25 | 000,119,438 | ---- | M] () -- C:\Users\Thor\Desktop\ELR_candidate_form-signed.pdf
[2013/12/06 04:51:44 | 000,000,220 | ---- | M] () -- C:\Users\Thor\Desktop\Star Trek Online.url
[2013/12/05 23:32:42 | 000,000,222 | ---- | M] () -- C:\Users\Thor\Desktop\Batman Arkham City GOTY.url
[2013/12/05 15:34:27 | 000,000,222 | ---- | M] () -- C:\Users\Thor\Desktop\Broken Sword 5.url
[2013/12/04 12:53:59 | 000,000,512 | ---- | M] () -- C:\Users\Thor\Desktop\MBR.dat
[2013/12/04 12:42:58 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Thor\Desktop\aswMBR (1).exe
[2013/12/04 12:41:34 | 000,005,257 | ---- | M] () -- C:\Users\Thor\Desktop\attach.zip
[2013/12/04 12:35:28 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Thor\Desktop\dds.scr
[2013/12/04 12:32:49 | 000,001,108 | ---- | M] () -- C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/12/04 12:32:28 | 000,000,909 | ---- | M] () -- C:\Users\Thor\Desktop\ERUNT.lnk
[2013/12/04 06:20:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.original
[2013/12/01 18:56:24 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk
[2013/11/30 19:38:24 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2013/11/30 17:01:17 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\etdrv.sys
[2013/11/29 20:18:05 | 000,002,272 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2013/11/24 14:44:19 | 000,274,869 | ---- | M] () -- C:\Users\Thor\Desktop\ccc.htm


========== Files Created - No Company Name ==========

[2013/12/19 22:04:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/19 22:04:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/19 22:04:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/19 22:04:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/19 22:04:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/12/18 14:14:27 | 000,002,835 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee Pro 6 (64-bit).lnk
[2013/12/18 13:47:14 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
[2013/12/12 14:21:29 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2013/12/06 16:14:25 | 000,119,438 | ---- | C] () -- C:\Users\Thor\Desktop\ELR_candidate_form-signed.pdf
[2013/12/06 04:51:44 | 000,000,220 | ---- | C] () -- C:\Users\Thor\Desktop\Star Trek Online.url
[2013/12/05 23:32:42 | 000,000,222 | ---- | C] () -- C:\Users\Thor\Desktop\Batman Arkham City GOTY.url
[2013/12/05 15:34:27 | 000,000,222 | ---- | C] () -- C:\Users\Thor\Desktop\Broken Sword 5.url
[2013/12/04 12:53:59 | 000,000,512 | ---- | C] () -- C:\Users\Thor\Desktop\MBR.dat
[2013/12/04 12:41:34 | 000,005,257 | ---- | C] () -- C:\Users\Thor\Desktop\attach.zip
[2013/12/04 12:32:49 | 000,001,108 | ---- | C] () -- C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/12/04 12:32:28 | 000,000,909 | ---- | C] () -- C:\Users\Thor\Desktop\ERUNT.lnk
[2013/12/01 18:56:24 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk
[2013/11/30 17:09:39 | 000,256,088 | ---- | C] () -- C:\Windows\SysNative\unrar64.dll
[2013/11/24 14:44:18 | 000,274,869 | ---- | C] () -- C:\Users\Thor\Desktop\ccc.htm
[2013/11/01 22:30:31 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/11/01 22:30:31 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/11/01 22:30:31 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/11/01 22:30:31 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/11/01 22:30:31 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/11/01 22:30:31 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/11/01 22:30:31 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/11/01 22:30:31 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/11/01 22:30:31 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/11/01 22:30:31 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2013/11/01 22:30:31 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/11/01 22:30:31 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/11/01 22:30:31 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/11/01 22:30:31 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/11/01 22:30:31 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/11/01 22:30:31 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2013/11/01 22:30:31 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2013/11/01 22:30:31 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/11/01 22:30:31 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/08/26 06:04:24 | 000,000,008 | RHS- | C] () -- C:\ProgramData\1F764CA33D.sys
[2013/08/11 15:22:56 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-THOR-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
[2013/07/28 18:08:40 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/07/28 18:08:40 | 000,001,892 | ---- | C] () -- C:\Windows\unins000.dat
[2013/04/19 08:08:36 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\Media Player - Codec Pack Disc handler.exe
[2012/11/21 23:39:33 | 000,000,045 | ---- | C] () -- C:\Users\Thor\jagex_cl_speccollect_LIVE.dat
[2012/11/21 23:39:33 | 000,000,001 | ---- | C] () -- C:\Users\Thor\random.dat
[2012/10/21 02:21:05 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/10/21 02:21:05 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2012/10/21 02:21:05 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2012/10/10 17:50:48 | 000,216,072 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/18 13:05:01 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2012/09/16 15:31:11 | 001,239,424 | ---- | C] () -- C:\Users\Thor\P1010012-1.jpg
[2012/09/16 15:22:00 | 004,696,064 | ---- | C] () -- C:\Users\Thor\P1010012.JPG
[2012/09/16 15:22:00 | 004,167,168 | ---- | C] () -- C:\Users\Thor\P1010005.JPG
[2012/08/02 18:23:54 | 000,017,408 | ---- | C] () -- C:\Users\Thor\AppData\Local\WebpageIcons.db
[2012/07/05 01:34:25 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012/05/12 20:07:35 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2012/05/12 20:07:35 | 000,001,651 | ---- | C] () -- C:\Windows\Graffiti5.4.ini
[2012/04/29 00:49:27 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2012/03/07 01:40:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/01/18 16:14:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 16:14:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 16:14:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/12 18:08:03 | 000,000,600 | ---- | C] () -- C:\Users\Thor\AppData\Roaming\winscp.rnd
[2011/11/15 12:43:48 | 000,001,461 | ---- | C] () -- C:\Users\Thor\.recently-used.xbel
[2011/10/22 00:54:27 | 000,005,120 | ---- | C] () -- C:\Users\Thor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/22 00:52:12 | 000,006,318 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/09/20 00:10:11 | 000,000,017 | ---- | C] () -- C:\Users\Thor\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/14 14:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 22:57:25 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 21:51:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/18 14:14:51 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\ACD Systems
[2013/05/10 04:39:10 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Allmyapps
[2012/11/19 01:21:30 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Atari
[2013/11/15 15:12:46 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Audacity
[2013/07/28 16:10:07 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Awesomium
[2013/12/19 21:26:29 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Azureus
[2013/09/12 19:58:12 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Cakewalk
[2011/09/23 04:25:55 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Canon
[2013/05/24 20:41:23 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Cloanto
[2013/07/27 14:17:14 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\com.doubleperfect.ggpo
[2011/12/03 20:47:54 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2011/10/09 15:57:50 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\cYo
[2013/09/13 02:53:29 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\DAEMON Tools Lite
[2013/12/09 18:37:49 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Dropbox
[2012/07/01 06:27:24 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\DVD Catalyst 4
[2012/06/13 02:20:26 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\DVDVideoSoft
[2013/05/22 16:12:36 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Evaer
[2012/09/27 19:30:54 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Fatshark
[2012/12/29 22:00:34 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Games
[2011/11/15 12:43:48 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\gtk-2.0
[2013/12/11 19:45:11 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\HandBrake
[2013/12/16 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\IObit
[2011/09/12 16:36:33 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Leadertech
[2011/12/16 11:55:52 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\LEAPS
[2013/03/28 18:37:59 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\MAGIX
[2012/06/29 22:56:53 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\mkvtoolnix
[2013/11/30 17:14:26 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\MPC-HC
[2013/08/06 09:31:36 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Mumble
[2011/11/09 02:50:26 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Nucleosys
[2013/08/15 22:48:52 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Origin
[2012/06/12 21:33:36 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Pavtube
[2011/12/16 11:47:05 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Pegasys Inc
[2013/06/09 21:59:24 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\PlayClaw3
[2012/10/21 02:24:23 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\PowerUp Software
[2012/05/12 20:08:45 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\proDAD
[2013/03/26 22:46:52 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Publish Providers
[2013/01/28 17:50:53 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\QuickScan
[2013/02/14 07:39:56 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Reincubate
[2012/05/05 18:58:01 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\RenPy
[2011/12/01 20:57:49 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Screaming Bee
[2013/10/23 18:12:46 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\ShiningStar
[2013/12/16 22:57:14 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Sony
[2012/10/19 03:33:17 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Sports Interactive
[2012/03/19 06:09:37 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/12/19 22:26:19 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Systweak
[2013/12/12 14:41:28 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\TeamViewer
[2012/02/10 04:02:01 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\The Creative Assembly
[2012/08/05 06:50:39 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Tropico 3
[2012/12/02 00:26:10 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Tunngle
[2012/05/12 20:03:18 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Ulead Systems
[2013/12/16 22:23:26 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Vphonet
[2011/09/12 10:19:41 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Windows Live Writer
[2012/04/15 00:18:35 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Wondershare Video Converter Ultimate
[2013/12/18 13:23:42 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Zoner

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >












OTL Extras logfile created on: 19/12/2013 11:32:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thor\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.98 Gb Total Physical Memory | 5.70 Gb Available Physical Memory | 71.37% Memory free
15.97 Gb Paging File | 13.42 Gb Available in Paging File | 84.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 39.21 Gb Free Space | 35.11% Space Free | Partition Type: NTFS
Drive F: | 878.92 Gb Total Space | 38.02 Gb Free Space | 4.33% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 455.08 Gb Free Space | 24.43% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 435.18 Gb Free Space | 46.72% Space Free | Partition Type: NTFS
Drive L: | 984.09 Gb Total Space | 224.65 Gb Free Space | 22.83% Space Free | Partition Type: NTFS

Computer Name: THOR-PC | User Name: Thor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 6.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 6.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0296731B-C60F-432B-BDA0-59CCAF7F0B4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{044B4C36-A368-45C8-92B8-D88E67BFB3EB}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{129891D5-FCF5-4DFD-B2E3-06C45CD42069}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{237123B4-3C00-4E12-83A0-D4DAEA61D3CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{252B65FA-7EBA-4C77-BA00-F0DE80101DB9}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{2FC04034-9CC1-4076-83FC-0D9D50DF657D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{453F0B99-D647-4E66-953B-50CF48AF0E71}" = lport=10243 | protocol=6 | dir=in | app=system |
"{47F7C5EB-B1D7-4179-A0D4-A1D7CE82D13C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4992639F-13AF-40A9-8C0D-849FA1F4C5BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E8F577B-213A-496A-86D6-F463E3D5E4E5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4F56542F-A378-4E5B-8544-D969001744CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5000AEE2-6AA0-4656-B7F4-F07C363C5A0A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5014A777-F0F6-4AFC-9A83-14012AB3227B}" = lport=445 | protocol=6 | dir=in | app=system |
"{55C7D750-4F34-4E86-B5F5-94A4A63A1243}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57AEDA44-8624-44C1-88FE-63C4DCBE33FC}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{5B9077EF-C5F9-400B-8CFD-40FA3EBE1ABC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5DEF54FE-B99D-4D70-9C48-E14B1CD05B43}" = rport=445 | protocol=6 | dir=out | app=system |
"{6BFCC6EF-7AC8-4C42-A023-57193B95EC6C}" = rport=139 | protocol=6 | dir=out | app=system |
"{77C9EFA1-C545-4312-9AA9-5FD611767D16}" = lport=138 | protocol=17 | dir=in | app=system |
"{86892FCA-6CEF-4973-AC04-124FD471FD5D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{94B3616B-2102-46F0-8889-274313391E6A}" = lport=137 | protocol=17 | dir=in | app=system |
"{A11AEDD7-5055-40F3-924C-9CC2AC24BE84}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4E6C1B2-D5DD-4364-9C42-C0B4658F0AC1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A80703EC-79A2-4DFA-9204-C22CF096757A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC7BAB00-BB40-4385-A515-40DD0B9E86DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AD0D1D9D-1936-4D3E-BC49-0D5E32710E49}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D04F087D-E070-4FC9-A710-FC3D2C700ECE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{DB3BF7FB-AD5E-45EC-A1B9-28FFD43656D4}" = rport=137 | protocol=17 | dir=out | app=system |
"{FC12B0E8-AD85-4523-B2F1-A33ECDC42349}" = rport=138 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03245FD4-CA55-4916-86E6-3DF4D942B500}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{036EA3AD-AFBF-4CE9-B441-5AB69074C53E}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{045EC768-F082-4E94-B6FE-96C8424CFBD8}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{04A896A0-2DB9-44F7-973C-92307693B143}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\gstd - rise of the owlverlord\launcher\gslauncher.exe |
"{04E3E3C6-93FA-4432-98DE-5AC694398FD8}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{05B3CB89-8366-4176-81C1-9EACDCC8EBE8}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\broken sword 5\bs5.exe |
"{07676BF3-7407-45FC-BB63-7A1321BCC22E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{076E050F-9458-466F-AD7B-62436418E3C6}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{0B18E854-905C-42EF-95A8-8B1E8208E7AC}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{0D32E838-426C-4126-A08B-818324A42546}" = protocol=17 | dir=in | app=j:\program files (x86)\tera\tera-launcher.exe |
"{0DF751B2-B4CB-4FF2-BBFC-2520019C90C9}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\launcher.exe |
"{0FC038A8-FAD8-4B0C-AFFB-459ACDC275E9}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{10482388-8B8C-4130-A145-B6242628BDED}" = protocol=17 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\rm.exe |
"{188F91FE-06FF-4D77-9DD4-8D6AF390DE5A}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{1937B7AE-EB23-4FE8-99E3-53663AA378D9}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1C40033E-3AE1-4335-9AE0-82C7189162D4}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\football manager 2014\fm.exe |
"{1C662277-2DB9-4861-8DB2-3616BD873D50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1CF8A7BB-CDCA-4F04-B983-4A5E1515A4DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1D82C45C-9C37-497B-BB32-F264C51308E5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1F169BAF-0F73-4895-B173-7F781911E74C}" = protocol=17 | dir=in | app=j:\program files (x86)\origin\games\dead space 3\deadspace3.exe |
"{205EBF63-516C-483C-9044-944EF792A3DF}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{20E30094-C1D6-41D9-9CA3-1C2BFB3D513E}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{23162F58-E5E6-4677-B2BC-0FD65DA343C1}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\king's bounty - warriors of the north\kbwotn.exe |
"{241E22CB-1680-4B75-9C03-30ACC94F857C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\nation red\nationred.exe |
"{24748187-FCC1-4834-A307-50A83343310C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steam.exe |
"{2506B3A3-9605-4065-8CF1-0A30F61B848B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{250E1F8B-5B17-4C27-9E0D-C8FC55D9D469}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\broken sword 5\bs5.exe |
"{26DFD814-77F8-4CB9-9FE8-03F7F08BFDB1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2975C060-85CA-4C53-8E74-110AAD28CFAA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E977CE4-A6BF-40C2-902B-13BB53E1C3C2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{2FD359A4-3DC1-4D48-9CC6-7EAA83561761}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\broken sword 5\bs5.exe |
"{317C0E9A-5DE6-4536-920A-94B0CB79908D}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strike suit infinity\pc\main\binary\ssz.exe |
"{319DCBD7-63B7-44C6-A32C-6421B1C48A60}" = protocol=6 | dir=in | app=j:\program files (x86)\tera\client\tl.exe |
"{352DFB2C-1CC7-494E-858C-5C5D048AFCB9}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{35DAE44B-9407-42A4-9010-881F41DAFD89}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\restaurant empire 2\re2.exe |
"{36EAE5D0-349B-401F-AC30-12EF75962E00}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{381B6867-9B7C-4485-81D7-7C9DEAB0AA79}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{3B3F55C7-EAD0-4E59-9117-A043DA30C971}" = protocol=6 | dir=in | app=c:\program files (x86)\kinoni\epoccam_and_barcode_drivers\kinonisvc.exe |
"{3E2BA346-9CEB-408E-B804-E2FF9DEF332C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{40C8ABAC-8002-4897-9970-1FF4E116A06B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47D0D9F2-F160-4FA4-8CD2-CE710167B376}" = protocol=6 | dir=in | app=j:\program files (x86)\tera\tera-launcher.exe |
"{489FB914-58C5-4079-9A6A-0E0978BF63D8}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strike suit infinity\pc\main\binary\ssz.exe |
"{4A100514-E23B-4562-818E-4749406BD81F}" = protocol=6 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\ngstudio.exe |
"{4A86390F-4A79-4AF1-9053-039778375323}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{4C435E78-1FE0-43DB-8C0C-BBB4ACCFBF5D}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{4D50782B-F9E6-479A-870D-FA43AEFC7029}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\broken sword 5\bs5.exe |
"{4E746127-C150-4983-9FCF-318D27656183}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5055451F-57E2-4D21-AB7E-414784841D4E}" = protocol=6 | dir=in | app=j:\program files (x86)\origin\games\dead space 3\deadspace3.exe |
"{52D4C3B0-D111-4EB7-9BDC-96629C31CEE3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{542FE241-1D43-47D8-9BAE-65A188AA8826}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{55C9B959-725C-4DF4-97F6-82D989710B56}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe |
"{55DC9091-AAB9-40C0-9583-B8EFCFA8637D}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{57ABCE6F-90A0-4ABE-B30E-A2BF66F5E7C3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5A958567-E70E-4565-BD20-1C7A1A9C0BF8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{5C12C1DA-6CE6-4F79-9F9F-58FDD2225432}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{5C224E4D-E133-421E-AFD1-B6457FD79F57}" = protocol=17 | dir=in | app=c:\users\thor\appdata\roaming\dropbox\bin\dropbox.exe |
"{5FC7AB70-6223-4465-84C9-FCF6C5D645D5}" = protocol=17 | dir=out | app=j:\program files (x86)\tera\client\tl.exe |
"{62578B19-8E16-42DA-8341-C3F58E5CE6C7}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{62D31C75-35B1-49C5-822B-2AAB69B4FC4E}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{655264B9-93EC-425A-9D11-4EF7CD668E65}" = protocol=17 | dir=in | app=j:\program files (x86)\origin\games\battlefield 4\bf4.exe |
"{6946D538-12D8-4BAC-8672-74B43470E660}" = protocol=6 | dir=out | app=j:\program files (x86)\tera\tera-launcher.exe |
"{69650794-1BF5-46B6-9BF1-6E8056CC3410}" = protocol=6 | dir=out | app=j:\program files (x86)\tera\client\tl.exe |
"{6A1329D5-C2FB-41B1-BAF0-0302CA948E61}" = protocol=17 | dir=in | app=j:\program files (x86)\tera\client\tl.exe |
"{6A62BC18-0A3E-495B-B241-7FCB3EFB9A40}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{6AEF5BF8-CFCB-4FDB-8169-22D1024A293E}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{703E78F4-945F-46CE-84BC-8E0A239AA70C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{72998535-CA1D-4D32-9E6F-DE9A600DDC83}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{72A532B7-FFB0-4F10-89AB-51EFF875BB9E}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\football manager 2014\fm.exe |
"{76A21391-F716-4D04-A88E-FD0DE4588B54}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7713605C-C61D-45D2-BBD8-004383972403}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{78AC5D0F-A787-4A6E-9AB1-A0F0D4C4277D}" = protocol=17 | dir=in | app=j:\program files (x86)\diablo iii\diablo iii.exe |
"{79860829-9BB9-48B5-B9E0-A827B8574C52}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\broken sword 5\bs5.exe |
"{79CDA04C-D57D-4831-B8C8-F8437A1CDAC9}" = protocol=17 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\umi.exe |
"{7CDE8E72-E1E8-49E0-8E5A-D14CA6CA12CE}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{7E01A260-B97D-4E0A-A389-B6A91749709E}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{7E78A5E7-5786-4284-A235-FDD546D3E458}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\king's bounty - warriors of the north\kbwotn.exe |
"{80297E6C-4587-4E5E-B520-8115CAF72521}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe |
"{818959BE-457B-4D2E-97DB-0ADC82D3CEFA}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{8671F8B1-2E73-4572-BE5F-FACA1595846F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8A2089F8-05BE-44D9-99A7-D43E9346E96C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{8AA171D3-44A7-4416-9EA4-D8F7179CE37E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8DB0071A-5B11-46FA-B94B-3602FBA11010}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steam.exe |
"{8E6E3D7C-88A1-4175-917C-A250743D8962}" = protocol=17 | dir=in | app=j:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{8F3A03FE-4905-49B3-82B8-89D70C2EE34B}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{95A4EA33-4FF9-4151-9EA1-1B2B8EFA6CD1}" = protocol=17 | dir=out | app=j:\program files (x86)\tera\tera-launcher.exe |
"{98A9BFBD-C7FF-48FC-BDF0-88A0375B6D0D}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{9B8DBA77-69A2-4F03-8714-52238253CB99}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{9F697F68-E618-4154-B16F-7B9F7CDDE1FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0775501-653B-442B-9CCD-B5227A5CA941}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A24FECD2-9E0B-44E7-B0B6-9908083BA2F7}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{A2E48599-7489-4B1E-A4E3-6F6C79EFAEC1}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{A41DA63D-DC4A-41F7-B145-7EF5BF1A2C70}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{A5E78DA6-6AA3-45BD-972F-C250F1E4206A}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\batman arkham city goty\runlauncher.bat |
"{A62F8653-D028-4BD7-90E0-51830654BAE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A695C555-8B9D-4ECF-9944-25C58CDA6DFA}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\restaurant empire 2\re2.exe |
"{AC0AF909-648A-4F96-83B5-05522F82A14F}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{ACF19106-5DA9-402E-A99E-918D4E287E24}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{AD1EBF28-185E-45A7-8F40-63CCBBDF0260}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B06D9B51-FBBC-4DB6-A7FC-43D5C89486ED}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{B0FD172C-E57C-4C77-A071-278255267576}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B1BD8D6F-A9EA-4454-914F-F981B4EAD670}" = protocol=6 | dir=in | app=j:\program files (x86)\origin\games\battlefield 4\bf4.exe |
"{B290171F-DC1D-447E-8672-F356BC5A2FF3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B41AB17A-5E7E-46BE-9ADF-C110CBDA49E6}" = protocol=6 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\umi.exe |
"{B4F1050F-7337-4DCA-8E94-7A063EB61F02}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{B78813FE-AB34-4FE3-A1B7-54E4757B401D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B8FDF449-377C-4466-87AC-2B5CDEE0BD72}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{B96AAF52-D344-426A-B5ED-29F01BD779A6}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\launcher.exe |
"{B98E6E2F-A0C6-4660-8114-D82487F7701C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{BB1572CA-4108-464D-BC27-AD74809A2180}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{BBC5C788-9C10-41BD-A067-4BA53FB67310}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{BC97CF15-F299-4F7F-BDF7-E56417A3C21C}" = protocol=17 | dir=in | app=j:\program files (x86)\origin\games\battlefield 4\bf4_x86.exe |
"{BDE93427-42D0-43EA-8B14-643E82A2CDAB}" = protocol=6 | dir=out | app=c:\program files (x86)\kinoni\epoccam_and_barcode_drivers\kinonisvc.exe |
"{CAC4761A-1CCB-4428-A161-4D51BC362CF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB0C6B7B-C6A6-45F2-B0F6-29D055C0C535}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CBA77A2A-EB6A-4264-8D17-C248CD7536EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCA063FA-28C1-4BD8-8B93-FB92440120DA}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{CD60C295-2234-497B-BB2D-D4E1B633E16F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{CDB66DB9-B85F-43F9-8750-7F8F4608EC80}" = protocol=6 | dir=in | app=j:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{CEC84D4D-711A-47DC-A8DE-BA697F8002F9}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\batman arkham city goty\runlauncher.bat |
"{CFDA5928-6BF5-4F75-A618-81C872A2EE86}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{D005BD1E-A634-4277-AE0E-79D82C6C2759}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe |
"{D135AA02-E72B-42F5-98B5-74F64A11AC7E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D1436489-9AAB-4D34-BA4E-E2FD5C3FB892}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{D1990E46-50C6-4271-A003-5BF4D0090FA1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3870C2B-9B29-4F50-A68A-B1FE5CC09DE9}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\nation red\nationred.exe |
"{D54E983E-ADC7-4EF6-B0DC-73978EC09284}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe |
"{D7B39753-DCA2-440D-AFC7-82358CBAEEBD}" = protocol=6 | dir=in | app=j:\program files (x86)\origin\games\battlefield 4\bf4_x86.exe |
"{D8CF11B1-9637-4FFF-8795-8406A278F179}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{D9A942CB-BCE1-4400-BEFA-DAB844924C0F}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\broken sword 5\bs5.exe |
"{DABAC0C9-7FC3-4AE9-9B88-E6A6043EF8D8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DB560EE7-EF38-4655-B4BC-D6F418EF1C03}" = protocol=6 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\rm.exe |
"{DC0CC9AD-9DF8-4CAB-AEFD-7DB77DF66E1C}" = protocol=6 | dir=in | app=c:\users\thor\appdata\roaming\dropbox\bin\dropbox.exe |
"{DC31E367-6428-4FFB-8860-815DE0C75030}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE1B3A23-43E7-4B53-8A40-CBA3CC325E38}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe |
"{DE7F3CC3-DF12-4F19-AFBF-306C0B047171}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{E0A10353-7349-4CA8-8390-18C3042329BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E40547F5-EFBF-4F1F-B442-4A4A1B91E5CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E46523E4-C0F6-4A06-8397-0970E3A73BCA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9551D78-6AE3-4E79-9F63-F4CF47EE77B4}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{E9824F88-9362-4E4C-8494-CE24B1B10C3C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{E9DA698F-CD94-4FB6-9216-A500E211ADD4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{EA8D0CD7-522B-47D1-935A-280B3BD3244A}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\gstd - rise of the owlverlord\launcher\gslauncher.exe |
"{EC75AA72-5D6E-4FA5-A962-DD36F9DA1EAF}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{EE9573BD-68DF-4ADB-BE09-B82848C3A4CD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F037A718-EE5F-4A91-A7FA-18742D4CBED5}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe |
"{F0515D1A-9BB2-48BF-B06D-924628F5CF22}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F0934744-C3CC-45F8-A84F-8AB68C8A9136}" = protocol=6 | dir=out | app=system |
"{F0B2854B-BF50-4F3C-8FD0-104B82BCB620}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{F275DF25-91B5-4F84-BF4E-3E8C54F62E4F}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\batman arkham city goty\binaries\win32\batmanac.exe |
"{F27F2BF0-5F69-43FA-AAF0-86395EE39C39}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{F2B58789-3568-45D7-B7C7-8252DA89571E}" = protocol=17 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\ngstudio.exe |
"{F86CFE52-910B-4410-A724-F37258E98298}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{FAC03808-A545-4194-A89E-852833B6DDD4}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{FB11F2C7-83EB-4C1B-A48A-01E8C3E914CD}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"{FB82B1D4-8768-47F0-81BD-4F38831F063D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FCEFC653-31AF-4186-9761-814EA769D6B1}" = protocol=6 | dir=in | app=j:\program files (x86)\diablo iii\diablo iii.exe |
"{FEBDCC2E-6F90-4761-B216-5CB4FF4BFEA9}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
"TCP Query User{0FD82494-D36C-4D57-9FCE-40BEF99ECB44}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{203DB1D8-3FA1-49D8-A49A-6F874444FF81}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"TCP Query User{212B7DE8-DC1A-4F85-B890-3E024E3E727B}F:\backup stuff\ggpo\ggpo.exe" = protocol=6 | dir=in | app=f:\backup stuff\ggpo\ggpo.exe |
"TCP Query User{24237234-F5A8-42ED-9471-20757642CD81}C:\users\thor\desktop\programs\ratiomaster.net.exe" = protocol=6 | dir=in | app=c:\users\thor\desktop\programs\ratiomaster.net.exe |
"TCP Query User{4AF6A521-893D-4589-AC10-AEDF6FB31F92}J:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{4FF81B39-3421-4910-A2C6-4FCF79F03706}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"TCP Query User{56FD6CC0-0E53-49D9-83E8-38BAA1CA4C51}G:\ggpo\ggpofba.exe" = protocol=6 | dir=in | app=g:\ggpo\ggpofba.exe |
"TCP Query User{5759B9AF-A915-4332-AE7C-A87959287A56}C:\program files (x86)\gigabyte\@bios\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gbtupd.exe |
"TCP Query User{71A37ED6-27E3-46B4-8BD3-5D49EEA73BB5}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{8FC7339D-1AC8-4EE4-BBB7-9346BC3B2757}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
"TCP Query User{A5E95334-12D9-47F6-BFE9-17CBD4FA5691}J:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{D328B1FF-69AD-4E70-9FA1-6D00DC452AB7}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
"TCP Query User{DA05FADE-AA11-4BC5-91FD-7E81016DC94D}C:\program files (x86)\gigabyte\@bios\updexe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\updexe.exe |
"TCP Query User{F3F788CA-E462-453B-8FC1-EE13610A73F5}G:\ggpo\ggpo.exe" = protocol=6 | dir=in | app=g:\ggpo\ggpo.exe |
"UDP Query User{066EFEF0-0F4C-4858-82BF-2CBF101DAA1B}F:\backup stuff\ggpo\ggpo.exe" = protocol=17 | dir=in | app=f:\backup stuff\ggpo\ggpo.exe |
"UDP Query User{61146518-AD39-4214-BEBF-489F60192418}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
"UDP Query User{6B5A3915-8275-4091-A2ED-8645CF4501D4}G:\ggpo\ggpo.exe" = protocol=17 | dir=in | app=g:\ggpo\ggpo.exe |
"UDP Query User{6C156A94-D386-4C68-8929-07656956D749}G:\ggpo\ggpofba.exe" = protocol=17 | dir=in | app=g:\ggpo\ggpofba.exe |
"UDP Query User{6FBA7870-5DB8-4DA0-AFAA-7615635B4173}J:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{87E410D1-0860-4FDC-905F-1AAA29F30492}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{90526D14-8FDD-4261-B926-A001CDA3B441}C:\users\thor\desktop\programs\ratiomaster.net.exe" = protocol=17 | dir=in | app=c:\users\thor\desktop\programs\ratiomaster.net.exe |
"UDP Query User{C57D4718-3C39-4C05-86BF-C97286032997}C:\program files (x86)\gigabyte\@bios\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gbtupd.exe |
"UDP Query User{D6A9F9F5-9C94-4CB8-BC31-F74EEA3A3329}J:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{E1DE465B-4DCB-4296-B05D-42510EDC7A14}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{E5DBF925-E051-4DB2-B8A2-F3820BEDD625}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
"UDP Query User{E712E149-E313-4342-BB38-FDAF62F9C671}C:\program files (x86)\gigabyte\@bios\updexe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\updexe.exe |
"UDP Query User{FA1C406C-7376-4EEB-A12E-48B3DFA20394}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{FF959B48-2019-40A1-9221-C2CBE0F7766F}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client
"{190BC83F-D54E-4494-830E-7FB4A5F4B964}" = Local Subtitles for 64-bit WMP
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2599B6F1-92AC-472C-BE60-9F17565E4938}" = PowerDirector
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{2F74F544-9A53-4787-A6B1-0844359040D7}" = MAGIX Speed burnR (MSI)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}_is1" = WinDS PRO 2012.10.2
"{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{6879B3DC-9DEF-4D60-BFF0-C96F2588685D}" = Intel(R) Rapid Storage Technology
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
"{B5CF4CFE-3080-4436-A8A5-00CFDC0F7918}" = MAGIX Video deluxe Premium 2013 Update
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CAF674E0-808C-4CF4-8868-A755EBABA228}" = ACDSee Pro 6
"{D000D1C0-6E80-4FC4-BE4E-A88872C0616F}" = Share64
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D5FE818E-F1C7-44F8-A3C0-C08761906E27}" = Share64
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}" = PowerDirector
"{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}" = MAGIX Movie Edit Pro 2013 Premium
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.144
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.67.1
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"DriverAgent.exe" = DriverAgent by eSupport.com
"Logitech Gaming Software" = Logitech Gaming Software 8.50
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NewBlue Art Effects for PowerDirector" = Newblue Art Effects for PowerDirector
"Recuva" = Recuva
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR archiver
"ZonerPhotoStudio15_EN_is1" = Zoner Photo Studio 15


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{1A1BD41E-9854-4957-8959-F9559A8862A7}" = Corel VideoStudio Ultimate X5
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{02E12A07-1BB9-44D6-A480-4EA42DB9E122}" = Boris Graffiti for Corel
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06ACD0D6-537A-4831-9608-AA74A5795698}" = Fantasy Sound Pack
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DB44859-4112-4946-BE5E-A4275B3FFB5E}" = Furry Voices for Second Life
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA
"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A1BD41E-9854-4957-8959-F9559A8862A7}" = ICA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F8BC72D-14B1-4DCA-BD9E-49D712CF035D}" = C64 Forever
"{20052CA0-FF43-4901-8261-E6DBF0A09ED1}" = Farm Animal Sounds
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216E21F4-0489-4311-92D6-20D1FB950FCE}" = Sci-Fi Voice Pack
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}" = Pinnacle Studio 16
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}" = Update Manager B10.0728.1
"{29C042AB-059B-414C-840E-94775E3F24A8}" = Personality Voices
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336E1A2D-E3EB-4846-B7D0-BD75BBBBC0A4}" = Deep Space Voices
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B11.0512.1
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.6.0
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0630.1
"{45BF4F8E-7BE7-4384-94C6-60AC70C401C6}" = Male Voice Pack
"{48A00644-2D97-43B5-A614-603DECF3E5F6}" = Boris Graffiti for Corel
"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}" = SpyHunter
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B616A3F-43D9-4F0B-9F49-D39342A98592}" = Creatures of Darkness
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{602A1471-063B-4E03-9DCE-0210B914EFF5}" = Translator Fun Voice Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66C70B5F-730F-4C5D-9FC5-8E56D0FE7D53}" = IPM_VS_Pro
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A6F7B28-E178-47AC-8654-A654ADA6C777}" = VSHelp
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{71F8C486-8A13-468E-8B73-06051075556A}" = Female Voice Pack
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79A743FA-FF99-42DF-8C35-BA40EAEA6668}" = Comic Sound Pack
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}" = LUMIX Map Tool
"{8061C2C9-C2A3-4550-A3FC-585B646840CB}" = Fantasy Voice Pack
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8AA4F966-EF4B-44D8-99AA-C4EA93B46863}" = VSClassic
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A1E21995-127E-4B7F-8C4D-CB04AA8A58EF}_is1" = Advanced System Optimizer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BB86DF-EE99-41EB-9446-B4623A725E2A}" = Livestream for Producers
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8887C7B-0BCC-4FBF-BCEB-9BB4D4B14999}" = Setup
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{ABBC8011-1E42-4ADA-9794-574349612CEF}" = iWebcamera
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B0C00181-ECF5-4124-A6DE-14EA663D4799}" = Blue Satin Skin
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C13FE7DE-D34D-48CC-9FA3-8DB9A3621B98}" = PHOTOfunSTUDIO 9.1 PE
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C2A254F4-AC74-482F-8F09-DB2843AC2AAE}_is1" = LoiLoScope Download
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C717B4D4-2EFA-4DC3-8EDB-79543E43666C}" = VSUltimate
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{CA486743-5F44-40D5-A38B-77911FB27579}" = Contents
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D13F2D95-1CE0-4147-846F-89ECB2E9A5CD}" = Sci-Fi Sound Pack
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents
"{D813EF9B-69CF-4996-893C-B400AE7292FA}" = Spooky Sounds
"{D84B7C7E-2E4D-4002-8CA8-EED4EDB333AC}" = MLE
"{D875FFEE-2FCE-4774-902A-749198C00A68}" = PureHD
"{D91802D9-6A42-4563-BC37-B3E2D04DC95B}" = Ancient Weapon Sounds
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share
"{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO
"{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCDC6934-7428-489E-8651-90B53191488B}" = ISCOM
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF3FE308-58F2-45E2-9BB0-6A993794AD5C}" = Galactic Voices
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E7E76513-335F-4995-86CF-A85B77D8D975}" = Sci-Fi 2 Sound Pack
"{EEBEF66A-70FD-4DF6-B173-82D07E61853E}" = Share
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}" = Pinnacle Studio 16 - Install Manager
"{F2979728-5C01-4D39-8974-DBC579C3BD49}" = Usage Agent
"{F38DC282-11BE-45D8-8754-D3D40F3D7FBE}" = Google+ Auto Backup
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FC6DAF3E-52C2-43AD-9C50-810F8943C79E}" = BigPond Media Downloader
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 7_is1" = Advanced SystemCare 7
"Audacity_is1" = Audacity 2.0.3
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.3_is1" = Cheat Engine 6.3
"Cloanto Software Director" = Software Director
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Desura" = Desura
"Diablo III" = Diablo III
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Duplicate Commander" = Duplicate Commander 3.0
"DVD Catalyst" = DVD Catalyst 4.1.5.2
"Dxtory2.0_is1" = Dxtory version 2.0.122
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"Evaer Video Recorder for Skype" = Evaer Video Recorder for Skype 1.3.4.15
"FastStone Image Viewer" = FastStone Image Viewer 4.9
"Fraps" = Fraps (remove only)
"GOGPACKTHEWITCHER2EE_is1" = The Witcher 2 - Assassins of Kings Enhanced Edition
"GoldWave v5.68" = GoldWave v5.68
"HandBrake" = HandBrake 0.9.9.1
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0630.1
"InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"InstallShield_{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}" = LUMIX Map Tool
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"KinoniDrivers" = KinoniDrivers 2.8.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.1.5 Full
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Lightspark" = Lightspark 0.5.3-git
"Logitech Vid" = Logitech Vid HD
"MAGIX_{2F74F544-9A53-4787-A6B1-0844359040D7}" = MAGIX Speed burnR (MSI)
"MAGIX_{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}" = MAGIX Movie Edit Pro 2013 Premium
"MagniDriver" = marvell 91xx driver
"MakeMKV" = MakeMKV v1.8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.1.0.4
"MKVToolNix" = MKVToolNix 5.6.0
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Origin" = Origin
"Picasa 3" = Picasa 3
"proDAD-HeroglyphRoute-4.0" = proDAD Route 4.0
"proDAD-Mercalli-2.0" = proDAD Mercalli 2.0
"proDAD-Vitascene-2.0" = proDAD Vitascene 2.0
"PS3 Media Server" = PS3 Media Server
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"SopCast" = SopCast 3.4.8
"Stardock Central" = Stardock Central
"Steam App 105600" = Terraria
"Steam App 200260" = Batman: Arkham City GOTY
"Steam App 203350" = King's Bounty: Warriors of the North
"Steam App 209540" = Strike Suit Zero
"Steam App 210770" = Sanctum 2
"Steam App 215530" = The Incredible Adventures of Van Helsing
"Steam App 223220" = Giana Sisters: Twisted Dreams
"Steam App 231670" = Football Manager 2014
"Steam App 234160" = Strike Suit Infinity
"Steam App 238960" = Path of Exile
"Steam App 246960" = Giana Sisters: Twisted Dreams - Rise of the Owlverlord
"Steam App 262940" = Broken Sword 5
"Steam App 32900" = Restaurant Empire II
"Steam App 39800" = Nation Red
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 620" = Portal 2
"Steam App 9900" = Star Trek Online
"TeamViewer 9" = TeamViewer 9
"The KMPlayer" = The KMPlayer (remove only)
"TMPGEnc Video Mastering Works" = TMPGEnc Video Mastering Works
"Tunngle beta_is1" = Tunngle beta
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"VLC media player" = VLC media player 2.0.8
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.6
"xvid" = Xvid MPEG-4 Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19/12/2013 6:04:55 AM | Computer Name = Thor-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 19/12/2013 6:04:55 AM | Computer Name = Thor-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 19/12/2013 6:07:05 AM | Computer Name = Thor-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 19/12/2013 6:58:28 AM | Computer Name = Thor-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "F:\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 19/12/2013 7:57:31 AM | Computer Name = Thor-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 19/12/2013 7:57:31 AM | Computer Name = Thor-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 19/12/2013 7:59:46 AM | Computer Name = Thor-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 19/12/2013 8:56:19 AM | Computer Name = Thor-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 19/12/2013 8:56:19 AM | Computer Name = Thor-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 19/12/2013 8:58:34 AM | Computer Name = Thor-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.)
active for over two minutes. This places considerable burden on the network.

[ System Events ]
Error - 19/12/2013 8:39:55 AM | Computer Name = Thor-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 19/12/2013 8:42:12 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 19/12/2013 8:56:18 AM | Computer Name = Thor-PC | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 19/12/2013 8:56:17 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the CryptoStorage
control service service to connect.

Error - 19/12/2013 8:56:17 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7000
Description = The CryptoStorage control service service failed to start due to the
following error: %%1053

Error - 19/12/2013 8:56:17 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Intel(R)
Capability Licensing Service Interface service to connect.

Error - 19/12/2013 8:56:17 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7000
Description = The Intel(R) Capability Licensing Service Interface service failed
to start due to the following error: %%1053

Error - 19/12/2013 8:56:18 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Skype
Updater service to connect.

Error - 19/12/2013 8:57:19 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 19/12/2013 8:57:54 AM | Computer Name = Thor-PC | Source = DCOM | ID = 10010
Description =


< End of report >






And thats the last of the monster files.
 
Run this quick scan and if dont find that bad program we will look deeper into it

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
 
OK, you will need to download and run the 64 bit version of System Look

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :folderfind
Advanced System Protector
:filefind
Advanced System Protector
:regfind
Advanced System Protector
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
SystemLook 30.07.11 by jpshortstuff
Log created at 01:02 on 20/12/2013 by Thor
Administrator - Elevation successful

========== folderfind ==========

Searching for "Advanced System Protector"
C:\ProgramData\Systweak\Advanced System Protector d------ [12:56 19/12/2013]
C:\Users\All Users\Systweak\Advanced System Protector d------ [12:56 19/12/2013]
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector d------ [12:56 19/12/2013]

========== filefind ==========

Searching for "Advanced System Protector"
No files found.

========== regfind ==========

Searching for "Advanced System Protector"
No data found.

-= EOF =-
 
After you run this fix and post the log from the fix, open Malwarebytes....check for updates....and then run a new Quick Scan


Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL


:Services

:Reg

:Files
C:\ProgramData\Systweak\Advanced System Protector
C:\Users\All Users\Systweak\Advanced System Protector
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[EMPTYJAVA] 
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces
 
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\ProgramData\Systweak\Advanced System Protector\updates folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector folder moved successfully.
File\Folder C:\Users\All Users\Systweak\Advanced System Protector not found.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Thor\Desktop\cmd.bat deleted successfully.
C:\Users\Thor\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Thor
->Java cache emptied: 0 bytes

User: UpdatusUser

User: UpdatusUser.Thor-PC

User: UpdatusUser.Thor-PC.000

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Thor
->Temp folder emptied: 3354456 bytes
->Temporary Internet Files folder emptied: 6753104 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4252737 bytes
->Google Chrome cache emptied: 399598959 bytes
->Flash cache emptied: 723 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser.Thor-PC
->Temp folder emptied: 0 bytes

User: UpdatusUser.Thor-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54547 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50461 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 395.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12202013_015125

Files\Folders moved on Reboot...
C:\Users\Thor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Thor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6P27UKE\ADSAdClient31[2].htm not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...






I'm not sure if you wanted me to post the malwarebytes after the scan but it found a bunch of stuff..



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.19.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thor :: THOR-PC [administrator]

20/12/2013 1:56:20 AM
mbam-log-2013-12-20 (01-56-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296251
Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.

Files Detected: 19
C:\ProgramData\Systweak\Advanced System Protector\signatures\completedatabase.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Cookies.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\DigSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FilePaths.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FileSignature.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Folders.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Md5.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Registry.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\SetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\StrSetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1545completedatabase.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1615mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1616update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1617update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1618update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\Thor\AppData\Roaming\Systweak\Advanced System Protector\Update.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.

(end)
 
Go ahead and reboot run Malwarebytes again, this time open Malwarebytes ...check for updates then close it

Boot to safemode

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode


Then in safemode run the quick scan again, reboot back to normal windows and post the log
 
Status
Not open for further replies.
Back
Top