Help clearing trojan/malware issues

[vlahka]

Sorry about the vague title as my issue was a little surprising. I downloaded a program and unfortunately it had some sort of malware attached to it which kaspersky picked up straight away and deleted. I did the extra things after like malwarebytes scan and spybot scan as well as windows defender. Restarted pc and all was fine. Today I turn the system on and fire up a program I use often, fraps, and for some reason kaspersky picked up and deleted a trojan. So I'm just needing to know if my system is clean because that was a little worrying. Spybot is picking up a trojan that it cant seem to get rid of though. Apologies if I did anything wrong below.




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.25.2
Run by Thor at 14:00:24 on 2013-08-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.4204 [GMT 9.5:30]
.
AV: Kaspersky PURE 2.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 2.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky PURE 2.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
J:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
J:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
H:\Program Files (x86)\Evaer\videochannel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\drahtwerk\iWebcamera\iWebcameraApp.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtblfs.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://battlelog.battlefield.com/bf3/gate/?returnUrl=|bf3|servers|
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} - <orphaned>
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [Steam] "J:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\Thor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [avichannel] "H:\Program Files (x86)\Evaer\videochannel.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [Driver Genius] <no file>
mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
StartupFolder: C:\Users\Thor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{51AF2091-0927-4023-86DB-142FD3B91A25} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{73427270-A448-4497-95DC-8D915CF25F20} : DHCPNameServer = 7.254.254.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - <no file>
Notify: klogon - <no file>
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} -
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll
FF - plugin: C:\Users\Thor\AppData\Local\Google\Update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-27 21:35; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2013-06-27 21:36; greasemonkeybcsf@stpors.net; C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\greasemonkeybcsf@stpors.net
FF - ExtSQL: !HIDDEN! 2012-08-02 18:21; linkfilter@kaspersky.ru; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 5464a42d00000000000000ff73427270
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15775
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.00:26:30
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;J:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-2 8704]
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2012-11-1 85048]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2011-11-11 313648]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-18 52760]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-9-25 21104]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2012-11-1 66104]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-4-22 283200]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-10-20 13616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [2012-8-30 202328]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-9-10 21992]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-9-25 68136]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-25 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-7 629984]
R2 KinoniSvc;Kinoni Service;C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [2013-2-27 525312]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-8-11 625816]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-9-25 390672]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-9-6 27136]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-8-6 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-8-6 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-8-6 171928]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-9-25 114688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-1 2754984]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-6 363800]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2012-7-5 65152]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-8-17 88576]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-9-6 30528]
R3 KINONI_Wave;Kinoni Audio Source;C:\Windows\System32\drivers\kinonivad.sys [2013-2-27 23040]
R3 kinonivd;Kinoni Video Source;C:\Windows\System32\drivers\kinonivd.sys [2013-2-27 2782848]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2011-11-15 410184]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2011-11-15 341832]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-11-15 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-11-15 16008]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-2-3 58528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-25 533096]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-9-25 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\System32\drivers\CamDrL64.sys [2007-2-3 955680]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-12-13 131912]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-9-25 21712]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-9-7 25640]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-14 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\System32\drivers\ladfDHP2amd64.sys [2010-9-29 62168]
S3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\System32\drivers\ladfSBVMamd64.sys [2010-9-29 377176]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-15 351392]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-6-13 343856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-9-6 20992]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-9-12 31800]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2011-9-6 51712]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-9-6 24064]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2011-9-6 51712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-6 59392]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-12-1 745368]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-9-6 24064]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-05 23:49:22 -------- d-----w- C:\Users\Thor\AppData\Local\{7039926E-B54A-4F22-B94D-F288F200E776}
2013-08-05 17:10:44 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-08-05 17:10:41 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-05 06:02:43 -------- d-----w- C:\Users\Thor\AppData\Local\{55DB6940-210B-4FA1-8679-E8ECBBCE7C07}
2013-08-04 18:02:07 -------- d-----w- C:\Users\Thor\AppData\Local\{AF1B77DA-3A34-4DB3-B8EF-19CB9379C83A}
2013-08-04 13:09:09 -------- d-----w- C:\Program Files (x86)\GoldWave
2013-08-04 06:01:55 -------- d-----w- C:\Users\Thor\AppData\Local\{E30BE655-6283-48D2-8445-A6582FEE5CEA}
2013-08-03 18:01:16 -------- d-----w- C:\Users\Thor\AppData\Local\{195B9657-19F9-434A-9366-61AF9B91635F}
2013-08-03 06:00:48 -------- d-----w- C:\Users\Thor\AppData\Local\{98A1D2F6-9C45-410D-82B3-6FD80A479215}
2013-08-02 17:12:39 -------- d-----w- C:\Users\Thor\AppData\Local\{9AAF0856-0111-4FBA-84E8-5242EC80E3FA}
2013-08-02 05:12:17 -------- d-----w- C:\Users\Thor\AppData\Local\{709BFB3A-5669-4AF2-9208-4697C7B1620B}
2013-08-01 17:11:43 -------- d-----w- C:\Users\Thor\AppData\Local\{68DF52BE-8952-4868-A5E1-0679639B30AB}
2013-08-01 05:11:20 -------- d-----w- C:\Users\Thor\AppData\Local\{3B150860-428C-488E-A191-01AE112D5BEA}
2013-07-31 17:10:46 -------- d-----w- C:\Users\Thor\AppData\Local\{8FEB8649-712E-42F8-A251-B11B86302D1C}
2013-07-31 05:10:17 -------- d-----w- C:\Users\Thor\AppData\Local\{1D483449-EB9E-4D1B-A3C2-E20DBB681303}
2013-07-30 13:21:27 -------- d-----w- C:\Users\Thor\AppData\Local\{85027127-8D1D-4F2F-8A9E-DB3770ED0FBB}
2013-07-30 01:20:53 -------- d-----w- C:\Users\Thor\AppData\Local\{8D65548F-9DC0-4B76-8AD2-80001513E9B6}
2013-07-29 11:12:50 -------- d-----w- C:\Users\Thor\AppData\Local\{1D651263-59BB-4AD9-A8C7-983E0BD9E099}
2013-07-28 23:12:16 -------- d-----w- C:\Users\Thor\AppData\Local\{0FE0EE7E-130F-4F84-8DB8-B606305BD4C9}
2013-07-28 08:38:40 715038 ----a-w- C:\Windows\unins000.exe
2013-07-28 07:32:10 -------- d-----w- C:\Users\Thor\AppData\Local\Dxtory Software
2013-07-28 07:32:08 8300544 ----a-w- C:\Windows\SysWow64\DxtoryCodec.dll
2013-07-28 07:32:08 8043008 ----a-w- C:\Windows\System32\DxtoryCodec.dll
2013-07-28 06:32:14 -------- d-----w- C:\Users\Thor\AppData\Roaming\Awesomium
2013-07-28 04:54:59 -------- d-----w- C:\Users\Thor\AppData\Local\{58D73E0A-02D8-4A79-90FA-6069FB22FF5C}
2013-07-27 17:22:07 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63F8903D-28B2-42C9-9E9D-DD210B476559}\mpengine.dll
2013-07-27 16:54:17 -------- d-----w- C:\Users\Thor\AppData\Local\{951F2FDD-A978-4391-BAA9-F908CE75EBBB}
2013-07-27 04:20:01 -------- d-----w- C:\Users\Thor\AppData\Local\{1702FC2C-B7F0-47CA-BE3B-6D7D92B76232}
2013-07-26 15:03:21 -------- d-----w- C:\Users\Thor\AppData\Local\{B270282A-3D83-48BD-82D9-627DBE09EE8E}
2013-07-26 03:02:59 -------- d-----w- C:\Users\Thor\AppData\Local\{2554CC7D-389D-408D-9B67-0DCB5E47AD32}
2013-07-25 15:02:25 -------- d-----w- C:\Users\Thor\AppData\Local\{00B68FA6-9074-42EF-8002-39875877C3D6}
2013-07-25 03:02:03 -------- d-----w- C:\Users\Thor\AppData\Local\{678B3312-1EC4-4668-9DD2-7FF71B6B1025}
2013-07-24 15:01:26 -------- d-----w- C:\Users\Thor\AppData\Local\{362A26EF-DFF1-4433-8AC9-FEDF17ACCF79}
2013-07-24 03:00:49 -------- d-----w- C:\Users\Thor\AppData\Local\{EF8F5872-3308-45C4-B53A-01E1C2DD50E8}
2013-07-23 06:29:53 -------- d-----w- C:\Users\Thor\AppData\Local\{B1F1ABD8-7E2B-4350-8F8B-A1034612457C}
2013-07-22 18:29:30 -------- d-----w- C:\Users\Thor\AppData\Local\{B983E4A4-2E94-41AB-AABB-6786072A0CE7}
2013-07-22 06:29:08 -------- d-----w- C:\Users\Thor\AppData\Local\{E046BB6F-CF51-443F-9C72-E23C4EC47FEC}
2013-07-21 18:28:29 -------- d-----w- C:\Users\Thor\AppData\Local\{FA78F5E7-5889-4AA6-9730-FD9176F085F8}
2013-07-21 06:28:07 -------- d-----w- C:\Users\Thor\AppData\Local\{033E6AD5-A7CB-443D-8F3B-A102276CFED5}
2013-07-20 18:27:32 -------- d-----w- C:\Users\Thor\AppData\Local\{C5A51AF5-D153-4A3D-8CD8-003BC6A2AE87}
2013-07-20 06:27:10 -------- d-----w- C:\Users\Thor\AppData\Local\{F4E20CF7-4C84-493F-BCAE-45D6B6A0FDCD}
2013-07-19 18:26:47 -------- d-----w- C:\Users\Thor\AppData\Local\{43305700-B6AF-4952-B9CF-021288C3DF0F}
2013-07-19 06:26:24 -------- d-----w- C:\Users\Thor\AppData\Local\{E61C3896-3957-454C-BD92-C002D6C4FFB5}
2013-07-18 06:25:27 -------- d-----w- C:\Users\Thor\AppData\Local\{02415797-4B9C-433E-9460-E108CD3FE8CE}
2013-07-17 18:24:53 -------- d-----w- C:\Users\Thor\AppData\Local\{CF1E3B28-A8D3-41A0-B5E4-39008C3437A5}
2013-07-17 06:24:31 -------- d-----w- C:\Users\Thor\AppData\Local\{7A0E8CCC-65C1-4C3A-B45A-C453093E4752}
2013-07-16 06:23:45 -------- d-----w- C:\Users\Thor\AppData\Local\{01A27CD4-B174-4C20-BE55-A67CEBF55BAB}
2013-07-15 18:12:35 -------- d-----w- C:\Users\Thor\AppData\Local\{6780E787-8887-4CE9-8411-BCAECFE80184}
2013-07-15 06:12:24 -------- d-----w- C:\Users\Thor\AppData\Local\{3ACBFDCE-E4FE-4E57-A64F-FCEF81377C14}
2013-07-14 18:11:57 -------- d-----w- C:\Users\Thor\AppData\Local\{34D78392-5F98-443C-8EE1-D25BC3A1145F}
2013-07-14 06:11:36 -------- d-----w- C:\Users\Thor\AppData\Local\{9C2A61A4-68C2-4AA6-BC01-FF014CC5DA45}
2013-07-13 18:11:00 -------- d-----w- C:\Users\Thor\AppData\Local\{EE8617D0-2800-425A-B900-859DFE3177F0}
2013-07-13 06:10:37 -------- d-----w- C:\Users\Thor\AppData\Local\{168367BB-6636-4626-B3B2-EC05146093B5}
2013-07-12 18:10:14 -------- d-----w- C:\Users\Thor\AppData\Local\{8E38913B-DDA1-4228-9DD3-7B288FB11820}
2013-07-12 06:09:51 -------- d-----w- C:\Users\Thor\AppData\Local\{EF5BD903-78D0-4C37-B782-CC74ACFC540C}
2013-07-11 06:09:05 -------- d-----w- C:\Users\Thor\AppData\Local\{B84B36A3-3A70-4F04-8FB0-E3459E70E9B4}
2013-07-10 17:25:05 -------- d-----w- C:\Users\Thor\AppData\Local\{9B08C30A-422C-4FD1-9D14-2EE65A5EB47A}
2013-07-10 05:24:43 -------- d-----w- C:\Users\Thor\AppData\Local\{00559B85-0D97-43A4-8683-D7F4270D0CDD}
2013-07-09 17:24:09 -------- d-----w- C:\Users\Thor\AppData\Local\{27B4CD8A-3C14-4E11-9198-55CC35934050}
2013-07-09 05:23:45 -------- d-----w- C:\Users\Thor\AppData\Local\{B4F9FF1F-C59C-47D1-8068-1A8E6D4830F3}
2013-07-08 17:23:09 -------- d-----w- C:\Users\Thor\AppData\Local\{77340C9F-8284-4BE7-9F49-2DE71D1BD4ED}
2013-07-08 05:22:57 -------- d-----w- C:\Users\Thor\AppData\Local\{D01CDE2F-5E28-42C8-9300-71608959A98F}
2013-07-07 17:22:23 -------- d-----w- C:\Users\Thor\AppData\Local\{18F7B073-B8D4-4E20-A531-FF4A4735FEB9}
2013-07-07 05:22:01 -------- d-----w- C:\Users\Thor\AppData\Local\{15C5D8FC-3B47-4534-8662-6D05E7FC5FD6}
.
==================== Find3M ====================
.
2013-08-06 00:26:22 30528 ----a-w- C:\Windows\GVTDrv64.sys
2013-08-06 00:26:11 25640 ----a-w- C:\Windows\gdrv.sys
2013-08-05 15:35:36 119296 ----a-w- C:\Windows\SysWow64\zlib.dll
2013-08-04 12:02:33 6266 --sha-w- C:\ProgramData\KGyGaAvL.sys
2013-07-28 14:52:00 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-07-28 14:52:00 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-07-28 14:47:43 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-07-13 02:42:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-13 02:42:17 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-25 13:52:58 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 13:52:58 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-06-25 13:52:58 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 14:00:45.06 ===============






aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-06 16:43:15
-----------------------------
16:43:15.148 OS Version: Windows x64 6.1.7601 Service Pack 1
16:43:15.148 Number of processors: 4 586 0x2A07
16:43:15.149 ComputerName: THOR-PC UserName: Thor
16:43:15.440 Initialize success
16:53:18.175 AVAST engine defs: 13080502
16:54:18.623 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:54:18.625 Disk 0 Vendor: KINGSTON 332A Size: 114473MB BusType: 3
16:54:18.626 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:54:18.627 Disk 1 Vendor: SAMSUNG_ 1AN1 Size: 1907729MB BusType: 3
16:54:18.629 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
16:54:18.630 Disk 2 Vendor: WDC_WD20 05.0 Size: 1907729MB BusType: 3
16:54:18.632 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IAAStorageDevice-4
16:54:18.634 Disk 3 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 3
16:54:18.643 Disk 0 MBR read successfully
16:54:18.646 Disk 0 MBR scan
16:54:18.649 Disk 0 Windows 7 default MBR code
16:54:18.651 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:54:18.655 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
16:54:19.013 Disk 0 scanning C:\Windows\system32\drivers
16:54:21.833 Service scanning
16:54:28.637 Modules scanning
16:54:28.641 Disk 0 trace - called modules:
16:54:28.646 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:54:28.649 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80096f2060]
16:54:28.652 3 CLASSPNP.SYS[fffff8800240143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80068cf050]
16:54:28.854 AVAST engine scan C:\Windows
16:54:29.491 AVAST engine scan C:\Windows\system32
16:55:38.778 AVAST engine scan C:\Windows\system32\drivers
16:55:44.759 AVAST engine scan C:\Users\Thor
16:56:59.001 AVAST engine scan C:\ProgramData
16:57:46.343 Scan finished successfully
16:58:57.488 Disk 0 MBR has been saved successfully to "C:\Users\Thor\Desktop\MBR.dat"
16:58:57.491 The log file has been saved successfully to "C:\Users\Thor\Desktop\aswMBR.txt"




Search results from Spybot - Search & Destroy

6/08/2013 7:10:06 PM
Scan took 00:17:40.
18 items found.

Generic: [SBI $8E73A7FB] Interface (IspCommand) (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC856072-9CC4-4B33-8EBA-F62224A62A59}

Zedo: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (User): Thor) (Browser: Cookie, nothing done)


Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Browser: Cookie (22) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (34) (Browser: Cache, nothing done)


History: [SBI $49804B54] Browser: History (10) (Browser: History, nothing done)

 

[OCD]

Hi vlahka,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.
• Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Important Note for Vista and Windows 7 & 8 users:

These tools MUST be run from the executable.(.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator")

Please stay with this topic until I let you know that your system appears to be "All Clear"

=========================

1. Security Check

Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

2. ComboFix

Refer to the ComboFix User's Guide

• Download ComboFix from the following location:
  
  Link
  
  * IMPORTANT !!! Place ComboFix.exe on your Desktop
  
• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  You can get help on disabling your protection programs here
• Double click on ComboFix.exe & follow the prompts.
• Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
• When finished, it shall produce a log for you. Post that log in your next reply
  
  Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  
  ---------------------------------------------------------------------------------------------
  
• Ensure your AntiVirus and AntiSpyware applications are re-enabled.
  ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

=========================

In your next post please provide the following:

• checkup.txt
• ComboFix.txt
• What symptoms are you experiencing?

 

[vlahka]

Thanks for the reply. Here are the two logs requested. Also just wanted to mention I get an error when I start up windows now since installing ERUNT. Keeps saying it cant write to whatever files and I have to cancel it.




Results of screen317's Security Check version 0.99.71
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky PURE 2.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpyHunter
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 11.8.800.94
Adobe Reader XI
Mozilla Firefox 20.0.1 Firefox out of Date!
Google Chrome 28.0.1500.72
Google Chrome 28.0.1500.95
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Kaspersky Lab Kaspersky PURE 2.0 avp.exe
Kaspersky Lab Kaspersky PURE 2.0 x64 klwtblfs.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````







ComboFix 13-08-07.01 - Thor 09/08/2013 5:02.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.5991 [GMT 9.5:30]
Running from: c:\users\Thor\Desktop\ComboFix.exe
AV: Kaspersky PURE 2.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 2.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 2.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1F764CA33D.sys
c:\programdata\ntuser.dat
c:\windows\7Loader.TAG
c:\windows\iun6002.exe
c:\windows\SysWow64\frapsvid.dll
J:\install.exe
L:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-07-08 to 2013-08-08 )))))))))))))))))))))))))))))))
.
.
2013-08-08 19:39 . 2013-08-08 19:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-08 19:39 . 2013-08-08 19:39 -------- d-----w- c:\users\UpdatusUser.Thor-PC.000\AppData\Local\temp
2013-08-08 19:39 . 2013-08-08 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-08 19:34 . 2013-08-08 19:34 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63F8903D-28B2-42C9-9E9D-DD210B476559}\offreg.dll
2013-08-06 01:53 . 2013-08-06 01:54 -------- d-----w- c:\program files (x86)\ERUNT
2013-08-05 17:10 . 2009-01-25 03:44 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-08-05 17:10 . 2013-08-05 17:13 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-08-04 13:09 . 2013-08-04 13:09 -------- d-----w- c:\program files (x86)\GoldWave
2013-07-28 08:38 . 2013-07-28 08:38 715038 ----a-w- c:\windows\unins000.exe
2013-07-28 07:32 . 2013-07-28 07:32 -------- d-----w- c:\users\Thor\AppData\Local\Dxtory Software
2013-07-28 07:32 . 2013-02-15 13:14 8300544 ----a-w- c:\windows\SysWow64\DxtoryCodec.dll
2013-07-28 07:32 . 2013-02-15 13:14 8043008 ----a-w- c:\windows\system32\DxtoryCodec.dll
2013-07-28 06:32 . 2013-07-28 06:40 -------- d-----w- c:\users\Thor\AppData\Roaming\Awesomium
2013-07-27 17:22 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63F8903D-28B2-42C9-9E9D-DD210B476559}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-08 03:28 . 2011-09-06 10:28 30528 ----a-w- c:\windows\GVTDrv64.sys
2013-08-08 03:27 . 2011-09-27 06:31 25640 ----a-w- c:\windows\gdrv.sys
2013-08-08 03:26 . 2012-10-20 16:51 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2013-08-07 10:31 . 2011-10-21 15:22 6266 --sha-w- c:\programdata\KGyGaAvL.sys
2013-07-28 14:52 . 2011-10-27 11:17 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-07-28 14:52 . 2011-10-26 09:18 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-07-28 14:47 . 2011-10-26 09:18 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-07-13 02:42 . 2012-05-09 09:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-13 02:42 . 2012-05-09 09:05 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-25 13:52 . 2013-06-25 13:53 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 13:52 . 2012-06-29 12:42 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-06-25 13:52 . 2011-09-11 11:04 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-17 08:22 . 2013-05-17 08:22 53248 ----a-r- c:\users\Thor\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-05-11 04:34 . 2011-03-28 09:06 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-30 12:54 496056 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"Steam"="j:\program files (x86)\Steam\steam.exe" [2013-07-26 1807272]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19604072]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-03-28 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-03-27 1686528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-30 202328]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LWS"="h:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"CloantoSoftwareDirector"="c:\program files (x86)\Common Files\Cloanto\Software Director\softdir.exe" [2013-02-01 370512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]
.
c:\users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KinoniSvc;Kinoni Service;c:\program files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe;c:\program files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys;c:\windows\SYSNATIVE\DRIVERS\CamDrL64.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfDHP2amd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfSBVMamd64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe;c:\program files\Microsoft Fix it Center\Matsvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVLAN60.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 KINONI_Wave;Kinoni Audio Source;c:\windows\system32\drivers\kinonivad.sys;c:\windows\SYSNATIVE\drivers\kinonivad.sys [x]
S3 kinonivd;Kinoni Video Source;c:\windows\system32\DRIVERS\kinonivd.sys;c:\windows\SYSNATIVE\DRIVERS\kinonivd.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 02:42]
.
2013-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000Core.job
- c:\users\Thor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 08:42]
.
2013-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000UA.job
- c:\users\Thor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-05 08:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Thor\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-08-30 12:56 566712 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 6868280]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-06-13 1212560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://battlelog.battlefield.com/bf3/gate/?returnUrl=|bf3|servers|
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\
FF - ExtSQL: 2013-06-27 21:35; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2013-06-27 21:36; greasemonkeybcsf@stpors.net; c:\users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\greasemonkeybcsf@stpors.net
FF - ExtSQL: !HIDDEN! 2012-08-02 18:21; linkfilter@kaspersky.ru; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 5464a42d00000000000000ff73427270
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15775
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.00:26
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
BHO-{45d30484-7ded-43d9-957a-d2fd1f046511} - (no file)
Wow6432Node-HKLM-Run-Driver Genius - (no file)
Notify-igfxcui - (no file)
Notify-klogon - (no file)
Notify-SDWinLogon - SDWinLogon.dll
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_«\00\00«\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~«\00\00«\00\00\00\00x\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:0f,8f,26,b6,2d,54,cd,01
.
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2318490905-3519499422-1171420628-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-2318490905-3519499422-1171420628-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\03\07\05\022?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-09 05:22:05
ComboFix-quarantined-files.txt 2013-08-08 19:52
.
Pre-Run: 38,949,826,560 bytes free
Post-Run: 38,038,028,288 bytes free
.
- - End Of File - - 6E65606A65E0435AE373DA320F855C11
D41D8CD98F00B204E9800998ECF8427E

 

[OCD]

Hi vlahka,

1. AdwCleaner

Download AdwCleaner to your desktop.

Right click and select "Run as Administrator".

• Run AdwCleaner and select Delete
• Once done it will ask to reboot, allow the reboot
• On reboot a log will be produced, please attach the content of the log to your next reply

=========================

2. Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

Right click and select "Run as Administrator".

• Shut down your protection software now to avoid potential conflicts.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

=========================

3. OTL

• Download OTL to your desktop.
• Make sure all other windows are closed and to let it run uninterrupted.
  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  services.exe
  /md5stop
  %systemroot%\*. /rp /s
  %systemdrive%\$Recycle.Bin|@;true;true;true
  %USERPROFILE%\..|smtmp;true;true;true /FP
  %temp%\smtmp\*.* /s >
  BASESERVICES
  DRIVES
  CREATERESTOREPOINT
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.

=========================

In your next post please provide the following:

• AdwCleaner[S1].txt
• JRT.txt
• OTL.txt
• Extras.txt

 

[vlahka]

I'm having trouble running the Junkware Removal Tool. It keeps saying its not a 7-zip archive for whatever reason. Its coming up as an exe file and not associated with 7-zip. I even uninstalled the program to see if I could get around it but the thing refuses.

 

[OCD]

Hi vlahka,

Go ahead and skip the JRT step.

 

[vlahka]

# AdwCleaner v2.306 - Logfile created 08/09/2013 at 14:14:56
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Thor - THOR-PC
# Boot Mode : Normal
# Running from : C:\Users\Thor\Desktop\AdwCleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Program Files (x86)\Common Files\Wondershare
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Wondershare
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Folder Deleted : C:\Users\Thor\AppData\Local\Wondershare
Folder Deleted : C:\Users\Thor\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Thor\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\jetpack
Folder Deleted : C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\prefs.js

C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\user.js ... Deleted !

Deleted : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2504091.FirstTime", "true");
Deleted : user_pref("CT2504091.FirstTimeFF3", "true");
Deleted : user_pref("CT2504091.UserID", "UN99341481213875293");
Deleted : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2504091.autoDisableScopes", -1);
Deleted : user_pref("CT2504091.cbcountry_001", "AU");
Deleted : user_pref("CT2504091.cbfirsttime", "Tue Jul 24 2012 01:45:48 GMT+0930 (AUS Central Standard Time)");
Deleted : user_pref("CT2504091.defaultSearch", "false");
Deleted : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2504091.enableAlerts", "false");
Deleted : user_pref("CT2504091.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT2504091.firstTimeDialogOpened", "true");
Deleted : user_pref("CT2504091.fixPageNotFoundError", "true");
Deleted : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2504091.fixUrls", true);
Deleted : user_pref("CT2504091.installId", "ConduitNSISIntegration");
Deleted : user_pref("CT2504091.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2504091.isNewTabEnabled", true);
Deleted : user_pref("CT2504091.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2504091.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Deleted : user_pref("CT2504091.openThankYouPage", "false");
Deleted : user_pref("CT2504091.openUninstallPage", "false");
Deleted : user_pref("CT2504091.search.searchAppId", "129079840422026594");
Deleted : user_pref("CT2504091.search.searchCount", "0");
Deleted : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1343060142157");
Deleted : user_pref("CT2504091.serviceLayer_services_appTracking_lastUpdate", "1343060145597");
Deleted : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1343060142148");
Deleted : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1343060144600");
Deleted : user_pref("CT2504091.serviceLayer_services_login_10.10.20.14_lastUpdate", "1343060146188");
Deleted : user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1343060145016");
Deleted : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1343060144635");
Deleted : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1343060139638");
Deleted : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1343060138063");
Deleted : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1343060144707");
Deleted : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1343060139033");
Deleted : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1343060142151");
Deleted : user_pref("CT2504091.settingsINI", true);
Deleted : user_pref("CT2504091.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT2504091.smartbar.CTID", "CT2504091");
Deleted : user_pref("CT2504091.smartbar.Uninstall", "0");
Deleted : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
Deleted : user_pref("CT2504091.startPage", "false");
Deleted : user_pref("CT2504091.toolbarBornServerTime", "23-7-2012");
Deleted : user_pref("CT2504091.toolbarCurrentServerTime", "23-7-2012");
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.id", "5464a42d00000000000000ff73427270");
Deleted : user_pref("extensions.delta.instlDay", "15775");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.00:26:30");
Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2769] : homepage = "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=5464a42d00000000000000[...]

*************************

AdwCleaner[R1].txt - [8709 octets] - [23/03/2013 10:20:12]
AdwCleaner[R2].txt - [8769 octets] - [23/03/2013 10:21:14]
AdwCleaner[R3].txt - [8734 octets] - [09/08/2013 14:14:07]
AdwCleaner[S1].txt - [302 octets] - [23/03/2013 10:21:40]
AdwCleaner[S2].txt - [8967 octets] - [09/08/2013 14:14:56]

########## EOF - C:\AdwCleaner[S2].txt - [9027 octets] ##########

 

[vlahka]

The OTL and Extra files are too huge to paste or attach. Should I paste them into 2 replies for each?

 

[vlahka]

Forgot I could compress them. Files attached.

 

[OCD]

Hi vlahka,

Yes, paste them into as many replies as are required to post the complete log.

 

[OCD]

Please do not attach the logs unless requested to do so. When you attach the logs I still have to download them in order to review them which is time consuming. I appreciate your cooperation.

OTL logfile created on: 9/08/2013 3:08:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thor\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.98 Gb Total Physical Memory | 5.15 Gb Available Physical Memory | 64.55% Memory free
15.97 Gb Paging File | 13.16 Gb Available in Paging File | 82.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 34.67 Gb Free Space | 31.04% Space Free | Partition Type: NTFS
Drive F: | 878.92 Gb Total Space | 31.40 Gb Free Space | 3.57% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 568.00 Gb Free Space | 30.49% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 328.41 Gb Free Space | 35.26% Space Free | Partition Type: NTFS
Drive L: | 984.09 Gb Total Space | 121.45 Gb Free Space | 12.34% Space Free | Partition Type: NTFS

Computer Name: THOR-PC | User Name: Thor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Thor\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - J:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe (Cloanto Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
PRC - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
PRC - C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe ()


========== Modules (No Company Name) ==========

MOD - J:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - J:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - J:\Program Files (x86)\Steam\SDL2.dll ()
MOD - J:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - J:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - J:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\EpocCam.ax ()
MOD - C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\swscale-0.dll ()
MOD - C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avutil-51.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a742cb2e77b47300756506d52c96a8d1\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - H:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\work.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\SF.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\HM.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll ()
MOD - C:\Program Files (x86)\drahtwerk\iWebcamera\iWebcameraFilter.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\platform.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\device.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (KinoniSvc) -- C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
SRV - (HiPatchService) -- J:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (PanService) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (PinnacleUpdateSvc) -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe (PowerUp Software, LLC)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (CSObjectsSrv) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
SRV - (DES2 Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (kinonivd) -- C:\Windows\SysNative\drivers\kinonivd.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (KINONI_Wave) -- C:\Windows\SysNative\drivers\kinonivad.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (TEAM) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (CSCrySec) -- C:\Windows\SysNative\drivers\CSCrySec.sys (Infowatch)
DRV:64bit: - (CSVirtualDiskDrv) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys (Infowatch)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (tap0901t) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (VLAN) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTVLANPT) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (CamDrL64) -- C:\Windows\SysNative\drivers\CamDrL64.sys (Logitech Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://battlelog.battlefield.com/bf3/gate/?returnUrl=|bf3|servers|
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 85 D0 F3 79 6C CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{922E6970-BD05-47bc-AF58-D431E6404A30}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: jyboy.yy%40gmail.com:1.0.4
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: greasemonkeybcsf%40stpors.net:0.2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mammoth.com.au/BigPondMediaDownloader,version=1.0.0: C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll (Mammoth Media)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thor\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thor\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\mammothmedia.com.au/BigPondMediaDownloaderDetector: C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll (Mammoth Media)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2012/11/01 16:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2012/11/01 16:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2012/11/01 16:25:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/27 21:37:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/27 21:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/27 21:37:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/27 21:37:36 | 000,000,000 | ---D | M]

[2011/09/06 19:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Extensions
[2013/06/27 21:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions
[2013/05/01 16:50:01 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/06/27 21:36:12 | 000,000,000 | ---D | M] (Greasemonkey Shared Script Folder) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\greasemonkeybcsf@stpors.net
[2012/08/03 05:10:26 | 000,000,000 | ---D | M] (YTshowRating) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\jid1-m7xzZLMj29zzjA@jetpack
[2012/04/24 23:27:17 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\jyboy.yy@gmail.com
[2012/05/17 17:45:26 | 000,000,000 | ---D | M] (Redirector) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\redirector@einaregilsson.com
[2013/03/23 10:06:08 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/06/08 07:00:45 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/06/27 21:35:10 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Thor\AppData\Roaming\Mozilla\Firefox\Profiles\z86reas3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/06/27 21:37:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/27 21:37:35 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2013/06/27 21:37:38 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/12 19:10:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/12 19:10:10 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?hl=en&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=5464a42d00000000000000ff73427270
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BigPond Media Downloader Detector (Enabled) = C:\ProgramData\Downloader\npBigPondMediaDownloaderDetector.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Thor\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: YouTube = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: FlashBlock = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdngiadmnkhgemkimkhiilgffbjijcie\1.2.11.12_0\
CHR - Extension: Adblock Plus = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.3_0\
CHR - Extension: YouTube\u2122 Ratings Preview = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\2.3.3_0\
CHR - Extension: OneTab = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.5_0\
CHR - Extension: Google Search = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\
CHR - Extension: Session Buddy = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.1_0\
CHR - Extension: Youtube Video Downloader = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgdjbcjnihndbfmmggceololenekadg\1.2_0\
CHR - Extension: Virtual Keyboard = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\
CHR - Extension: Chromium Wheel Smooth Scroller = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb\1.3.3_0\
CHR - Extension: Auto HD For YouTube = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\4.0.2_0\
CHR - Extension: Gmail = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\

 

[OCD]

O1 HOSTS File: ([2013/08/09 05:09:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {45d30484-7ded-43d9-957a-d2fd1f046511} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CloantoSoftwareDirector] C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe (Cloanto Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] H:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Standby] c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] J:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\RunOnce\Setup: [Registering MS MPEG4 ActiveX filter...] C:\Windows\SysWOW64\MPG4ds32.ax (Microcrap Corporation)
O4 - Startup: C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51AF2091-0927-4023-86DB-142FD3B91A25}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73427270-A448-4497-95DC-8D915CF25F20}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/16 18:31:23 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/09 15:04:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thor\Desktop\OTL.exe
[2013/08/09 14:05:01 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{7A624CA0-422B-4A5E-929F-DA45B1874BCA}
[2013/08/09 05:27:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/09 05:01:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/09 05:01:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/09 05:01:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/09 05:01:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/09 04:58:51 | 005,100,713 | R--- | C] (Swearware) -- C:\Users\Thor\Desktop\ComboFix.exe
[2013/08/09 00:58:34 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{734DE282-704B-4FB8-9A2E-2353556E2DE9}
[2013/08/08 12:58:12 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E72FEF21-710B-47C2-B5C7-80795697EC0E}
[2013/08/08 00:01:19 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{F9A48F4F-1ED3-4F1B-9A89-44C2CB07FB1D}
[2013/08/07 12:00:57 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{D7D429C6-65F3-455F-B627-114D033A5FA3}
[2013/08/07 00:00:22 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{8731FAA6-EBAD-4387-941F-481F5BBCC30F}
[2013/08/06 17:01:01 | 000,000,000 | ---D | C] -- C:\Users\Thor\Documents\ProcAlyzer Dumps
[2013/08/06 16:42:29 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Thor\Desktop\aswMBR.exe
[2013/08/06 11:42:25 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Thor\Desktop\dds.com
[2013/08/06 11:24:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/08/06 11:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/08/06 11:23:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/08/06 11:23:23 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Thor\Desktop\erunt-setup.exe
[2013/08/06 09:19:22 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{7039926E-B54A-4F22-B94D-F288F200E776}
[2013/08/06 02:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/08/06 02:40:44 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/08/06 02:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/08/05 15:32:43 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{55DB6940-210B-4FA1-8679-E8ECBBCE7C07}
[2013/08/05 03:32:07 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{AF1B77DA-3A34-4DB3-B8EF-19CB9379C83A}
[2013/08/04 22:39:09 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoldWave
[2013/08/04 22:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoldWave
[2013/08/04 15:31:55 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E30BE655-6283-48D2-8445-A6582FEE5CEA}
[2013/08/04 03:31:16 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{195B9657-19F9-434A-9366-61AF9B91635F}
[2013/08/03 15:30:48 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{98A1D2F6-9C45-410D-82B3-6FD80A479215}
[2013/08/03 02:42:39 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{9AAF0856-0111-4FBA-84E8-5242EC80E3FA}
[2013/08/02 14:42:17 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{709BFB3A-5669-4AF2-9208-4697C7B1620B}
[2013/08/02 02:41:43 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{68DF52BE-8952-4868-A5E1-0679639B30AB}
[2013/08/01 14:41:20 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{3B150860-428C-488E-A191-01AE112D5BEA}
[2013/08/01 02:40:46 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{8FEB8649-712E-42F8-A251-B11B86302D1C}
[2013/07/31 14:40:17 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{1D483449-EB9E-4D1B-A3C2-E20DBB681303}
[2013/07/30 22:51:27 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{85027127-8D1D-4F2F-8A9E-DB3770ED0FBB}
[2013/07/30 10:50:53 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{8D65548F-9DC0-4B76-8AD2-80001513E9B6}
[2013/07/29 20:42:50 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{1D651263-59BB-4AD9-A8C7-983E0BD9E099}
[2013/07/29 08:42:16 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{0FE0EE7E-130F-4F84-8DB8-B606305BD4C9}
[2013/07/28 17:02:10 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\Dxtory Software
[2013/07/28 17:02:08 | 008,300,544 | ---- | C] (Dxtory Software) -- C:\Windows\SysWow64\DxtoryCodec.dll
[2013/07/28 17:02:08 | 008,043,008 | ---- | C] (Dxtory Software) -- C:\Windows\SysNative\DxtoryCodec.dll
[2013/07/28 17:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
[2013/07/28 17:01:27 | 000,000,000 | ---D | C] -- C:\Users\Thor\Desktop\dxtory
[2013/07/28 16:02:14 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Roaming\Awesomium
[2013/07/28 14:24:59 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{58D73E0A-02D8-4A79-90FA-6069FB22FF5C}
[2013/07/28 02:24:17 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{951F2FDD-A978-4391-BAA9-F908CE75EBBB}
[2013/07/27 13:50:01 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{1702FC2C-B7F0-47CA-BE3B-6D7D92B76232}
[2013/07/27 00:33:21 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{B270282A-3D83-48BD-82D9-627DBE09EE8E}
[2013/07/26 12:32:59 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{2554CC7D-389D-408D-9B67-0DCB5E47AD32}
[2013/07/26 00:32:25 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{00B68FA6-9074-42EF-8002-39875877C3D6}
[2013/07/25 12:32:03 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{678B3312-1EC4-4668-9DD2-7FF71B6B1025}
[2013/07/25 03:33:13 | 000,000,000 | ---D | C] -- C:\Users\Thor\Desktop\Corel Auto-Preserve
[2013/07/25 00:31:26 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{362A26EF-DFF1-4433-8AC9-FEDF17ACCF79}
[2013/07/24 12:30:49 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{EF8F5872-3308-45C4-B53A-01E1C2DD50E8}
[2013/07/23 15:59:53 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{B1F1ABD8-7E2B-4350-8F8B-A1034612457C}
[2013/07/23 03:59:30 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{B983E4A4-2E94-41AB-AABB-6786072A0CE7}
[2013/07/22 15:59:08 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E046BB6F-CF51-443F-9C72-E23C4EC47FEC}
[2013/07/22 03:58:29 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{FA78F5E7-5889-4AA6-9730-FD9176F085F8}
[2013/07/21 15:58:07 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{033E6AD5-A7CB-443D-8F3B-A102276CFED5}
[2013/07/21 03:57:32 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{C5A51AF5-D153-4A3D-8CD8-003BC6A2AE87}
[2013/07/20 15:57:10 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{F4E20CF7-4C84-493F-BCAE-45D6B6A0FDCD}
[2013/07/20 03:56:47 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{43305700-B6AF-4952-B9CF-021288C3DF0F}
[2013/07/19 15:56:24 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{E61C3896-3957-454C-BD92-C002D6C4FFB5}
[2013/07/18 15:55:27 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{02415797-4B9C-433E-9460-E108CD3FE8CE}
[2013/07/18 03:54:53 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{CF1E3B28-A8D3-41A0-B5E4-39008C3437A5}
[2013/07/17 15:54:31 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{7A0E8CCC-65C1-4C3A-B45A-C453093E4752}
[2013/07/16 15:53:45 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{01A27CD4-B174-4C20-BE55-A67CEBF55BAB}
[2013/07/16 03:42:35 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{6780E787-8887-4CE9-8411-BCAECFE80184}
[2013/07/15 15:42:24 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{3ACBFDCE-E4FE-4E57-A64F-FCEF81377C14}
[2013/07/15 03:41:57 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{34D78392-5F98-443C-8EE1-D25BC3A1145F}
[2013/07/14 15:41:36 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{9C2A61A4-68C2-4AA6-BC01-FF014CC5DA45}
[2013/07/14 03:41:00 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{EE8617D0-2800-425A-B900-859DFE3177F0}
[2013/07/13 15:40:37 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{168367BB-6636-4626-B3B2-EC05146093B5}
[2013/07/13 03:40:14 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{8E38913B-DDA1-4228-9DD3-7B288FB11820}
[2013/07/12 15:39:51 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{EF5BD903-78D0-4C37-B782-CC74ACFC540C}
[2013/07/11 15:39:05 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{B84B36A3-3A70-4F04-8FB0-E3459E70E9B4}
[2013/07/11 02:55:05 | 000,000,000 | ---D | C] -- C:\Users\Thor\AppData\Local\{9B08C30A-422C-4FD1-9D14-2EE65A5EB47A}
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/09 15:01:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000UA.job
[2013/08/09 15:00:17 | 002,022,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/09 15:00:17 | 000,662,972 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/09 15:00:17 | 000,607,300 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013/08/09 15:00:17 | 000,418,406 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2013/08/09 15:00:17 | 000,121,840 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2013/08/09 15:00:17 | 000,121,840 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/09 15:00:17 | 000,110,638 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013/08/09 14:55:32 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2013/08/09 14:55:32 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2013/08/09 14:55:21 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013/08/09 14:54:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/09 14:54:13 | 2134,200,319 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/09 14:53:33 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/09 14:53:33 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/09 14:17:27 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/09 14:08:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thor\Desktop\OTL.exe
[2013/08/09 14:08:29 | 000,666,633 | ---- | M] () -- C:\Users\Thor\Desktop\AdwCleaner (1).exe
[2013/08/09 05:26:39 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2013/08/09 05:09:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/09 04:56:42 | 005,100,713 | R--- | M] (Swearware) -- C:\Users\Thor\Desktop\ComboFix.exe
[2013/08/09 04:53:59 | 000,891,098 | ---- | M] () -- C:\Users\Thor\Desktop\SecurityCheck.exe
[2013/08/08 19:01:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2318490905-3519499422-1171420628-1000Core.job
[2013/08/07 20:05:51 | 000,078,573 | ---- | M] () -- C:\Users\Thor\Desktop\Gordan taylor.jpg
[2013/08/07 20:01:42 | 000,033,422 | ---- | M] () -- C:\Users\Thor\Desktop\240_12GordonTaylor415.jpg
[2013/08/07 20:01:40 | 000,077,817 | ---- | M] () -- C:\Users\Thor\Desktop\PA-12343382.jpg
[2013/08/07 20:01:20 | 000,006,266 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2013/08/06 16:58:57 | 000,000,512 | ---- | M] () -- C:\Users\Thor\Desktop\MBR.dat
[2013/08/06 14:37:18 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Thor\Desktop\aswMBR.exe
[2013/08/06 14:04:35 | 000,005,762 | ---- | M] () -- C:\Users\Thor\Desktop\attach.zip
[2013/08/06 12:00:13 | 000,000,221 | ---- | M] () -- C:\Users\Thor\Desktop\Frozen Synapse.url
[2013/08/06 11:42:20 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Thor\Desktop\dds.com
[2013/08/06 11:24:03 | 000,001,108 | ---- | M] () -- C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/08/06 11:23:50 | 000,000,909 | ---- | M] () -- C:\Users\Thor\Desktop\ERUNT.lnk
[2013/08/06 11:23:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Thor\Desktop\erunt-setup.exe
[2013/08/04 23:25:23 | 007,453,272 | ---- | M] () -- C:\Users\Thor\Desktop\Untitled_Panorama2.jpg
[2013/08/04 22:45:01 | 010,584,044 | ---- | M] () -- C:\Users\Thor\Desktop\Untitled4.wav
[2013/08/04 22:39:09 | 000,000,748 | ---- | M] () -- C:\Users\Thor\Desktop\GoldWave.lnk
[2013/08/04 21:42:07 | 006,458,145 | ---- | M] () -- C:\Users\Thor\Desktop\Untitled_Panorama1.jpg
[2013/08/02 22:43:33 | 000,080,295 | ---- | M] () -- C:\Users\Thor\Desktop\card.jpg
[2013/08/02 18:58:35 | 001,153,113 | ---- | M] () -- C:\Users\Thor\Desktop\Test1.mp3
[2013/08/02 13:00:42 | 000,024,501 | ---- | M] () -- C:\Users\Thor\Desktop\avatar16770_1.jpg
[2013/08/02 13:00:09 | 000,002,937 | ---- | M] () -- C:\Users\Thor\Desktop\avatar16770_1.gif
[2013/07/29 11:39:09 | 005,656,683 | ---- | M] () -- C:\Users\Thor\Desktop\09 Track 09.mp3
[2013/07/29 00:22:00 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/07/29 00:22:00 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/07/29 00:17:43 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/07/28 18:08:40 | 000,001,892 | ---- | M] () -- C:\Windows\unins000.dat
[2013/07/28 18:08:38 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe
[2013/07/28 17:02:08 | 000,000,865 | ---- | M] () -- C:\Users\Thor\Desktop\Dxtory.lnk
[2013/07/25 14:47:23 | 000,022,100 | ---- | M] () -- C:\Users\Thor\Desktop\end message.GIF
[2013/07/25 03:35:56 | 000,027,243 | ---- | M] () -- C:\Users\Thor\Desktop\test1.GIF
[2013/07/25 00:18:16 | 000,000,222 | ---- | M] () -- C:\Users\Thor\Desktop\Sanctum 2.url
[2013/07/25 00:17:55 | 000,000,219 | ---- | M] () -- C:\Users\Thor\Desktop\Left 4 Dead 2.url
[2013/07/24 17:02:15 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013/07/24 13:44:25 | 000,400,522 | ---- | M] () -- C:\Users\Thor\Desktop\kitty proper.jpg
[2013/07/22 21:34:45 | 000,346,696 | ---- | M] () -- C:\Users\Thor\Desktop\kyo1.jpg
[2013/07/22 21:27:30 | 000,341,234 | ---- | M] () -- C:\Users\Thor\Desktop\kyo.jpg
[2013/07/22 14:28:49 | 000,135,506 | ---- | M] () -- C:\Users\Thor\Desktop\goblin1.png
[2013/07/17 14:26:56 | 000,141,699 | ---- | M] () -- C:\Users\Thor\Desktop\centrelink.GIF
[2013/07/17 06:51:56 | 000,150,362 | ---- | M] () -- C:\Users\Thor\Desktop\rock cup.jpg
[2013/07/13 12:12:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/13 12:12:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

 

[OCD]

========== Files Created - No Company Name ==========

[2013/08/09 14:13:56 | 000,666,633 | ---- | C] () -- C:\Users\Thor\Desktop\AdwCleaner (1).exe
[2013/08/09 05:27:53 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref
[2013/08/09 05:01:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/09 05:01:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/09 05:01:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/09 05:01:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/09 05:01:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/09 04:55:47 | 000,891,098 | ---- | C] () -- C:\Users\Thor\Desktop\SecurityCheck.exe
[2013/08/07 20:05:51 | 000,078,573 | ---- | C] () -- C:\Users\Thor\Desktop\Gordan taylor.jpg
[2013/08/07 20:01:42 | 000,033,422 | ---- | C] () -- C:\Users\Thor\Desktop\240_12GordonTaylor415.jpg
[2013/08/07 20:01:38 | 000,077,817 | ---- | C] () -- C:\Users\Thor\Desktop\PA-12343382.jpg
[2013/08/06 16:58:57 | 000,000,512 | ---- | C] () -- C:\Users\Thor\Desktop\MBR.dat
[2013/08/06 14:04:35 | 000,005,762 | ---- | C] () -- C:\Users\Thor\Desktop\attach.zip
[2013/08/06 12:00:13 | 000,000,221 | ---- | C] () -- C:\Users\Thor\Desktop\Frozen Synapse.url
[2013/08/06 11:24:03 | 000,001,108 | ---- | C] () -- C:\Users\Thor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/08/06 11:23:50 | 000,000,909 | ---- | C] () -- C:\Users\Thor\Desktop\ERUNT.lnk
[2013/08/06 02:40:46 | 000,001,395 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/08/04 23:25:09 | 007,453,272 | ---- | C] () -- C:\Users\Thor\Desktop\Untitled_Panorama2.jpg
[2013/08/04 22:45:01 | 010,584,044 | ---- | C] () -- C:\Users\Thor\Desktop\Untitled4.wav
[2013/08/04 22:39:09 | 000,000,748 | ---- | C] () -- C:\Users\Thor\Desktop\GoldWave.lnk
[2013/08/04 21:42:06 | 006,458,145 | ---- | C] () -- C:\Users\Thor\Desktop\Untitled_Panorama1.jpg
[2013/08/02 22:43:24 | 000,080,295 | ---- | C] () -- C:\Users\Thor\Desktop\card.jpg
[2013/08/02 18:58:18 | 001,153,113 | ---- | C] () -- C:\Users\Thor\Desktop\Test1.mp3
[2013/08/02 13:00:42 | 000,024,501 | ---- | C] () -- C:\Users\Thor\Desktop\avatar16770_1.jpg
[2013/08/02 13:00:08 | 000,002,937 | ---- | C] () -- C:\Users\Thor\Desktop\avatar16770_1.gif
[2013/07/29 11:38:03 | 005,656,683 | ---- | C] () -- C:\Users\Thor\Desktop\09 Track 09.mp3
[2013/07/28 18:08:40 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/07/28 18:08:40 | 000,001,892 | ---- | C] () -- C:\Windows\unins000.dat
[2013/07/28 17:02:08 | 000,000,865 | ---- | C] () -- C:\Users\Thor\Desktop\Dxtory.lnk
[2013/07/25 14:47:23 | 000,022,100 | ---- | C] () -- C:\Users\Thor\Desktop\end message.GIF
[2013/07/25 03:35:56 | 000,027,243 | ---- | C] () -- C:\Users\Thor\Desktop\test1.GIF
[2013/07/25 00:18:16 | 000,000,222 | ---- | C] () -- C:\Users\Thor\Desktop\Sanctum 2.url
[2013/07/25 00:17:55 | 000,000,219 | ---- | C] () -- C:\Users\Thor\Desktop\Left 4 Dead 2.url
[2013/07/24 13:44:25 | 000,400,522 | ---- | C] () -- C:\Users\Thor\Desktop\kitty proper.jpg
[2013/07/22 21:34:45 | 000,346,696 | ---- | C] () -- C:\Users\Thor\Desktop\kyo1.jpg
[2013/07/22 21:27:30 | 000,341,234 | ---- | C] () -- C:\Users\Thor\Desktop\kyo.jpg
[2013/07/22 14:28:48 | 000,135,506 | ---- | C] () -- C:\Users\Thor\Desktop\goblin1.png
[2013/07/17 14:26:56 | 000,141,699 | ---- | C] () -- C:\Users\Thor\Desktop\centrelink.GIF
[2013/07/17 06:51:51 | 000,150,362 | ---- | C] () -- C:\Users\Thor\Desktop\rock cup.jpg
[2013/07/15 01:08:07 | 000,000,695 | ---- | C] () -- C:\Users\Thor\Desktop\Desktop stuff - Shortcut.lnk
[2013/04/19 08:08:36 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\Media Player - Codec Pack Disc handler.exe
[2013/04/19 08:08:36 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe
[2013/04/16 20:05:04 | 003,915,776 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2013/04/16 20:03:50 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/04/16 20:02:28 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2013/04/16 20:02:24 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2013/04/16 20:02:18 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2013/04/16 20:02:16 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2013/04/16 20:02:16 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2013/04/16 20:02:14 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2013/04/16 20:02:14 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2013/04/16 20:02:10 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2013/04/13 21:53:50 | 007,788,672 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-55.dll
[2013/04/13 21:53:50 | 001,300,152 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-55.dll
[2013/04/13 21:53:50 | 000,400,592 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2013/04/13 21:53:50 | 000,272,192 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-52.dll
[2013/04/13 21:53:50 | 000,194,632 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll
[2013/04/13 21:53:50 | 000,172,728 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-1.dll
[2012/11/21 23:39:33 | 000,000,045 | ---- | C] () -- C:\Users\Thor\jagex_cl_speccollect_LIVE.dat
[2012/11/21 23:39:33 | 000,000,001 | ---- | C] () -- C:\Users\Thor\random.dat
[2012/10/21 02:21:05 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/10/21 02:21:05 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2012/10/21 02:21:05 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2012/10/10 17:50:48 | 000,216,072 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/30 08:17:28 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\Formats.ini
[2012/09/18 13:05:01 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2012/09/16 15:31:11 | 001,239,424 | ---- | C] () -- C:\Users\Thor\P1010012-1.jpg
[2012/09/16 15:22:00 | 004,696,064 | ---- | C] () -- C:\Users\Thor\P1010012.JPG
[2012/09/16 15:22:00 | 004,167,168 | ---- | C] () -- C:\Users\Thor\P1010005.JPG
[2012/08/02 18:23:54 | 000,017,408 | ---- | C] () -- C:\Users\Thor\AppData\Local\WebpageIcons.db
[2012/07/05 01:34:25 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012/05/12 20:07:35 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2012/05/12 20:07:35 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.4.ini
[2012/04/29 00:49:27 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2012/03/07 01:40:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/01/18 16:14:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 16:14:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 16:14:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/12 18:08:03 | 000,000,600 | ---- | C] () -- C:\Users\Thor\AppData\Roaming\winscp.rnd
[2012/01/07 23:52:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012/01/07 23:51:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
[2012/01/07 23:51:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
[2012/01/07 23:51:50 | 000,203,306 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012/01/07 23:51:50 | 000,138,727 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2011/12/19 15:59:40 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/19 15:57:16 | 000,236,544 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/08 05:02:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2011/12/01 01:58:24 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/11/15 12:43:48 | 000,001,461 | ---- | C] () -- C:\Users\Thor\.recently-used.xbel
[2011/10/26 18:48:43 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/26 18:48:43 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/10/22 00:54:27 | 000,005,120 | ---- | C] () -- C:\Users\Thor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/22 00:52:12 | 000,006,266 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/20 00:10:11 | 000,000,017 | ---- | C] () -- C:\Users\Thor\AppData\Local\resmon.resmoncfg
[2011/09/10 04:40:37 | 002,004,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/09 22:05:16 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/09/08 23:30:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/09/08 23:30:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/09/08 23:30:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/09/08 23:30:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/09/08 23:30:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/09/08 23:30:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/09/08 23:30:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/09/08 23:30:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/09/08 23:29:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/09/08 23:29:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011/09/06 19:58:19 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011/09/06 19:55:32 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/09/06 15:41:31 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll

========== ZeroAccess Check ==========

[2009/07/14 14:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 22:57:25 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 21:51:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/10 04:39:10 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Allmyapps
[2012/11/19 01:21:30 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Atari
[2013/08/04 22:31:03 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Audacity
[2013/07/28 16:10:07 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Awesomium
[2013/08/09 03:21:23 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Azureus
[2011/09/23 04:25:55 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Canon
[2013/05/24 20:41:23 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Cloanto
[2013/07/27 14:17:14 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\com.doubleperfect.ggpo
[2011/12/03 20:47:54 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2011/10/09 15:57:50 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\cYo
[2013/05/15 17:23:01 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\DAEMON Tools Lite
[2013/08/07 16:29:47 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Dropbox
[2012/07/01 06:27:24 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\DVD Catalyst 4
[2012/06/13 02:20:26 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\DVDVideoSoft
[2013/05/22 16:12:36 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Evaer
[2012/09/27 19:30:54 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Fatshark
[2012/12/29 22:00:34 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Games
[2013/08/06 09:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Thor\AppData\Roaming\gjrgfujw
[2011/11/15 12:43:48 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\gtk-2.0
[2012/04/04 02:59:16 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\HandBrake
[2011/09/12 16:36:33 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Leadertech
[2011/12/16 11:55:52 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\LEAPS
[2013/03/28 18:37:59 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\MAGIX
[2012/06/29 22:56:53 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\mkvtoolnix
[2013/08/06 09:31:36 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Mumble
[2011/11/09 02:50:26 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Nucleosys
[2013/06/07 16:26:36 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Origin
[2012/06/12 21:33:36 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Pavtube
[2011/12/16 11:47:05 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Pegasys Inc
[2013/06/09 21:59:24 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\PlayClaw3
[2012/10/21 02:24:23 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\PowerUp Software
[2012/05/12 20:08:45 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\proDAD
[2013/03/26 22:46:52 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Publish Providers
[2013/01/28 17:50:53 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\QuickScan
[2013/02/14 07:39:56 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Reincubate
[2012/05/05 18:58:01 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\RenPy
[2011/12/01 20:57:49 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Screaming Bee
[2013/03/27 17:28:47 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Sony
[2011/11/06 16:50:46 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Splashtop
[2012/10/19 03:33:17 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Sports Interactive
[2012/03/19 06:09:37 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/17 17:17:51 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\TeamViewer
[2012/02/10 04:02:01 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\The Creative Assembly
[2012/08/05 06:50:39 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Tropico 3
[2012/12/02 00:26:10 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Tunngle
[2012/05/12 20:03:18 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Ulead Systems
[2012/05/09 14:01:14 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Vphonet
[2011/09/12 10:19:41 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Windows Live Writer
[2012/04/15 00:18:35 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Wondershare Video Converter Ultimate
[2011/09/07 15:05:50 | 000,000,000 | ---D | M] -- C:\Users\Thor\AppData\Roaming\Zoner

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2013/05/16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) MD5=03250DB0886A23B1F6C077C5D9F152B0 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2011/02/26 14:49:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 15:49:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 15:49:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 15:49:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 15:44:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 21:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 15:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 15:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:54:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 11:09:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/14 11:09:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 11:09:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 10:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 10:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 10:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 11:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 11:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 11:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 21:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 21:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 21:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:55:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 22:55:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:55:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:55:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 22:55:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:55:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

========== Base Services ==========
SRV:64bit: - [2009/07/14 11:10:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 22:55:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 11:08:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 22:57:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 22:55:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 16:03:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 11:10:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 10:45:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2010/11/20 22:55:47 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2010/11/20 22:55:59 | 000,177,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 21:48:24 | 000,136,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 22:57:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 22:56:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 21:48:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 15:54:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 11:10:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 11:11:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 10:45:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 11:11:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 22:56:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 11:11:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 11:11:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 11:11:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 11:11:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 10:46:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010/11/20 22:57:22 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 11:11:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 21:12:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/11/20 22:55:21 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 16:03:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 11:11:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 22:57:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 22:57:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 22:57:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 16:03:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 11:11:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 22:57:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 22:57:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 21:51:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 22:57:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 22:57:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 21:51:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 11:11:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2010/11/20 22:57:23 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 22:55:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 22:55:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 22:55:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 22:57:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/14 11:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 22:57:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 22:56:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 22:57:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 22:54:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 21:47:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 11:11:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2010/11/20 22:57:32 | 002,420,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 22:56:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 11:11:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 22:57:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: KINGSTON SH100S3120G
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HD203WI
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD2002FAEX-007BA0
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HD103SJ
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 112.00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 984.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #1, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 879.00GB
Starting Offset: 1056662618112
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #3, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 1048576
Hidden sectors: 0


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >

 

[vlahka]

Sorry, I wasnt sure. Should I paste them up now or wait for different instructions?

 

[OCD]

OTL Extras logfile created on: 9/08/2013 3:08:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thor\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.98 Gb Total Physical Memory | 5.15 Gb Available Physical Memory | 64.55% Memory free
15.97 Gb Paging File | 13.16 Gb Available in Paging File | 82.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 34.67 Gb Free Space | 31.04% Space Free | Partition Type: NTFS
Drive F: | 878.92 Gb Total Space | 31.40 Gb Free Space | 3.57% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 568.00 Gb Free Space | 30.49% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 328.41 Gb Free Space | 35.26% Space Free | Partition Type: NTFS
Drive L: | 984.09 Gb Total Space | 121.45 Gb Free Space | 12.34% Space Free | Partition Type: NTFS

Computer Name: THOR-PC | User Name: Thor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

 

[OCD]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0296731B-C60F-432B-BDA0-59CCAF7F0B4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{129891D5-FCF5-4DFD-B2E3-06C45CD42069}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22EC12B2-2F55-4269-9281-81CF7665BA45}" = lport=56621 | protocol=6 | dir=in | name=pando media booster |
"{237123B4-3C00-4E12-83A0-D4DAEA61D3CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FC04034-9CC1-4076-83FC-0D9D50DF657D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{453F0B99-D647-4E66-953B-50CF48AF0E71}" = lport=10243 | protocol=6 | dir=in | app=system |
"{47F7C5EB-B1D7-4179-A0D4-A1D7CE82D13C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4992639F-13AF-40A9-8C0D-849FA1F4C5BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E8F577B-213A-496A-86D6-F463E3D5E4E5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4F56542F-A378-4E5B-8544-D969001744CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5000AEE2-6AA0-4656-B7F4-F07C363C5A0A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5014A777-F0F6-4AFC-9A83-14012AB3227B}" = lport=445 | protocol=6 | dir=in | app=system |
"{55C7D750-4F34-4E86-B5F5-94A4A63A1243}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5B9077EF-C5F9-400B-8CFD-40FA3EBE1ABC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5DEF54FE-B99D-4D70-9C48-E14B1CD05B43}" = rport=445 | protocol=6 | dir=out | app=system |
"{6BFCC6EF-7AC8-4C42-A023-57193B95EC6C}" = rport=139 | protocol=6 | dir=out | app=system |
"{77C9EFA1-C545-4312-9AA9-5FD611767D16}" = lport=138 | protocol=17 | dir=in | app=system |
"{86892FCA-6CEF-4973-AC04-124FD471FD5D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{89467CBD-406B-49B6-9BD5-C64EC207F079}" = lport=56621 | protocol=6 | dir=in | name=pando media booster |
"{94B3616B-2102-46F0-8889-274313391E6A}" = lport=137 | protocol=17 | dir=in | app=system |
"{A11AEDD7-5055-40F3-924C-9CC2AC24BE84}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4E6C1B2-D5DD-4364-9C42-C0B4658F0AC1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A80703EC-79A2-4DFA-9204-C22CF096757A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC7BAB00-BB40-4385-A515-40DD0B9E86DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AD0D1D9D-1936-4D3E-BC49-0D5E32710E49}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DB3BF7FB-AD5E-45EC-A1B9-28FFD43656D4}" = rport=137 | protocol=17 | dir=out | app=system |
"{E4EAC3FF-F8C2-4A60-847C-C8E4D042A312}" = lport=56621 | protocol=17 | dir=in | name=pando media booster |
"{F41ACDEF-305B-48E5-B99E-37CF3778419D}" = lport=56621 | protocol=17 | dir=in | name=pando media booster |
"{FC12B0E8-AD85-4523-B2F1-A33ECDC42349}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BC673D-CA12-440B-8B4E-D30AEC3E4929}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{012B39CB-AEDD-43F2-BD83-5E38ABF83822}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{02BBE037-EFEA-4384-8FA6-16C3D7B9E8D4}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the swapper\theswapper.exe |
"{033A7B73-7822-4431-BDB9-5E9FBE686ED4}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\pinball fx2\pinball fx2.exe |
"{049E0FCA-3184-4A9B-963A-F2B30C4221A1}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{05AB7179-6AD1-4B29-965C-0297D3574506}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe |
"{06AD006E-E70E-460A-B066-76F5C1B40237}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{07676BF3-7407-45FC-BB63-7A1321BCC22E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0769F049-AAE7-4E8D-B97C-9B89B3A5CF5F}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{07A21FF4-E918-4DA8-ABCD-7BF5A6C60E83}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\poxnora\launchpad.exe |
"{096C1616-819D-4EC6-82CA-E87E4DD0C71D}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{0C7786AF-762B-4E63-B458-2D4084E18C1F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0D32E838-426C-4126-A08B-818324A42546}" = protocol=17 | dir=in | app=j:\program files (x86)\tera\tera-launcher.exe |
"{0EA0ADB3-DFCC-4210-9008-2A2AE4FAAB1D}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\greed corp\game.exe |
"{0ED9F101-216C-4B8B-9264-59400D63094F}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\shoot many robots\shootmanyrobots\binaries\shootmanyrobots.exe |
"{0FC09566-1F8D-442E-872D-0CBA746B64FA}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dino d-day\dinodday.exe |
"{10482388-8B8C-4130-A145-B6242628BDED}" = protocol=17 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\rm.exe |
"{13890B5C-D544-4DD3-A942-77D19BD0F51D}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{18919617-B9D6-477D-8BD5-DFE70808CA8A}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\bunch of heroes\game.exe |
"{191EF0D1-6B4E-45A7-80B7-49928921D27D}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\pinball fx2\pinball fx2.exe |
"{1937B7AE-EB23-4FE8-99E3-53663AA378D9}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1B5EC5A3-B2E6-4A28-98AD-84537D54112C}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{1BA87EFD-550C-4CF1-8F60-5B6B9EA5A5BC}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{1C662277-2DB9-4861-8DB2-3616BD873D50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1CF8A7BB-CDCA-4F04-B983-4A5E1515A4DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1D82C45C-9C37-497B-BB32-F264C51308E5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1D8A448A-DF5D-47B7-8D6C-323375CECB64}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{1E6384BE-CB4F-4C43-B40E-BC3B9BD83EBD}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sherlock holmes the secret of the silver earring\game.exe |
"{207062F8-6800-4CD5-A731-B0B3FEE5524B}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{2506B3A3-9605-4065-8CF1-0A30F61B848B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{252FBE5B-756E-4414-940C-1B329762FE36}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{26DFD814-77F8-4CB9-9FE8-03F7F08BFDB1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{278E25DD-7671-455E-8CF0-C0D304EF82C1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{285C17CF-F82E-4F85-B610-82209E6D6C32}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{292AD10E-D934-40DB-9E3A-6BF56B0DB0C3}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{2975C060-85CA-4C53-8E74-110AAD28CFAA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A4D07D1-7F31-4DF9-B2D0-2A4A49F693A0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{2A771313-0506-453E-91C9-2504B8BA9EBF}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe |
"{2C2A2B92-6BC0-4B33-9806-AFB79BC0BD4C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{2D35FAB3-C50B-49D2-AA4C-32CB3BC38F00}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{2D946790-C34E-4731-BB5B-4D6D3DDA92AE}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{2E580B96-84D8-4113-B78A-BA0548F3217F}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{2EEAC723-8A93-40B6-927D-97B6CE591193}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dino d-day\dinodday.exe |
"{2EF4EA70-1317-4BF2-BDB0-023E2D70334D}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dragon commander\shipping\betauploader.exe |
"{2F1D2F63-79DA-4B80-85EA-96C8F564F423}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{310176EE-77F6-4F81-91D8-91D3D486220B}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{319DCBD7-63B7-44C6-A32C-6421B1C48A60}" = protocol=6 | dir=in | app=j:\program files (x86)\tera\client\tl.exe |
"{31EC5F31-DD80-4514-BA9B-7EE3283376ED}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{33DF39C2-93D1-49C1-82E2-EFD4A8701874}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{362E6066-66C6-4955-859D-A787807227E1}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{39086CAB-78F1-4240-B116-A1AE68AEB516}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe |
"{3B3F55C7-EAD0-4E59-9117-A043DA30C971}" = protocol=6 | dir=in | app=c:\program files (x86)\kinoni\epoccam_and_barcode_drivers\kinonisvc.exe |
"{3BA12D4E-9069-4A8B-8051-2D606FD2927D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3BCA4841-645E-4627-B3BE-927C6725EC65}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{3F78CB1C-3809-4059-B9DD-AFDB76D0A1E2}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{3FE2AAD7-D342-436E-B7EA-7BF48CEE94D8}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{409A011E-2A01-49CE-BA4D-237C9EFD956B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{40C8ABAC-8002-4897-9970-1FF4E116A06B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{42EDF02F-2078-41C1-85F0-A88CA998CF32}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{43415205-D41B-47D9-93AD-A1012002DF7B}" = protocol=17 | dir=in | app=j:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{43978724-37A0-491B-891C-A812636F999A}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\skydriftdemo\skydrift.exe |
"{449F9C42-AFB3-49BD-B3AE-B81E3ACD92DC}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\launcher.exe |
"{47D0D9F2-F160-4FA4-8CD2-CE710167B376}" = protocol=6 | dir=in | app=j:\program files (x86)\tera\tera-launcher.exe |
"{47F0DE5D-8844-4BD5-A7F9-16FA7E15517F}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\shoot many robots\shootmanyrobots\binaries\shootmanyrobots.exe |
"{4A100514-E23B-4562-818E-4749406BD81F}" = protocol=6 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\ngstudio.exe |
"{4B07C912-BDD7-4AA1-BF6B-14EBBB29990D}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\painkiller hell & damnation\binaries\win32\pkhdgame-win32-shipping.exe |
"{4B4DDC54-BD0F-4E94-A925-05C8A22EB131}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
"{4E746127-C150-4983-9FCF-318D27656183}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4E8E7D8F-CC71-4FAE-97C3-6303D4B78061}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe |
"{4F757323-567C-459E-A041-69B411F29B5E}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{504C75F2-DC71-4DA5-82AF-79B2B192D872}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{510D29E7-FC2D-46DE-8E7E-A934D07AEF3F}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\launcher.exe |
"{5247366C-D9BD-4DA8-A878-AF07ECE7AB0D}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\painkiller hell & damnation\binaries\win32\pkhdgame-win32-shipping.exe |
"{52D4C3B0-D111-4EB7-9BDC-96629C31CEE3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{538ECB25-A06B-496D-86B9-73FA27537C50}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\grid 2\grid2.exe |
"{542FE241-1D43-47D8-9BAE-65A188AA8826}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{54543FFF-EB11-4D4F-A8A3-29EC13B055D8}" = protocol=6 | dir=in | app=j:\program files (x86)\origin\games\battlefield 3\bf3.exe |
"{55C9B959-725C-4DF4-97F6-82D989710B56}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe |
"{57ABCE6F-90A0-4ABE-B30E-A2BF66F5E7C3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{58FFFF5C-348C-4CCC-9B3B-3B82F834342B}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\restaurant empire 2\re2.exe |
"{5C224E4D-E133-421E-AFD1-B6457FD79F57}" = protocol=17 | dir=in | app=c:\users\thor\appdata\roaming\dropbox\bin\dropbox.exe |
"{5C534FC0-9E89-474C-8BDA-12AB8A4992CC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{5D020262-8C23-4EBC-9C80-331AD9E29722}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5D57D753-E6CA-49D3-8A24-F614812E7106}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{5DE808F0-0CAE-48EB-B0D8-85F45B58EFCC}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe |
"{5FC7AB70-6223-4465-84C9-FCF6C5D645D5}" = protocol=17 | dir=out | app=j:\program files (x86)\tera\client\tl.exe |
"{612EB092-8D88-43C5-8DAA-66F88A9B4F1D}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\blackwell legacy\blackwell1.exe |
"{6136729A-B79F-4615-B566-C085852C973F}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\rock of ages\binaries\win32\roa.exe |
"{693F28D6-AAF8-43B8-96AE-A83255442643}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe |
"{6946D538-12D8-4BAC-8672-74B43470E660}" = protocol=6 | dir=out | app=j:\program files (x86)\tera\tera-launcher.exe |
"{69650794-1BF5-46B6-9BF1-6E8056CC3410}" = protocol=6 | dir=out | app=j:\program files (x86)\tera\client\tl.exe |
"{6A1329D5-C2FB-41B1-BAF0-0302CA948E61}" = protocol=17 | dir=in | app=j:\program files (x86)\tera\client\tl.exe |
"{6A4C5510-CBCA-451E-BBC5-B8FFA367BD60}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{6AEF5BF8-CFCB-4FDB-8169-22D1024A293E}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{6B8567CC-BE4B-49EB-BA4B-09FC0D64560B}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sherlock holmes the mystery of the mummy\game.exe |
"{6DB7B489-D8D3-4C71-97EB-BD486342CB15}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{6F534FBB-0EE3-445E-8713-A33363B799A6}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\poxnora\launchpad.exe |
"{70157775-3BED-471F-9E98-8FAB7E6831B7}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{703E78F4-945F-46CE-84BC-8E0A239AA70C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{72AC1B9F-9894-4C2E-8ECB-C5C4ECBAC3A5}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{72C47FD8-73FB-409D-B27C-C842436A3974}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{73AA990B-336C-4640-A993-0977FF56FAEA}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{76A21391-F716-4D04-A88E-FD0DE4588B54}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7713605C-C61D-45D2-BBD8-004383972403}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{77451E5F-20F5-474F-8C54-CE85A51184FD}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{78AC5D0F-A787-4A6E-9AB1-A0F0D4C4277D}" = protocol=17 | dir=in | app=j:\program files (x86)\diablo iii\diablo iii.exe |
"{79CDA04C-D57D-4831-B8C8-F8437A1CDAC9}" = protocol=17 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\umi.exe |
"{7B0C24CA-7B98-4025-AE45-AC2A9E987ED6}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\magic 2014\dotp_d14.exe |
"{7BCC3922-FC0A-4F81-A839-E4E294C4C2C5}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\skydriftdemo\skydrift.exe |
"{7E56F07E-EBDA-4AF5-8CB0-91F450360764}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\bunch of heroes\keyconfig.exe |
"{80297E6C-4587-4E5E-B520-8115CAF72521}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe |
"{818959BE-457B-4D2E-97DB-0ADC82D3CEFA}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{83092CA0-DBB1-496D-B647-6CB6A10BB473}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{848EF153-F763-4B76-8281-A53E8DB9C740}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dragon commander\shipping\betauploader.exe |
"{84C54B1B-FA4E-4228-8B13-9551DCA0A95C}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{8671F8B1-2E73-4572-BE5F-FACA1595846F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{86E387B6-D045-42C1-BEB1-3BBCE3892374}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{8B6280E4-1402-4152-B0D7-807C1657E59D}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
"{8BA515A4-67C4-4BCA-B163-6F87DB18E66F}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\rock of ages\binaries\win32\roa.exe |
"{8C7C9955-AB7D-48B6-AC13-7D197B51CD84}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8CABC277-DBC5-4C96-8FCF-2218AA1269C5}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{8E6E3D7C-88A1-4175-917C-A250743D8962}" = protocol=17 | dir=in | app=j:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{8EEBE51E-6087-49C2-8BA9-FB05E06426ED}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\magic 2014\dotp_d14.exe |
"{937DC820-015B-4AA5-A839-5A29DF4F7411}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{93FE19BB-411A-428D-93AA-029F9F633A59}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{95A4EA33-4FF9-4151-9EA1-1B2B8EFA6CD1}" = protocol=17 | dir=out | app=j:\program files (x86)\tera\tera-launcher.exe |
"{95D644C5-33D7-4DAB-AFF5-0D8809169E73}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{960EC588-3DE0-4EFA-9185-73DD584CB8B4}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\rusty hearts\clientlauncher.exe |
"{970A9791-08CC-420F-9332-AFD331428480}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{980DB033-E615-44F4-A36D-827811FF7951}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\blackwell legacy\blackwell1.exe |
"{9D9F4CAA-A6E8-41A6-8EAD-5ED35261526B}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{9E62C6C1-7813-49A4-A817-E8DA6997BD0F}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{9F697F68-E618-4154-B16F-7B9F7CDDE1FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A004C04D-C15F-4CBD-AF13-CEEB475EED1B}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{A0775501-653B-442B-9CCD-B5227A5CA941}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1652EC2-8955-407F-8FF8-26C39D6DF8AB}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe |
"{A24FECD2-9E0B-44E7-B0B6-9908083BA2F7}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{A62F8653-D028-4BD7-90E0-51830654BAE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A8351F36-033B-430C-9783-3EC3A1C990DD}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{A963AB53-28EF-4580-BC59-0A1BAE275D24}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{AB459E01-E9FF-43C1-B5B4-809E54D5C90D}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{ABB25392-B798-4EDB-8555-0841A4E78582}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe |
"{ABF0BA12-54DD-475B-8CE9-52C171009EC7}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{ABFFDA16-7578-4196-B394-95DFDD56C8BC}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{AD1EBF28-185E-45A7-8F40-63CCBBDF0260}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AE35E012-75FD-46A7-AF23-2FFBABF5E7B9}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sherlock holmes the mystery of the mummy\game.exe |
"{AF89BA33-C223-46C2-9DAD-9B9D41D7C5A2}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\endless space\endlessspace.exe |
"{B0775AE2-0914-4892-9567-8F0EA85A8187}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{B0FD172C-E57C-4C77-A071-278255267576}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B11798FE-DA81-4384-B629-159A45D78283}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\launcher\gslauncher.exe |
"{B219B5F9-2BB3-411D-8A62-2CE583451FF0}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\the swapper\theswapper.exe |
"{B290171F-DC1D-447E-8672-F356BC5A2FF3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3A4192D-C59A-46F6-8E80-BF1B24092C4D}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{B41AB17A-5E7E-46BE-9ADF-C110CBDA49E6}" = protocol=6 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\umi.exe |
"{B4F1050F-7337-4DCA-8E94-7A063EB61F02}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{B8FDF449-377C-4466-87AC-2B5CDEE0BD72}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{B98E6E2F-A0C6-4660-8114-D82487F7701C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{BCCAD4DC-7E88-473A-A7AA-13190CDF664A}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe |
"{BD36B485-0BCB-4F7D-BA5E-3F26E8444CF7}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe |
"{BDE93427-42D0-43EA-8B14-643E82A2CDAB}" = protocol=6 | dir=out | app=c:\program files (x86)\kinoni\epoccam_and_barcode_drivers\kinonisvc.exe |
"{BE668661-38A7-4BBF-ABBB-9A5B432B4075}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{BF833962-8B82-458C-8B79-61A9EE8617D1}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\restaurant empire 2\re2.exe |
"{BFAB6E66-021E-4201-9CD1-FD29FF29201F}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{C2AF7E26-1C49-46A2-896A-AD41F8A8A347}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sherlock holmes the secret of the silver earring\game.exe |
"{C4A3C800-AC57-406A-8C33-52ACA9561046}" = protocol=6 | dir=in | app=j:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{C637B44A-3C95-48F4-B8CF-48D802E42A36}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C65940E2-1254-4ACC-92A8-1C53C54C53B4}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
"{C70CD81A-0B3E-4264-988E-0806D1DE7128}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\rusty hearts\clientlauncher.exe |
"{C8958BFA-4574-4526-BDAD-A4C5C578428B}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{C8A43B87-18D3-4EE1-884B-A5D35D518A05}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{C9AF3014-10B2-40E0-A2C5-B2798FD5945B}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\grid 2\grid2.exe |
"{CAC4761A-1CCB-4428-A161-4D51BC362CF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB2E67FD-834D-4D75-AED0-4AE3B3EB75E7}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\king's bounty - warriors of the north\kbwotn.exe |
"{CBA77A2A-EB6A-4264-8D17-C248CD7536EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD4B9C04-4677-401F-9C8E-3885C7EE8FF6}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{CD60C295-2234-497B-BB2D-D4E1B633E16F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{CDB66DB9-B85F-43F9-8750-7F8F4608EC80}" = protocol=6 | dir=in | app=j:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{CDF57D6C-9F39-42EC-8B69-5F0FCB454E6C}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{CECB736F-A5E7-4F17-89CC-3614F374BDD6}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\hotel giant 2\hg2.exe |
"{CEF69441-A2AB-4C50-AAC1-5E0ADA602D95}" = protocol=17 | dir=in | app=j:\program files (x86)\origin\games\fifa 13\game\fifa13.exe |
"{CFDD81F6-1B77-4401-9423-20B3037C5414}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{D005BD1E-A634-4277-AE0E-79D82C6C2759}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe |
"{D1436489-9AAB-4D34-BA4E-E2FD5C3FB892}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{D1990E46-50C6-4271-A003-5BF4D0090FA1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D4932A6C-8E7A-4971-9E72-723927886C4A}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{D89CB0B0-E987-4771-B7E9-3236DA92FC80}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{D8BE81EB-152C-421C-A31A-D0025A8B14E2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{DB560EE7-EF38-4655-B4BC-D6F418EF1C03}" = protocol=6 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\rm.exe |
"{DB8183EB-48B6-479F-9188-C82E4F9056D8}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\bunch of heroes\keyconfig.exe |
"{DC0CC9AD-9DF8-4CAB-AEFD-7DB77DF66E1C}" = protocol=6 | dir=in | app=c:\users\thor\appdata\roaming\dropbox\bin\dropbox.exe |
"{DC31E367-6428-4FFB-8860-815DE0C75030}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE1B3A23-43E7-4B53-8A40-CBA3CC325E38}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe |
"{DF183EB8-AB86-470E-81BB-BB2C060D9A5F}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\king's bounty - warriors of the north\kbwotn.exe |
"{DF34AC00-57C7-4F58-B5C5-7CF15995E893}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{E067C706-5D53-4F15-857B-8777A3CAB94F}" = protocol=17 | dir=in | app=j:\program files (x86)\origin\games\battlefield 3\bf3.exe |
"{E0A10353-7349-4CA8-8390-18C3042329BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E0AB9B0F-944B-4106-89B0-D9ED3E8497EE}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\bunch of heroes\game.exe |
"{E35DEB28-39A7-4797-AFB2-4FE41C656DB0}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe |
"{E40547F5-EFBF-4F1F-B442-4A4A1B91E5CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E46523E4-C0F6-4A06-8397-0970E3A73BCA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E518E686-7F62-45F5-9B6C-1B39771D7559}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{E57AAD25-5D3F-4F2A-BAA1-7E6DBBF2CB0F}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{E8761D6F-C968-443B-AA56-0A10F7FC5CA1}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{E9E5BCB1-656C-4D08-9369-9915F1000504}" = protocol=6 | dir=in | app=j:\program files (x86)\origin\games\fifa 13\game\fifa13.exe |
"{EB972F49-292A-471A-8967-EAA4D04ACDD9}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{ECE08F47-36BD-466D-8D44-B89D27480D06}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{ED28C681-2A51-424A-85BE-A89492BE0998}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\endless space\endlessspace.exe |
"{EE497647-49FE-487E-A86A-6344536A08F4}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{EE9573BD-68DF-4ADB-BE09-B82848C3A4CD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F0515D1A-9BB2-48BF-B06D-924628F5CF22}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F0934744-C3CC-45F8-A84F-8AB68C8A9136}" = protocol=6 | dir=out | app=system |
"{F0B2854B-BF50-4F3C-8FD0-104B82BCB620}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{F2B58789-3568-45D7-B7C7-8252DA89571E}" = protocol=17 | dir=in | app=j:\program files (x86)\pinnacle\studio 16\programs\ngstudio.exe |
"{F3BCA730-B017-42C1-AA6A-38E2FD857B5E}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{F3C99B27-8887-4667-A048-F6D81E1C2B1B}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\greed corp\game.exe |
"{F4FBC633-455F-41DC-9BA6-D73C120F1CD3}" = dir=in | app=c:\users\thor\appdata\roaming\allmyapps\allmyapps.exe |
"{F7E1601D-05CC-42D1-911C-1DD084A2F838}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{F86CFE52-910B-4410-A724-F37258E98298}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{F876FC1A-864D-4629-B1E5-1CBD9CA96023}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F885CF03-6903-4F77-8356-74BE3D73A8A0}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steam.exe |
"{F8F65D74-3CB7-4181-93C7-4692250E2463}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{FA500071-4352-401F-8EDF-968101483965}" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\hotel giant 2\hg2.exe |
"{FAFB854B-F02F-4A3C-AAD8-CA7CD3C30FE9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FB43A610-4365-4F4B-90C1-071333DDE970}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{FB82B1D4-8768-47F0-81BD-4F38831F063D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FCEFC653-31AF-4186-9761-814EA769D6B1}" = protocol=6 | dir=in | app=j:\program files (x86)\diablo iii\diablo iii.exe |
"{FE93B181-2B09-40AE-93CB-23CEE9C52747}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{FE99F3FA-FDD7-4535-BAC4-B777CD4F7FFA}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steam.exe |
"{FEE1F993-F114-48A9-88E5-603D3FCCCB1F}" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe |
"TCP Query User{0FD82494-D36C-4D57-9FCE-40BEF99ECB44}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{203DB1D8-3FA1-49D8-A49A-6F874444FF81}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"TCP Query User{212B7DE8-DC1A-4F85-B890-3E024E3E727B}F:\backup stuff\ggpo\ggpo.exe" = protocol=6 | dir=in | app=f:\backup stuff\ggpo\ggpo.exe |
"TCP Query User{24237234-F5A8-42ED-9471-20757642CD81}C:\users\thor\desktop\programs\ratiomaster.net.exe" = protocol=6 | dir=in | app=c:\users\thor\desktop\programs\ratiomaster.net.exe |
"TCP Query User{4AF6A521-893D-4589-AC10-AEDF6FB31F92}J:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{4FF81B39-3421-4910-A2C6-4FCF79F03706}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"TCP Query User{56FD6CC0-0E53-49D9-83E8-38BAA1CA4C51}G:\ggpo\ggpofba.exe" = protocol=6 | dir=in | app=g:\ggpo\ggpofba.exe |
"TCP Query User{5759B9AF-A915-4332-AE7C-A87959287A56}C:\program files (x86)\gigabyte\@bios\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gbtupd.exe |
"TCP Query User{65062F1F-133C-4390-8B8C-828AE77AF229}J:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{71A37ED6-27E3-46B4-8BD3-5D49EEA73BB5}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{8FC7339D-1AC8-4EE4-BBB7-9346BC3B2757}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
"TCP Query User{A5E95334-12D9-47F6-BFE9-17CBD4FA5691}J:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{B3C31F1A-C930-4205-A6E2-467615E7AC05}J:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=j:\program files (x86)\the witcher 2\bin\witcher2.exe |
"TCP Query User{D328B1FF-69AD-4E70-9FA1-6D00DC452AB7}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
"TCP Query User{D67AEC24-56FC-49B7-A9AD-E1A91012742D}J:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"TCP Query User{DA05FADE-AA11-4BC5-91FD-7E81016DC94D}C:\program files (x86)\gigabyte\@bios\updexe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\updexe.exe |
"TCP Query User{DBB04AA7-19AF-4B10-8C2E-18FC4A7155AD}J:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{F3F788CA-E462-453B-8FC1-EE13610A73F5}G:\ggpo\ggpo.exe" = protocol=6 | dir=in | app=g:\ggpo\ggpo.exe |
"TCP Query User{FB8320F8-CDDF-481B-ADF7-9BF76C1B7252}J:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=j:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
"UDP Query User{066EFEF0-0F4C-4858-82BF-2CBF101DAA1B}F:\backup stuff\ggpo\ggpo.exe" = protocol=17 | dir=in | app=f:\backup stuff\ggpo\ggpo.exe |
"UDP Query User{61146518-AD39-4214-BEBF-489F60192418}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
"UDP Query User{6B5A3915-8275-4091-A2ED-8645CF4501D4}G:\ggpo\ggpo.exe" = protocol=17 | dir=in | app=g:\ggpo\ggpo.exe |
"UDP Query User{6C156A94-D386-4C68-8929-07656956D749}G:\ggpo\ggpofba.exe" = protocol=17 | dir=in | app=g:\ggpo\ggpofba.exe |
"UDP Query User{6DE38980-76AC-4F36-A2D1-E56CA87EF86A}J:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
"UDP Query User{6FBA7870-5DB8-4DA0-AFAA-7615635B4173}J:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{75ECC5ED-0BB7-4AB0-9F82-CE5039FC690C}J:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"UDP Query User{87E410D1-0860-4FDC-905F-1AAA29F30492}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{90526D14-8FDD-4261-B926-A001CDA3B441}C:\users\thor\desktop\programs\ratiomaster.net.exe" = protocol=17 | dir=in | app=c:\users\thor\desktop\programs\ratiomaster.net.exe |
"UDP Query User{B06687AA-62E6-4F5C-8118-D3E559A8EEE6}J:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=j:\program files (x86)\the witcher 2\bin\witcher2.exe |
"UDP Query User{C57D4718-3C39-4C05-86BF-C97286032997}C:\program files (x86)\gigabyte\@bios\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gbtupd.exe |
"UDP Query User{D6A9F9F5-9C94-4CB8-BC31-F74EEA3A3329}J:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{D7B7FA52-F8F5-4964-AC0B-A4E338FFAFA9}J:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{DC6C4A52-F8EA-4061-9B67-8DD222D4B846}J:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=j:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{E1DE465B-4DCB-4296-B05D-42510EDC7A14}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{E5DBF925-E051-4DB2-B8A2-F3820BEDD625}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
"UDP Query User{E712E149-E313-4342-BB38-FDAF62F9C671}C:\program files (x86)\gigabyte\@bios\updexe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\updexe.exe |
"UDP Query User{FA1C406C-7376-4EEB-A12E-48B3DFA20394}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{FF959B48-2019-40A1-9221-C2CBE0F7766F}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client
"{190BC83F-D54E-4494-830E-7FB4A5F4B964}" = Local Subtitles for 64-bit WMP
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2599B6F1-92AC-472C-BE60-9F17565E4938}" = PowerDirector
"{2F74F544-9A53-4787-A6B1-0844359040D7}" = MAGIX Speed burnR (MSI)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}_is1" = WinDS PRO 2012.10.2
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5CF4CFE-3080-4436-A8A5-00CFDC0F7918}" = MAGIX Video deluxe Premium 2013 Update
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D000D1C0-6E80-4FC4-BE4E-A88872C0616F}" = Share64
"{D5FE818E-F1C7-44F8-A3C0-C08761906E27}" = Share64
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}" = PowerDirector
"{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}" = MAGIX Movie Edit Pro 2013 Premium
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.144
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"DriverAgent.exe" = DriverAgent by eSupport.com
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.8.0 (64-bit)
"Logitech Gaming Software" = Logitech Gaming Software 8.30
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NewBlue Art Effects for PowerDirector" = Newblue Art Effects for PowerDirector
"Recuva" = Recuva
"sp6" = Logitech SetPoint 6.32
"vsfilter64_is1" = DirectVobSub 2.41.7036 (64-bit)
"WinRAR archiver" = WinRAR archiver
"ZonerPhotoStudio13_EN_is1" = Zoner Photo Studio 13

 

[OCD]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{1A1BD41E-9854-4957-8959-F9559A8862A7}" = Corel VideoStudio Ultimate X5
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{02E12A07-1BB9-44D6-A480-4EA42DB9E122}" = Boris Graffiti for Corel
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06ACD0D6-537A-4831-9608-AA74A5795698}" = Fantasy Sound Pack
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DB44859-4112-4946-BE5E-A4275B3FFB5E}" = Furry Voices for Second Life
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA
"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A1BD41E-9854-4957-8959-F9559A8862A7}" = ICA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F8BC72D-14B1-4DCA-BD9E-49D712CF035D}" = C64 Forever
"{20052CA0-FF43-4901-8261-E6DBF0A09ED1}" = Farm Animal Sounds
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216E21F4-0489-4311-92D6-20D1FB950FCE}" = Sci-Fi Voice Pack
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}" = Pinnacle Studio 16
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}" = Update Manager B10.0728.1
"{29C042AB-059B-414C-840E-94775E3F24A8}" = Personality Voices
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336E1A2D-E3EB-4846-B7D0-BD75BBBBC0A4}" = Deep Space Voices
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B11.0512.1
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0630.1
"{45BF4F8E-7BE7-4384-94C6-60AC70C401C6}" = Male Voice Pack
"{48A00644-2D97-43B5-A614-603DECF3E5F6}" = Boris Graffiti for Corel
"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}" = SpyHunter
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B616A3F-43D9-4F0B-9F49-D39342A98592}" = Creatures of Darkness
"{602A1471-063B-4E03-9DCE-0210B914EFF5}" = Translator Fun Voice Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66C70B5F-730F-4C5D-9FC5-8E56D0FE7D53}" = IPM_VS_Pro
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{682B3199-76C3-4745-B7AE-FC13F6676421}_is1" = Pavtube Blu-ray Video Converter Ultimate Ver 4.0.2.2902
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A6F7B28-E178-47AC-8654-A654ADA6C777}" = VSHelp
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{71F8C486-8A13-468E-8B73-06051075556A}" = Female Voice Pack
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79A743FA-FF99-42DF-8C35-BA40EAEA6668}" = Comic Sound Pack
"{8061C2C9-C2A3-4550-A3FC-585B646840CB}" = Fantasy Voice Pack
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8AA4F966-EF4B-44D8-99AA-C4EA93B46863}" = VSClassic
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BB86DF-EE99-41EB-9446-B4623A725E2A}" = Livestream for Producers
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8887C7B-0BCC-4FBF-BCEB-9BB4D4B14999}" = Setup
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABBC8011-1E42-4ADA-9794-574349612CEF}" = iWebcamera
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0C00181-ECF5-4124-A6DE-14EA663D4799}" = Blue Satin Skin
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C717B4D4-2EFA-4DC3-8EDB-79543E43666C}" = VSUltimate
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{CA486743-5F44-40D5-A38B-77911FB27579}" = Contents
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D13F2D95-1CE0-4147-846F-89ECB2E9A5CD}" = Sci-Fi Sound Pack
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents
"{D813EF9B-69CF-4996-893C-B400AE7292FA}" = Spooky Sounds
"{D84B7C7E-2E4D-4002-8CA8-EED4EDB333AC}" = MLE
"{D875FFEE-2FCE-4774-902A-749198C00A68}" = PureHD
"{D91802D9-6A42-4563-BC37-B3E2D04DC95B}" = Ancient Weapon Sounds
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share
"{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO
"{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCDC6934-7428-489E-8651-90B53191488B}" = ISCOM
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF3FE308-58F2-45E2-9BB0-6A993794AD5C}" = Galactic Voices
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7E76513-335F-4995-86CF-A85B77D8D975}" = Sci-Fi 2 Sound Pack
"{EEBEF66A-70FD-4DF6-B173-82D07E61853E}" = Share
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}" = Pinnacle Studio 16 - Install Manager
"{F2979728-5C01-4D39-8974-DBC579C3BD49}" = Usage Agent
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FC6DAF3E-52C2-43AD-9C50-810F8943C79E}" = BigPond Media Downloader
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.3
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cloanto Software Director" = Software Director
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Desura" = Desura
"Diablo III" = Diablo III
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVD Catalyst" = DVD Catalyst 4.1.5.2
"Dxtory2.0_is1" = Dxtory version 2.0.122
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ESN Sonar-0.70.4" = ESN Sonar
"Evaer Video Recorder for Skype" = Evaer Video Recorder for Skype 1.3.4.15
"Fraps" = Fraps (remove only)
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.13.608
"Free Video to Android Converter_is1" = Free Video to Android Converter version 5.0.13.608
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.8.4.920
"GoldWave v5.68" = GoldWave v5.68
"HandBrake" = HandBrake 0.9.6
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0630.1
"InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"KinoniDrivers" = KinoniDrivers 2.8.1
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Logitech Vid" = Logitech Vid HD
"MAGIX_{2F74F544-9A53-4787-A6B1-0844359040D7}" = MAGIX Speed burnR (MSI)
"MAGIX_{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}" = MAGIX Movie Edit Pro 2013 Premium
"MagniDriver" = marvell 91xx driver
"MakeMKV" = MakeMKV v1.8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Media Player - Codec Pack" = Media Player Codec Pack 4.2.7
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.1.0.4
"MKVToolNix" = MKVToolNix 5.6.0
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Origin" = Origin
"proDAD-HeroglyphRoute-4.0" = proDAD Route 4.0
"proDAD-Mercalli-2.0" = proDAD Mercalli 2.0
"proDAD-Vitascene-2.0" = proDAD Vitascene 2.0
"PS3 Media Server" = PS3 Media Server
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"SopCast" = SopCast 3.4.8
"Stardock Central" = Stardock Central
"Steam App 102600" = Orcs Must Die!
"Steam App 105600" = Terraria
"Steam App 11130" = Sherlock Holmes: The Mystery of The Mummy
"Steam App 111400" = Bunch Of Heroes
"Steam App 11150" = Sherlock Holmes: The Secret of the Silver Earring
"Steam App 113420" = Fallen Earth
"Steam App 1250" = Killing Floor
"Steam App 17080" = Tribes: Ascend
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 200170" = Worms Revolution
"Steam App 200710" = Torchlight II
"Steam App 201210" = PoxNora
"Steam App 201790" = Orcs Must Die! 2
"Steam App 203140" = Hitman: Absolution
"Steam App 203160" = Tomb Raider
"Steam App 203350" = King's Bounty: Warriors of the North
"Steam App 207170" = Legend of Grimrock
"Steam App 207890" = Football Manager 2013
"Steam App 208140" = Endless Space
"Steam App 209540" = Strike Suit Zero
"Steam App 210770" = Sanctum 2
"Steam App 212680" = FTL: Faster Than Light
"Steam App 213850" = Magic 2014
"Steam App 214870" = Painkiller Hell & Damnation
"Steam App 218230" = PlanetSide 2
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 220" = Half-Life 2
"Steam App 22230" = Rock of Ages
"Steam App 223220" = Giana Sisters: Twisted Dreams
"Steam App 22600" = Worms Reloaded
"Steam App 226980" = Pinball FX2
"Steam App 230410" = Warframe
"Steam App 231160" = The Swapper
"Steam App 24240" = PAYDAY: The Heist
"Steam App 32900" = Restaurant Empire II
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 35130" = Lara Croft and the Guardian of Light
"Steam App 35720" = Trine 2
"Steam App 36630" = Rusty Hearts
"Steam App 38230" = Hotel Giant 2
"Steam App 44350" = GRID 2
"Steam App 48950" = Greed Corp
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"Steam App 55230" = Saints Row: The Third
"Steam App 620" = Portal 2
"Steam App 630" = Alien Swarm
"Steam App 65800" = Dungeon Defenders
"Steam App 70000" = Dino D-Day
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8870" = BioShock Infinite
"Steam App 91110" = SkyDrift Demo
"Steam App 91310" = Dead Island
"Steam App 91600" = Sanctum
"Steam App 9340" = Company of Heroes: Opposing Fronts
"Steam App 96400" = Shoot Many Robots
"Steam App 98200" = Frozen Synapse
"Steam App 9900" = Star Trek Online
"TeamViewer 7" = TeamViewer 7
"The KMPlayer" = The KMPlayer (remove only)
"TMPGEnc Video Mastering Works" = TMPGEnc Video Mastering Works
"Tunngle beta_is1" = Tunngle beta
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.6
"Wondershare Video Converter Ultimate_is1" = Wondershare Video Converter Ultimate(Build 5.7.4.2)
"xvid" = Xvid MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/08/2013 1:27:18 AM | Computer Name = Thor-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 9/08/2013 1:27:29 AM | Computer Name = Thor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/08/2013 1:27:29 AM | Computer Name = Thor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/08/2013 1:27:29 AM | Computer Name = Thor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/08/2013 1:27:30 AM | Computer Name = Thor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/08/2013 1:27:30 AM | Computer Name = Thor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/08/2013 1:27:30 AM | Computer Name = Thor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/08/2013 1:27:30 AM | Computer Name = Thor-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/08/2013 1:32:15 AM | Computer Name = Thor-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 28.0.1500.95, time
stamp: 0x51f05c5f Faulting module name: ole32.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x0003bc21 Faulting process
id: 0x12d0 Faulting application start time: 0x01ce94c1278de004 Faulting application
path: C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: C:\Windows\syswow64\ole32.dll Report Id: 0bf435f4-00b5-11e3-af1c-50e549b16d48

Error - 9/08/2013 1:37:21 AM | Computer Name = Thor-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 28.0.1500.95, time
stamp: 0x51f05c5f Faulting module name: ole32.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x0003bc21 Faulting process
id: 0x8c8 Faulting application start time: 0x01ce94c256a2d8ba Faulting application
path: C:\Users\Thor\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: C:\Windows\syswow64\ole32.dll Report Id: c24bab43-00b5-11e3-af1c-50e549b16d48

[ Spybot - Search and Destroy Events ]
Error - 5/08/2013 1:37:44 PM | Computer Name = Thor-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 8/08/2013 3:37:24 PM | Computer Name = Thor-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 8/08/2013 3:39:58 PM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/08/2013 3:56:40 PM | Computer Name = Thor-PC | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 8/08/2013 3:57:40 PM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/08/2013 12:29:59 AM | Computer Name = Thor-PC | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 9/08/2013 12:30:58 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/08/2013 12:46:27 AM | Computer Name = Thor-PC | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 9/08/2013 12:47:26 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/08/2013 1:24:18 AM | Computer Name = Thor-PC | Source = SNMP | ID = 16713180
Description = The SNMP Service encountered an error while accessing the registry
key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 9/08/2013 1:25:19 AM | Computer Name = Thor-PC | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).


< End of report >

 

[OCD]

Should I paste them up now or wait for different instructions?

I have taken care of posting them. But it's late and I still have to review the logs. I will pick back up later today.

 

[vlahka]

Thanks for the help.

 

[OCD]

Hi vlahka,

1. Reset / Change Homepage in Chrome

• Click the Chrome menu
  
  on the browser toolbar.
• Select Settings.
  • Add the home button to the browser toolbar
    Home page button is off by default. Select the "Show Home button" checkbox in the "Appearance" section to show it on the browser toolbar.
  • Set your home page
    When the "Show Home button" checkbox is selected, a web address appears below it. This is the address you will want to change. (hxxp://www.delta-search.com/)
    Click Change to enter a link (i.e. [url]http://www.google.com[/url]). You can also choose the New Tab page as your home page.

=========================

2. Delete cache and other browser data in Chrome

• Click the Chrome menu
  
  on the browser toolbar.
• Select Tools.
• Select Clear browsing data.
• In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.
  • Clear browsing history
  • Clear download history
  • Empty the cache
  • Delete cookies and other site and plug-in data
  • Clear saved passwords
  • Clear saved Autofill form data
  • Clear data from hosted apps
  • Deauthorize content licenses
• Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
• Click Clear browsing data.

=========================

3. Junkware Removal Tool (I changed the download link)

Please download Junkware Removal Tool to your desktop.

Right click and select "Run as Administrator".

• Shut down your protection software now to avoid potential conflicts.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

=========================

4. Run OTL.exe

Windows Vista and Windows 7 users Right Click and select "Run as Administrator"

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :OTL
  CHR - homepage: http://www.delta-search.com/?affID=1...0000ff73427270
  CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
  CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Thor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll
  O2 - BHO: (no name) - {45d30484-7ded-43d9-957a-d2fd1f046511} - No CLSID value found.
  O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
  O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
  O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
  O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
  [2013/08/06 09:54:58 | 000,000,000 | -HSD | M] -- C:\Users\Thor\AppData\Roaming\gjrgfujw
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [createrestorepoint]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

=========================

In your next post please provide the following:

• JRT.txt
• OTL.txt
• How is the computer running, what issues still remain?