5/28/2014 Songodin's Malware Issues

Solved
By Songodin
May 29, 2014
  1. Songodin

    Songodin Newcomer, in training Topic Starter Posts: 29

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Ultimate x64
    Ran by Edward on Tue 06/03/2014 at 20:31:03.49
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



    ~~~ FireFox

    Emptied folder: C:\Users\Edward\AppData\Roaming\mozilla\firefox\profiles\js1rcphm.default\minidumps [38 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 06/03/2014 at 21:00:43.87
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  2. Songodin

    Songodin Newcomer, in training Topic Starter Posts: 29

    OTL logfile created on: 6/4/2014 7:23:45 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Edward\Desktop\Cleanup
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17041)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
    4.00 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 65.47% Memory free
    7.99 Gb Paging File | 6.04 Gb Available in Paging File | 75.56% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 520.99 Gb Free Space | 55.94% Space Free | Partition Type: NTFS
    Drive E: | 232.88 Gb Total Space | 211.42 Gb Free Space | 90.79% Space Free | Partition Type: NTFS
    Computer Name: BAHAMUT | User Name: Edward | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    ========== Processes (SafeList) ==========
    PRC - [2014/06/04 07:22:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Edward\Desktop\Cleanup\OTL.exe
    PRC - [2014/05/29 12:36:52 | 000,543,424 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2014/05/29 12:36:48 | 001,754,816 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2014/02/12 09:42:38 | 000,387,928 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/12/12 21:47:56 | 000,085,600 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
    PRC - [2013/11/29 04:27:50 | 000,473,496 | ---- | M] (TomTom) -- C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
    PRC - [2013/11/27 12:24:36 | 000,284,008 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
    PRC - [2013/10/23 04:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    PRC - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    PRC - [2011/09/27 12:44:20 | 000,439,440 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    PRC - [2011/09/06 06:32:20 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    PRC - [2011/08/04 15:44:24 | 000,593,032 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
    PRC - [2011/08/04 15:41:44 | 001,637,496 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    PRC - [2009/10/16 12:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
    ========== Modules (No Company Name) ==========
    MOD - [2014/05/29 12:37:34 | 002,139,840 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
    MOD - [2014/05/29 12:36:54 | 001,116,864 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2014/05/16 20:36:10 | 000,756,224 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
    MOD - [2014/05/01 18:35:22 | 020,628,160 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2014/04/29 19:08:08 | 001,135,104 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-55.dll
    MOD - [2014/04/29 19:08:08 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll
    MOD - [2014/04/29 19:08:08 | 000,404,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-55.dll
    MOD - [2014/04/29 19:08:08 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
    MOD - [2014/04/28 19:37:22 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-2.dll
    MOD - [2013/11/29 04:29:40 | 000,026,520 | ---- | M] () -- C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
    MOD - [2013/11/29 04:28:34 | 000,344,984 | ---- | M] () -- C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
    MOD - [2013/11/29 04:28:12 | 000,082,840 | ---- | M] () -- C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
    MOD - [2013/06/14 18:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2013/06/14 18:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2013/06/14 18:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    ========== Services (SafeList) ==========
    SRV:64bit: - [2014/04/16 22:12:46 | 006,817,544 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
    SRV:64bit: - [2014/03/25 20:22:20 | 002,264,280 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
    SRV:64bit: - [2014/03/06 03:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2011/04/20 04:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2014/05/29 12:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2014/05/14 07:51:16 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/05/13 14:29:26 | 002,228,048 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2014/05/09 20:31:09 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/04/15 16:07:54 | 000,377,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2014/02/12 09:42:38 | 000,387,928 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
    SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/11/27 13:43:40 | 001,375,600 | ---- | M] (Binary Fortress Software) [Auto | Running] -- C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe -- (DisplayFusionService)
    SRV - [2013/10/23 04:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/08/27 16:57:34 | 000,093,072 | ---- | M] (TomTom) [On_Demand | Stopped] -- E:\Program Files\TomTom Home\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2013/02/26 02:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
    SRV - [2011/09/06 06:32:20 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2009/10/16 12:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    ========== Driver Services (SafeList) ==========
    DRV:64bit: - [2014/04/16 22:12:56 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
    DRV:64bit: - [2014/01/22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
    DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV:64bit: - [2013/06/05 12:42:06 | 000,073,984 | ---- | M] (Identive) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
    DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2012/08/21 15:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 14:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/04/20 04:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/04/20 03:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/04/04 16:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/03/04 08:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/01/22 14:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/01/22 14:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2009/08/14 01:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/08 13:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
    DRV:64bit: - [2009/03/18 20:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2009/01/29 19:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
    DRV:64bit: - [2008/05/06 18:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2008/01/17 19:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
    DRV:64bit: - [2007/11/02 17:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
    DRV:64bit: - [2006/05/24 14:51:14 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    ========== Standard Registry (SafeList) ==========
    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A 6C 59 78 2F 9F CD 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
    ========== FireFox ==========
    FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "https://www.google.com/|https://www.navyfederal.org/"
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
    FF - prefs.js..extensions.enabledAddons: info%40djzig.com:2.2.3
    FF - prefs.js..keyword.URL: ""
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Edward\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/09 20:30:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/20 15:20:33 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/09 20:30:25 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/20 15:20:33 | 000,000,000 | ---D | M]
    [2014/01/15 20:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edward\AppData\Roaming\Mozilla\Extensions
    [2014/01/15 20:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edward\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2014/06/02 22:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edward\AppData\Roaming\Mozilla\Firefox\Profiles\js1rcphm.default\extensions
    [2013/12/15 19:05:08 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Edward\AppData\Roaming\Mozilla\Firefox\Profiles\js1rcphm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2014/06/02 22:22:55 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Edward\AppData\Roaming\Mozilla\Firefox\Profiles\js1rcphm.default\extensions\info@djzig.com
    [2014/05/09 20:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/05/09 20:31:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    O1 HOSTS File: ([2014/06/02 22:08:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
    O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
    O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
    O4 - HKCU..\Run: [MyDriveConnect.exe] C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe (TomTom)
    O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13073585-9D0F-453C-BB4F-631B179C466D}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13073585-9D0F-453C-BB4F-631B179C466D}: NameServer = 156.154.70.22,156.154.71.22
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/06/09 18:27:11 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
    ========== Files/Folders - Created Within 30 Days ==========
    [2014/06/03 20:30:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/06/03 20:21:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/06/02 22:13:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/06/02 22:13:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/06/02 20:46:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/06/02 20:46:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/06/02 20:46:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/06/02 20:40:41 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/06/02 20:39:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/06/02 20:35:56 | 005,203,398 | R--- | C] (Swearware) -- C:\Users\Edward\Desktop\ComboFix.exe
    [2014/06/02 19:56:18 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2014/06/02 16:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2014/06/02 15:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2014/06/02 07:21:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2014/06/02 07:03:07 | 000,000,000 | ---D | C] -- C:\Users\Edward\Desktop\PowerSwitch
    [2014/06/01 20:20:55 | 000,000,000 | ---D | C] -- C:\VTRoot
    [2014/06/01 04:48:59 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\CrashDumps
    [2014/05/29 12:58:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2014/05/29 12:58:25 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2014/05/29 12:58:12 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2014/05/29 12:58:12 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2014/05/29 12:58:12 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2014/05/29 07:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
    [2014/05/28 23:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    [2014/05/28 23:14:41 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
    [2014/05/28 23:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2014/05/28 23:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
    [2014/05/28 23:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2014/05/28 19:49:09 | 000,000,000 | ---D | C] -- C:\Users\Edward\Desktop\Cleanup
    [2014/05/28 17:13:37 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\Douxfe
    [2014/05/28 16:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    [2014/05/28 16:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
    [2014/05/28 16:51:54 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\ElevatedDiagnostics
    [2014/05/18 21:15:33 | 000,000,000 | ---D | C] -- C:\Users\Edward\Documents\StarCraft II
    [2014/05/18 21:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
    [2014/05/18 21:14:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
    [2014/05/18 20:50:03 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\Blizzard Entertainment
    [2014/05/18 20:49:45 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\Battle.net
    [2014/05/18 20:49:45 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\Battle.net
    [2014/05/18 20:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
    [2014/05/18 20:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle.net
    [2014/05/14 20:57:22 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
    [2014/05/14 20:57:21 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
    [2014/05/14 20:57:02 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2014/05/14 20:57:02 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2014/05/14 20:57:01 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2014/05/14 20:57:01 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
    [2014/05/14 20:57:00 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2014/05/14 20:57:00 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
    [2014/05/14 20:56:59 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
    [2014/05/14 20:56:59 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2014/05/14 20:56:59 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
    [2014/05/14 20:56:59 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
    [2014/05/14 20:56:59 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
    [2014/05/14 20:56:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
    [2014/05/14 20:56:58 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
    [2014/05/14 20:56:58 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
    [2014/05/14 20:56:58 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
    [2014/05/14 20:56:58 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
    [2014/05/14 20:56:58 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
    [2014/05/14 20:56:58 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
    [2014/05/14 20:56:58 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
    [2014/05/14 20:56:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
    [2014/05/14 20:56:58 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
    [2014/05/14 20:56:58 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
    [2014/05/14 20:56:58 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
    [2014/05/12 20:32:43 | 000,000,000 | -HSD | C] -- C:\Users\Edward\AppData\Roaming\Common
    [2014/05/12 20:32:37 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\DisplayFusion
    [2014/05/12 20:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Binary Fortress Software
    [2014/05/12 20:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
    [2014/05/12 20:32:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DisplayFusion
    [2014/05/12 20:31:50 | 000,000,000 | ---D | C] -- C:\Users\Edward\Documents\DisplayFusion Backups
    [2014/05/12 19:04:42 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\LavasoftStatistics
    [2014/05/12 18:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
    [2014/05/12 17:51:29 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/05/12 17:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2014/05/12 17:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/05/12 17:49:24 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/05/12 17:49:24 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
    [2014/05/12 17:49:24 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2014/05/12 17:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
    [2014/05/12 17:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/05/12 17:49:01 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\Programs
    [2014/05/12 17:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2014/05/09 20:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2014/05/06 03:08:35 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
    [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    ========== Files - Modified Within 30 Days ==========
    [2014/06/04 07:23:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2014/06/04 06:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/06/03 20:36:11 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/06/03 20:36:11 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/06/03 20:34:23 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
    [2014/06/03 20:24:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/06/03 20:23:57 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
    [2014/06/03 12:41:35 | 000,001,300 | ---- | M] () -- C:\Users\Edward\Desktop\Rim World.lnk
    [2014/06/02 22:08:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2014/06/02 20:36:00 | 005,203,398 | R--- | M] (Swearware) -- C:\Users\Edward\Desktop\ComboFix.exe
    [2014/06/02 15:51:37 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/06/02 15:51:02 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/06/02 07:27:05 | 000,002,305 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    [2014/06/01 20:20:48 | 000,002,208 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat
    [2014/05/28 23:15:43 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Antivirus.lnk
    [2014/05/28 16:33:19 | 000,000,017 | ---- | M] () -- C:\Users\Edward\AppData\Local\resmon.resmoncfg
    [2014/05/18 21:15:54 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
    [2014/05/18 20:49:35 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Battle.net.lnk
    [2014/05/14 07:51:16 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2014/05/14 07:51:16 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2014/05/14 07:51:09 | 017,938,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2014/05/12 20:32:22 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\DisplayFusion.lnk
    [2014/05/12 19:35:20 | 000,013,105 | ---- | M] () -- C:\Users\Edward\Desktop\Windows Defender - Shortcut.lnk
    [2014/05/12 19:26:19 | 000,001,124 | ---- | M] () -- C:\Users\Edward\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/05/12 16:19:24 | 000,002,048 | ---- | M] () -- C:\Users\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2014/05/09 01:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
    [2014/05/09 01:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
    [2014/05/07 15:02:43 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2014/05/07 14:59:20 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2014/05/07 14:59:16 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2014/05/07 14:58:57 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    ========== Files Created - No Company Name ==========
    [2014/06/02 20:46:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/06/02 20:46:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/06/02 20:46:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/06/02 20:46:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/06/02 20:46:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/06/02 16:27:42 | 000,001,300 | ---- | C] () -- C:\Users\Edward\Desktop\Rim World.lnk
    [2014/06/01 20:20:48 | 000,002,208 | ---- | C] () -- C:\Windows\SysNative\drivers\fvstore.dat
    [2014/05/28 23:15:43 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Antivirus.lnk
    [2014/05/28 23:15:34 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2014/05/28 16:33:19 | 000,000,017 | ---- | C] () -- C:\Users\Edward\AppData\Local\resmon.resmoncfg
    [2014/05/18 21:15:54 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
    [2014/05/18 20:49:35 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Battle.net.lnk
    [2014/05/12 20:32:22 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\DisplayFusion.lnk
    [2014/05/12 19:35:20 | 000,013,105 | ---- | C] () -- C:\Users\Edward\Desktop\Windows Defender - Shortcut.lnk
    [2014/05/12 19:26:19 | 000,001,124 | ---- | C] () -- C:\Users\Edward\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/05/12 17:53:27 | 000,002,305 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    [2014/04/30 21:44:10 | 000,000,000 | ---- | C] () -- C:\Users\Edward\AppData\Roaming\SharedSettings.ccs
    [2013/08/31 23:43:45 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2012/09/12 05:17:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    ========== ZeroAccess Check ==========
    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >
  3. Songodin

    Songodin Newcomer, in training Topic Starter Posts: 29

    Disregard the last one. It was the wrong scan.

    OTL logfile created on: 6/4/2014 7:35:18 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Edward\Desktop\Cleanup
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17041)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
    4.00 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 53.40% Memory free
    7.99 Gb Paging File | 5.63 Gb Available in Paging File | 70.42% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 520.99 Gb Free Space | 55.94% Space Free | Partition Type: NTFS
    Drive E: | 232.88 Gb Total Space | 211.42 Gb Free Space | 90.79% Space Free | Partition Type: NTFS
    Computer Name: BAHAMUT | User Name: Edward | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
    ========== Processes (SafeList) ==========
    PRC - [2014/06/04 07:22:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Edward\Desktop\Cleanup\OTL.exe
    PRC - [2014/05/29 12:36:52 | 000,543,424 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2014/05/29 12:36:48 | 001,754,816 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2014/05/14 07:51:16 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
    PRC - [2014/05/09 20:31:10 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2014/02/12 09:42:38 | 000,387,928 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/12/12 21:47:56 | 000,085,600 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
    PRC - [2013/11/29 04:27:50 | 000,473,496 | ---- | M] (TomTom) -- C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
    PRC - [2013/11/27 12:24:36 | 000,284,008 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
    PRC - [2013/10/23 04:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    PRC - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    PRC - [2011/09/27 12:44:20 | 000,439,440 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    PRC - [2011/09/06 06:32:20 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    PRC - [2011/08/04 15:44:24 | 000,593,032 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
    PRC - [2011/08/04 15:41:44 | 001,637,496 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    PRC - [2009/10/16 12:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
    ========== Modules (No Company Name) ==========
    MOD - [2014/05/29 12:37:34 | 002,139,840 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
    MOD - [2014/05/29 12:36:54 | 001,116,864 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2014/05/16 20:36:10 | 000,756,224 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
    MOD - [2014/05/14 07:51:16 | 016,361,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
    MOD - [2014/05/09 20:31:09 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2014/05/01 18:35:22 | 020,628,160 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2014/04/29 19:08:08 | 001,135,104 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-55.dll
    MOD - [2014/04/29 19:08:08 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll
    MOD - [2014/04/29 19:08:08 | 000,404,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-55.dll
    MOD - [2014/04/29 19:08:08 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
    MOD - [2014/04/28 19:37:22 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-2.dll
    MOD - [2013/11/29 04:29:40 | 000,026,520 | ---- | M] () -- C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
    MOD - [2013/11/29 04:28:34 | 000,344,984 | ---- | M] () -- C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
    MOD - [2013/11/29 04:28:12 | 000,082,840 | ---- | M] () -- C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
    MOD - [2013/06/14 18:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2013/06/14 18:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2013/06/14 18:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    ========== Services (SafeList) ==========
    SRV:64bit: - [2014/04/16 22:12:46 | 006,817,544 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
    SRV:64bit: - [2014/03/25 20:22:20 | 002,264,280 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
    SRV:64bit: - [2014/03/06 03:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2011/04/20 04:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2014/05/29 12:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2014/05/14 07:51:16 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/05/13 14:29:26 | 002,228,048 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2014/05/09 20:31:09 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/04/15 16:07:54 | 000,377,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2014/02/12 09:42:38 | 000,387,928 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
    SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/11/27 13:43:40 | 001,375,600 | ---- | M] (Binary Fortress Software) [Auto | Running] -- C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe -- (DisplayFusionService)
    SRV - [2013/10/23 04:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/08/27 16:57:34 | 000,093,072 | ---- | M] (TomTom) [On_Demand | Stopped] -- E:\Program Files\TomTom Home\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2013/02/26 02:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
    SRV - [2011/09/06 06:32:20 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2009/10/16 12:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    ========== Driver Services (SafeList) ==========
    DRV:64bit: - [2014/04/16 22:12:56 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
    DRV:64bit: - [2014/01/22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
    DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV:64bit: - [2013/06/05 12:42:06 | 000,073,984 | ---- | M] (Identive) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
    DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2012/08/21 15:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 14:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/04/20 04:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/04/20 03:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/04/04 16:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/03/04 08:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/01/22 14:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/01/22 14:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2009/08/14 01:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/08 13:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
    DRV:64bit: - [2009/03/18 20:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2009/01/29 19:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
    DRV:64bit: - [2008/05/06 18:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2008/01/17 19:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
    DRV:64bit: - [2007/11/02 17:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
    DRV:64bit: - [2006/05/24 14:51:14 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    ========== Standard Registry (SafeList) ==========
    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3325668747-2427616362-1545595919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-3325668747-2427616362-1545595919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-3325668747-2427616362-1545595919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A 6C 59 78 2F 9F CD 01 [binary data]
    IE - HKU\S-1-5-21-3325668747-2427616362-1545595919-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3325668747-2427616362-1545595919-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKU\S-1-5-21-3325668747-2427616362-1545595919-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3325668747-2427616362-1545595919-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
    ========== FireFox ==========
    FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "https://www.google.com/|https://www.navyfederal.org/"
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
    FF - prefs.js..extensions.enabledAddons: info%40djzig.com:2.2.3
    FF - prefs.js..keyword.URL: ""
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Edward\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/09 20:30:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/20 15:20:33 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/09 20:30:25 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/20 15:20:33 | 000,000,000 | ---D | M]
    [2014/01/15 20:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edward\AppData\Roaming\Mozilla\Extensions
    [2014/01/15 20:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edward\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2014/06/02 22:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edward\AppData\Roaming\Mozilla\Firefox\Profiles\js1rcphm.default\extensions
    [2013/12/15 19:05:08 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Edward\AppData\Roaming\Mozilla\Firefox\Profiles\js1rcphm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2014/06/02 22:22:55 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Edward\AppData\Roaming\Mozilla\Firefox\Profiles\js1rcphm.default\extensions\info@djzig.com
    [2014/05/09 20:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/05/09 20:31:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    O1 HOSTS File: ([2014/06/02 22:08:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
    O4 - HKU\S-1-5-21-3325668747-2427616362-1545595919-1000..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
    O4 - HKU\S-1-5-21-3325668747-2427616362-1545595919-1000..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
    O4 - HKU\S-1-5-21-3325668747-2427616362-1545595919-1000..\Run: [MyDriveConnect.exe] C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe (TomTom)
    O4 - HKU\S-1-5-21-3325668747-2427616362-1545595919-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3325668747-2427616362-1545595919-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3325668747-2427616362-1545595919-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13073585-9D0F-453C-BB4F-631B179C466D}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13073585-9D0F-453C-BB4F-631B179C466D}: NameServer = 156.154.70.22,156.154.71.22
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/06/09 18:27:11 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
    ========== Files/Folders - Created Within 30 Days ==========
    [2014/06/03 20:30:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/06/03 20:21:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/06/02 22:13:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/06/02 22:13:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/06/02 20:46:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/06/02 20:46:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/06/02 20:46:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/06/02 20:40:41 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/06/02 20:39:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/06/02 20:35:56 | 005,203,398 | R--- | C] (Swearware) -- C:\Users\Edward\Desktop\ComboFix.exe
    [2014/06/02 19:56:18 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2014/06/02 16:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2014/06/02 15:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2014/06/02 07:21:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2014/06/02 07:03:07 | 000,000,000 | ---D | C] -- C:\Users\Edward\Desktop\PowerSwitch
    [2014/06/01 20:20:55 | 000,000,000 | ---D | C] -- C:\VTRoot
    [2014/06/01 04:48:59 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\CrashDumps
    [2014/05/29 12:58:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2014/05/29 07:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
    [2014/05/28 23:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    [2014/05/28 23:14:41 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
    [2014/05/28 23:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2014/05/28 23:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
    [2014/05/28 23:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2014/05/28 19:49:09 | 000,000,000 | ---D | C] -- C:\Users\Edward\Desktop\Cleanup
    [2014/05/28 17:13:37 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\Douxfe
    [2014/05/28 16:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    [2014/05/28 16:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
    [2014/05/28 16:51:54 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\ElevatedDiagnostics
    [2014/05/18 21:15:33 | 000,000,000 | ---D | C] -- C:\Users\Edward\Documents\StarCraft II
    [2014/05/18 21:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
    [2014/05/18 21:14:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
    [2014/05/18 20:50:03 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\Blizzard Entertainment
    [2014/05/18 20:49:45 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\Battle.net
    [2014/05/18 20:49:45 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\Battle.net
    [2014/05/18 20:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
    [2014/05/18 20:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle.net
    [2014/05/12 20:32:43 | 000,000,000 | -HSD | C] -- C:\Users\Edward\AppData\Roaming\Common
    [2014/05/12 20:32:37 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\DisplayFusion
    [2014/05/12 20:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Binary Fortress Software
    [2014/05/12 20:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
    [2014/05/12 20:32:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DisplayFusion
    [2014/05/12 20:31:50 | 000,000,000 | ---D | C] -- C:\Users\Edward\Documents\DisplayFusion Backups
    [2014/05/12 19:04:42 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\LavasoftStatistics
    [2014/05/12 18:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
    [2014/05/12 17:51:29 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/05/12 17:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2014/05/12 17:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/05/12 17:49:24 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/05/12 17:49:24 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
    [2014/05/12 17:49:24 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2014/05/12 17:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
    [2014/05/12 17:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/05/12 17:49:01 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\Programs
    [2014/05/12 17:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2014/05/09 20:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2014/05/06 03:08:35 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
    [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    ========== Files - Modified Within 30 Days ==========
    [2014/06/04 07:33:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2014/06/04 06:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/06/03 20:36:11 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/06/03 20:36:11 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/06/03 20:34:23 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
    [2014/06/03 20:24:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/06/03 20:23:57 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
    [2014/06/03 12:41:35 | 000,001,300 | ---- | M] () -- C:\Users\Edward\Desktop\Rim World.lnk
    [2014/06/02 22:08:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2014/06/02 20:36:00 | 005,203,398 | R--- | M] (Swearware) -- C:\Users\Edward\Desktop\ComboFix.exe
    [2014/06/02 15:51:37 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/06/02 15:51:02 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/06/02 07:27:05 | 000,002,305 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    [2014/06/01 20:20:48 | 000,002,208 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat
    [2014/05/28 23:15:43 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Antivirus.lnk
    [2014/05/28 16:33:19 | 000,000,017 | ---- | M] () -- C:\Users\Edward\AppData\Local\resmon.resmoncfg
    [2014/05/18 21:15:54 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
    [2014/05/18 20:49:35 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Battle.net.lnk
    [2014/05/12 20:32:22 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\DisplayFusion.lnk
    [2014/05/12 19:35:20 | 000,013,105 | ---- | M] () -- C:\Users\Edward\Desktop\Windows Defender - Shortcut.lnk
    [2014/05/12 19:26:19 | 000,001,124 | ---- | M] () -- C:\Users\Edward\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/05/12 16:19:24 | 000,002,048 | ---- | M] () -- C:\Users\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    ========== Files Created - No Company Name ==========
    [2014/06/02 20:46:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/06/02 20:46:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/06/02 20:46:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/06/02 20:46:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/06/02 20:46:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/06/02 16:27:42 | 000,001,300 | ---- | C] () -- C:\Users\Edward\Desktop\Rim World.lnk
    [2014/06/01 20:20:48 | 000,002,208 | ---- | C] () -- C:\Windows\SysNative\drivers\fvstore.dat
    [2014/05/28 23:15:43 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Antivirus.lnk
    [2014/05/28 23:15:34 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2014/05/28 16:33:19 | 000,000,017 | ---- | C] () -- C:\Users\Edward\AppData\Local\resmon.resmoncfg
    [2014/05/18 21:15:54 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
    [2014/05/18 20:49:35 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Battle.net.lnk
    [2014/05/12 20:32:22 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\DisplayFusion.lnk
    [2014/05/12 19:35:20 | 000,013,105 | ---- | C] () -- C:\Users\Edward\Desktop\Windows Defender - Shortcut.lnk
    [2014/05/12 19:26:19 | 000,001,124 | ---- | C] () -- C:\Users\Edward\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/05/12 17:53:27 | 000,002,305 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    [2014/04/30 21:44:10 | 000,000,000 | ---- | C] () -- C:\Users\Edward\AppData\Roaming\SharedSettings.ccs
    [2013/08/31 23:43:45 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2012/09/12 05:17:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    ========== ZeroAccess Check ==========
    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    ========== LOP Check ==========
    [2014/05/13 19:53:17 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\.minecraft
    [2014/02/21 17:37:59 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\Azureus
    [2014/05/18 21:11:36 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\Battle.net
    [2014/01/13 21:18:37 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\Canon
    [2014/05/12 20:32:43 | 000,000,000 | -HSD | M] -- C:\Users\Edward\AppData\Roaming\Common
    [2013/09/01 06:15:01 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\Curse Advertising
    [2014/06/04 07:31:27 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\DisplayFusion
    [2014/05/28 20:17:22 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\Douxfe
    [2012/07/10 14:11:27 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\Motorola
    [2014/05/28 18:45:18 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\Notepad++
    [2013/12/26 18:54:29 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\raidcall
    [2014/02/13 14:01:39 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\rcru
    [2011/03/17 16:51:09 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\RIFT
    [2013/12/15 19:14:37 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\Riot Games
    [2011/02/23 22:01:54 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\SBG-SVG
    [2014/05/13 20:34:42 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\SpaceEngineers
    [2014/01/15 20:05:03 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\TomTom
    [2013/12/15 20:10:36 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\TS3Client
    [2012/10/06 00:43:05 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\TuneUpMedia
    [2013/12/27 14:25:35 | 000,000,000 | ---D | M] -- C:\Users\Edward\AppData\Roaming\Warner Bros. Interactive Entertainment
    ========== Purity Check ==========

    < End of report >
  4. Songodin

    Songodin Newcomer, in training Topic Starter Posts: 29

    OTL Extras logfile created on: 6/4/2014 7:35:18 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Edward\Desktop\Cleanup
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17041)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
    4.00 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 53.40% Memory free
    7.99 Gb Paging File | 5.63 Gb Available in Paging File | 70.42% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 520.99 Gb Free Space | 55.94% Space Free | Partition Type: NTFS
    Drive E: | 232.88 Gb Total Space | 211.42 Gb Free Space | 90.79% Space Free | Partition Type: NTFS
    Computer Name: BAHAMUT | User Name: Edward | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
    ========== Extra Registry (SafeList) ==========
    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
    [HKEY_USERS\S-1-5-21-3325668747-2427616362-1545595919-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    ========== Shell Spawning ==========
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
    ========== Security Center Settings ==========
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    ========== System Restore Settings ==========
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
    ========== Firewall Settings ==========
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    ========== Authorized Applications List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    ========== Vista Active Open Ports Exception List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{008376CB-7DEA-4AAD-9DCE-FACE2D7BFD00}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{07CA6A70-4DD2-4B5A-8CEB-1885CFB32B6C}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{0866388B-F7E2-4B09-840E-4320A4646606}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{109508E7-C142-460C-9D39-D73480D0D05B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{13CA5014-7855-4821-A796-BA640DFD2BEF}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{166F3D8B-D5A4-4DA9-8AB6-0C54F469FDD4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{1A7CB468-2303-466F-8731-47AF2906BBB9}" = lport=7777 | protocol=17 | dir=in | name=terraria |
    "{1E3008D9-9508-4288-A67D-AB7801F2EC45}" = rport=445 | protocol=6 | dir=out | app=system |
    "{21D9F312-21E2-401D-B8C1-917FE5600A3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{29BCEEFA-2312-4646-BF4D-3C274EB7B1C4}" = lport=56142 | protocol=17 | dir=in | name=pando media booster |
    "{31FE5794-28A6-4EDD-8814-1D8A4E7B5898}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{3F6563E2-6DF8-4C3A-87DC-A8AEA7B809BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{41C9400A-DB76-4462-A4B9-4748BB17035D}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{43F44837-8C82-4344-8B48-3397228F66CF}" = lport=56142 | protocol=6 | dir=in | name=pando media booster |
    "{4BA68F47-7936-4AE8-A92F-894FC3FA2EA6}" = lport=137 | protocol=17 | dir=in | app=system |
    "{4FBB2482-2C26-475C-98C9-B8727004E51D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{587C9819-0769-4FD3-8871-972130EF1F2D}" = lport=139 | protocol=6 | dir=in | app=system |
    "{59EBFF2E-A216-4480-A1AC-D8E53CB2BE2E}" = lport=138 | protocol=17 | dir=in | app=system |
    "{61522215-04E0-480D-94E0-C378FC76BBB7}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{638F84A7-ABBA-492F-A516-7BA3B9FC01DA}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{6828B76F-C6D3-4BA0-9852-62C248B3D14A}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{78993796-E83C-4177-BEF9-8B1B9E9700AC}" = rport=138 | protocol=17 | dir=out | app=system |
    "{7C413D7E-76CD-4082-A7EC-BE27680D2980}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8001704A-CE41-4F9D-B8DF-B176E5CE59F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{834D67A1-5CAA-4AB1-A8F0-EBA048B29A7E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{839D69D2-7949-49BF-AABB-1734FA07EEBE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{896E41F6-8ED8-4373-86A6-89A9CABDFACD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9A6DD96B-B4A1-4E79-AF35-CD92951C9D3D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9BC7C30E-E97E-4073-B53D-E4195715FE3B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A8950B78-BD1B-436B-B10D-E71929A976D5}" = rport=7777 | protocol=6 | dir=out | name=terraria |
    "{A9EEC3B9-FB53-43A5-A4D1-D8D5EA720775}" = lport=445 | protocol=6 | dir=in | app=system |
    "{AC0B043C-E546-472F-B4F6-A934AE5DB095}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B0509F24-A83E-45D9-A0B5-C65F7D9AFA82}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BC0A516E-EC8D-4C08-82C2-03E7ED0315A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C05687DC-CF72-4667-9155-B9B05DAD9CCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C2045283-03BD-42D7-B4C0-DC456DD67AF0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C30F8B90-3E5C-4E78-9CFF-506A0435B642}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CC77769B-1E3C-4922-8B57-9D0A81A4A4DA}" = rport=139 | protocol=6 | dir=out | app=system |
    "{D26C32A2-F2D8-4756-BA91-B2EE21B5BEA0}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{D871E681-1FC6-499C-9827-ACBABD759FF0}" = lport=7777 | protocol=6 | dir=in | name=terraria |
    "{D9427347-8761-45A2-AA44-F3CCD317CBAF}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{D9AF103E-9D97-4E5B-AC89-62EE762AC764}" = lport=7777 | protocol=6 | dir=in | name=terraria |
    "{DD1E16B6-EE3D-462C-A2D3-0E9EAC6C1435}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{DF596CD9-ABCB-43A3-ADB2-63D2B0654545}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{DFB6D092-05F4-4189-AE90-EE8EC6B5652C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E59EED86-A6BC-4E9A-842A-97435A228AAC}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{ED6D7210-2663-483F-8325-A4324CED351A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EE9975CC-C34B-4E53-B86F-735763DEE59C}" = lport=56142 | protocol=17 | dir=in | name=pando media booster |
    "{F1E1E2C6-E674-4C73-892E-6988720E329B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{F24478DE-75D2-4F04-BC66-EB1351AFE76E}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F841490A-D938-4D58-BC0D-2E536A103378}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F9B0BE50-C97C-4A97-A9C6-582A25E4643D}" = lport=56142 | protocol=6 | dir=in | name=pando media booster |
    "{FA192FA6-FEBA-43E7-9EC7-4ABA14ECA460}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{FE17DA72-B3FC-4754-A3CE-1B421EBABD0D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FE355F6A-C23C-47B2-AFBE-A92129403951}" = rport=7777 | protocol=6 | dir=out | name=terraria |
    "{FECB1D02-84F9-430F-9758-5804841042E4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FFCFC53E-DF5D-43AB-972E-CDB50929700F}" = rport=137 | protocol=17 | dir=out | app=system |
    ========== Vista Active Application Exception List ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01C9AFA0-0314-4705-B3C6-7FECC2CFF2C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{02280062-C4B0-48BA-BEB0-0538606567DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
    "{04D3BA2B-905E-46B5-A7AC-106470558DCA}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{04FD06F4-588C-44EF-BF8E-36447169728E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{0A2E8EF2-EFA6-4AC4-8EF5-2C85000516AC}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
    "{0BBE2F83-720F-487F-851C-2D72F81E96E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spaceengineers\bin64\spaceengineers.exe |
    "{0BF2692B-B706-4FE7-86E4-161910E8E7DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{0C895865-F411-4029-9886-35C5DC97DE14}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{0CF589F6-3B2B-4F0C-B527-C8BB5C21D88F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{102ECF47-9077-4FC8-B336-57F396D739BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
    "{10A50C56-EB43-43F0-BEB6-3A34F6FC22A7}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
    "{12CA20E5-5E6B-43E0-BFD7-BEDB6C729601}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
    "{14AA403C-6863-4F87-9DA5-621B578D02C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
    "{170E6DD7-9087-4B86-A86D-76175B517A7C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
    "{18E000DD-E1B9-4FCA-85AB-F10874AA5D4E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
    "{18F22C00-C20D-4B0C-BE66-76FE0E856F0D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{18FE377C-828B-4513-9C10-EE67108132FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
    "{1AB79C7B-225F-4721-A0BF-404F2B0C6B84}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{1BBD534E-E97C-4470-B241-0419E14808C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jamestown\jamestown.exe |
    "{1BE1A36C-B3C7-45C6-A116-6975FCE50BCF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{221DB521-E524-487C-A8CF-4FDAE12EFF96}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{223A7FE4-8656-4F1D-ABF7-35822BE04C0F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{22DA11CC-513B-4149-B6F4-F1E48AA3FBF2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
    "{23CABD55-EB99-41F5-85C0-E304DC9A15D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spaceengineers\bin64\spaceengineers.exe |
    "{246693C9-A69E-4000-B5E0-D0DD533E404A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{27A0D865-AEC9-408E-B542-CD7D04A4B196}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{2A5BEF34-C431-450E-A3A3-C03047D0CE39}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spaceengineers\bin64\spaceengineers.exe |
    "{2BC97F9B-607A-40FE-B871-277FEDE79E5D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spaceengineers\bin64\spaceengineers.exe |
    "{2DE721D6-428A-43EF-AA0A-B12430FF2F79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
    "{2EF7A818-F364-4BA2-8DF2-BAE4B8351D83}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
    "{2F6B929F-EFD0-4A57-9849-49B9412A5CC0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{300169DE-CD5C-4B7E-A53A-57CD1BAC8F53}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{30E165AC-5A1E-43BF-905D-FF5736017442}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
    "{32E67995-170A-4A08-A171-24CBA0E227B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{339CBBB5-1C70-45A3-84DA-56609434100E}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{340BA012-346A-44AD-9E94-03122D2E7360}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{34F2955F-A82C-41F6-AD2B-9935F517634A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
    "{370FE48D-11C2-46A0-9F66-ED63F0EFE034}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{388B431F-86D1-42C1-80F9-BD1AED3F52B8}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "{39FFBD5A-C074-4597-9A86-793E4CFC1331}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{3A64E8C5-CF14-46BB-A18B-145DAEA3292E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{3B8E0CC2-7E84-4944-BD8D-EFC10DC161EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spaceengineers\bin64\spaceengineers.exe |
    "{3C830383-E078-49B8-8FFC-B1C9381BD421}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
    "{426E0D82-8DC7-49ED-A9F9-6656CA2359D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lego lord of the rings\legolotr.exe |
    "{43A0BEB2-8A05-4B52-B943-23F8D43DF5AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the mighty quest for epic loot\launcher\mqeldiagnostics.exe |
    "{44079E5F-E82E-45F4-9DC3-0B2D7839A756}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
    "{465FC78E-BE72-4582-ADE6-FB8228F148D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3.exe |
    "{47CD6AEF-1148-49B9-B9DC-8439E8A30D4A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{484F56A7-258C-4DBE-87FA-7535D628FAEA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
    "{4A1038B4-975B-492B-A23E-A93112231539}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
    "{4B493D5D-C268-4750-B277-F201EBFBEDD6}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{4C7DA578-BCD1-4579-92CA-1A7D41C8E2AA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
    "{4CACC358-CBB4-43E2-86DA-FC62733F0369}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
    "{4EF73ED0-FB10-4EE3-8C9B-80062AAE429C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{4FD8673F-E51A-4188-A484-364A9E9B90AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spaceengineers\bin64\spaceengineers.exe |
    "{50103104-433E-4C90-8BF8-88CB8B3715D2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{51C78213-B56C-429B-9184-D513631A58C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{5220E3DD-2D65-4766-9244-946BC364C6F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{52A10A86-218C-4D84-B734-F7D3057F4F56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{537490F6-5CF4-41F4-9961-8D1A2FDD76DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3.exe |
    "{53DD27F6-8727-4765-AE36-82598126CC06}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
    "{53E4343E-D661-4AB9-A95D-8B752F33E3A6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
    "{54750C1A-79DD-41F8-9606-D617BD2A5935}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
    "{550F0B07-C01F-44BD-8615-1C758A008DDC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
    "{55FED9BB-2A3F-4CA6-94DC-7C916A9A28A0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
    "{5662A568-EFD9-4071-A0F0-6F8223E69349}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "{5673389C-5980-4C46-9098-ED31FB95AC30}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{56A18695-6906-419D-B9B1-F63D00EF7A4E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\game\bin\sims3launcher.exe |
    "{56A2F278-930E-4902-AC0B-8C3F199510B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
    "{5806FADE-2252-4260-87BB-3CD3377622A3}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
    "{58F398FE-C9CC-4803-A5B6-EF40C406CEDC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe |
    "{5A193926-D1E0-49ED-948F-D854695754A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
    "{5A59B39F-F8C9-4660-9356-3C19917F51E9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{5A92E80D-FAC2-495E-9D88-13157B92F3AB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\pixel piracy\pixelpiracy.exe |
    "{62A3C183-3C5D-48B4-A89D-4EC7F63EFACB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
    "{632864BC-FE57-4ACF-80C9-5504C22399C7}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{6487A5EA-FC6E-49ED-90B0-4533E94F76CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
    "{6CB7394B-C59E-4607-8C6B-0E95E68064D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
    "{6D94C9C3-1992-4082-B935-9908AC75C1EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{6F826B73-62FD-4D3F-B018-2221B57F9F99}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
    "{70F0082A-7FF9-44D3-8735-F6578F229319}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{7478EBEB-C151-46E8-B28E-B731FBF950CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spaceengineers\bin64\spaceengineers.exe |
  5. Songodin

    Songodin Newcomer, in training Topic Starter Posts: 29

    "{7B6A12BF-ACAE-4C27-874E-2364B0384F69}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{7BD3C46D-B2F3-4187-B527-77E53CE905BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
    "{7C051F74-3C1A-4448-BC1E-F5BB7F3F19B5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{7DACB628-68AE-4315-AF2B-6229435372EB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
    "{7F76CED3-7C20-4F12-BD0B-176D17AC7287}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "{7F92B74E-C724-46DD-A7E0-6AD8C9B5CAF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{825B7277-01EC-4B34-A26B-49EE9AD0C67D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{82B2356A-73B3-4965-B92D-398BD8CFD813}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "{82CEF0F1-E5E4-4B99-AB38-CF8554D430D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{83170B78-CC22-4D72-93A3-41D1450FDD38}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
    "{84FC62EB-3348-4A61-9743-A131F6EB9906}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3y.exe |
    "{857FD597-7372-421B-A615-53BBFC2FED99}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2 - multiplayer mod\jcmplauncher.exe |
    "{88A06E0E-C8B2-4285-A1A0-A43A69713AA1}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{890A4B33-217F-4755-8B2B-EACA62197C5B}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "{89CF2A2C-09E3-4541-820F-19A995CEECF1}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
    "{8AD3E8BF-A69E-4480-A65D-87543A18DCFF}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
    "{8B61E808-09C3-4E39-A8E4-BDB9CA2640C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the sims 3\support\ea help\electronic_arts_technical_support.htm |
    "{8F475E06-1D95-42FC-9601-33BFFA923EA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
    "{8FFAF5F1-8653-4CE5-9885-D64D2DBD9F6F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
    "{91A7E4BE-13C9-495D-86E8-074B570D9259}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{93EC1534-9AA8-425A-B572-74DF26A2D1A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
    "{944E3674-8CC4-41AB-9950-DCB9998652C6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
    "{94644B29-78BA-4D95-909B-99F46F1ED6DA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{946C4A1C-F356-4486-B552-B303096CB525}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
    "{98A84D56-643E-4642-B0E7-ADFC26EF1A05}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{990979A6-B5D9-489D-8456-5BB9DFC8D3FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9ACE045E-6A24-4842-BC95-45B0A8171B17}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{9B10510C-1E89-49CD-96E5-41C56A6D8079}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orion dino beatdown\binaries\win32\dinohordegame.exe |
    "{9C04FC58-0BA9-4867-A6C2-F3F6B55CA026}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe |
    "{9D9ADFEA-35B7-4745-822D-B6790AA5FCEC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
    "{9DD138A9-5677-44B0-A535-0C1E7758A793}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
    "{9DF84374-7589-487F-B3FA-B22EB4AA0928}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{9E1915D0-3B42-44E5-9E63-98D528FFE6E6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
    "{9FE4A237-0879-485B-9AA1-1A02B7C864D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spaceengineers\bin64\spaceengineers.exe |
    "{A0141682-BF3E-423F-B321-AAD72314766B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3x.exe |
    "{A14177BB-D2E3-41B6-8317-576FC1B8688B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
    "{A6DB3177-920C-41A3-9596-227A522BB2DB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
    "{A712E24B-7345-44C5-AF6F-43DBD8E3D47F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{A7412470-C1AF-473C-A190-13ED66B81FED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spaceengineers\bin64\spaceengineers.exe |
    "{A76C728B-7636-4E80-AD7C-0F75551DF5EA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{A9D595CD-31F7-428A-964D-E68188C65ECB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{ACA67AF6-A471-4536-9812-890CA0889969}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
    "{AD4111C2-3021-4788-B08D-A87D62D4F501}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orion dino beatdown\binaries\win32\dinohordegame.exe |
    "{ADAB6865-6F0A-4605-941A-ADBE32EEAC04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
    "{ADD46D90-6F24-4480-A580-B41175B9B43F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
    "{AE18BFB9-CDCD-4FEF-B61F-5E6C7C97DF17}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{B046DBAB-FFFF-4C3D-8A74-060A109CFEB1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{B0A8383D-EBC1-46FF-9164-E788BBDA7A49}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{B11969E9-3B83-4DCB-A5F1-EA216E7B6A9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{B556D5F7-BB53-4D4D-89C0-F681D6256D51}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "{B5AF144D-FFEC-4A2D-8E04-86808038CD6F}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{B61C3100-6D4E-47FE-B677-15F9FBD653A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3y.exe |
    "{BA083892-8625-46B9-8969-EEBF33E84302}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
    "{BA555030-0DEC-4D67-8EC5-2B49B48442BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spaceengineers\bin64\spaceengineers.exe |
    "{BA5E51E3-8F61-4B57-AEAA-FC8EAB0FFFAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
    "{BADA4548-B7E6-44D4-8E82-B75061E54115}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{BB01E917-96F3-43A2-81D4-1BD2828B7282}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{BC89E047-ACB0-4639-9989-0284D175F4BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{BF82DD97-A3EF-4C9B-99F1-7903261B6E67}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{C0C9385F-18CA-4503-9A96-91FA0211007B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{C15DEE1F-69EC-4DE1-9C12-70471C6AC44C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3x.exe |
    "{C15FC6A7-E9AA-4988-92D3-F293750A88D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{C246C48A-BDA5-4203-9722-681419A287C7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\diriptide\deadislandgame_x86_rwdi.exe |
    "{C4E638B7-131C-43E0-BB71-533DCAA68474}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{C4FA06E5-7EF8-4423-B204-93A5B37FCF60}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2 - multiplayer mod\jcmplauncher.exe |
    "{C6FCE3F7-88A3-4DAD-A9BD-844A020548FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
    "{C8C72D9F-62A1-4015-8EF5-8B5CE61FBE8F}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
    "{C96E34B2-ACBB-402E-85C1-59B323900E95}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{CA270D6D-9C14-4244-AB3E-C970AB328813}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{CB878103-D4C9-4A68-9AD9-177F1771F1A3}" = protocol=6 | dir=out | app=system |
    "{CBAFC5B9-0E65-431A-A2B1-DE9CAECFAB72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{CCE39ABB-41A1-43F2-9082-C4C56E9CB222}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
    "{CCEE6BC6-68D4-4CB7-BEC9-A732AC51EECB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CF9A525A-DEAA-4EC5-BDEE-665D0AAD2FA8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{D0F4C8FF-2F01-4728-9C5D-41CAC1D2A5C4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
    "{D147B33F-884F-48DF-8662-C4C4278E9B20}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
    "{D24AEC75-F395-477B-9443-1B6FB89BFF56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the mighty quest for epic loot\launcher\publiclauncher.exe |
    "{D34528ED-417D-401C-B426-5A5025D1F4E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D6379143-D12A-44AA-9EA0-08AAA883A742}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jamestown\jamestown.exe |
    "{D6D69583-94B8-4AEA-8471-DF3EFB583DAB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D6D91288-3A6D-4108-AE33-58BA6D37E6D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
    "{D78B8C99-83E2-4835-A9D6-4E8A2EDF9D9A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{D8F9803B-170E-48BB-A85D-0F6D84DFB252}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the mighty quest for epic loot\launcher\mqeldiagnostics.exe |
    "{DB8956D9-121D-4E81-9038-7AFDC77B974A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
    "{DBE8E603-A28A-490B-B96C-FB8A866BCDD8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lego lord of the rings\legolotr.exe |
    "{DD4A9AAE-7FDB-44D8-BC86-19D5C3241B8B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
    "{DF3303BF-AD3B-4B4D-8B38-9AD6C7046C26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{E18901EB-37D4-4D6C-9FCE-22A0C3FC7F70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\pixel piracy\pixelpiracy.exe |
    "{E47AE96B-F4F9-436F-A6B5-A1FC56CD24FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
    "{ED8D0A10-F7BE-4A56-B34B-7D17C4000909}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{EDDAB5A0-172C-4291-948D-DE4F175C716A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
    "{F0CE646C-C96A-474F-ADB6-C81E099A9B50}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F1035F3E-00D1-4038-85DB-79646B99038B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
    "{F31E2CE4-8E2A-495B-8A32-A0EFD37BE672}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{F5D355D1-7761-44CB-9127-FDB710D75AC3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the mighty quest for epic loot\launcher\publiclauncher.exe |
    "{F900F7A8-E182-4F4F-84E3-E798F86D7982}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{F9746198-59F9-4E5A-B8D5-FDD619953183}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{F9997AAE-6452-47F7-A94F-8EDD37A0A950}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{FAEF8B35-C121-45BE-8BD7-26F75A2F0593}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
    "{FBD43EA0-9DCB-468D-B8CD-6AE9A63D79D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{FC552312-2F61-4095-B75D-D1E7A838BCDC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
    "{FD12FC03-33A4-43F9-A864-CD73EEA02CE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{FD7DC962-86A1-497F-8550-E819198DB0D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\diriptide\deadislandgame_x86_rwdi.exe |
    "TCP Query User{0014CC52-ED0A-4B27-9FE7-3689A1857931}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
    "TCP Query User{0746597F-BFE7-4BD4-B761-ED2AA2085929}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
    "TCP Query User{0A664443-E56F-48C1-A177-4E92797ED89C}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
    "TCP Query User{0AA231A6-1B41-4029-B5BB-3188678673BB}C:\program files (x86)\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
    "TCP Query User{12BC13E6-11D8-416A-B77B-0862FE05C7FB}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
    "TCP Query User{229C75BD-0C69-4E29-A72B-6B6CE44AAA4A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "TCP Query User{23972254-F2AE-4DB4-A1FE-3F50BAA42929}C:\program files (x86)\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
    "TCP Query User{2BEC2963-6848-48EF-87B0-B01B1A5C4836}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
    "TCP Query User{2E861C01-A869-4BA0-9E4F-CA2E4979A9AA}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
    "TCP Query User{46D8DB8D-65B1-46BE-BC40-57384472E2F9}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
    "TCP Query User{59CDAA2A-DEB0-4A82-8357-CA2E108474B1}C:\program files (x86)\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
    "TCP Query User{602863CE-906D-4D08-885E-227FF6317A97}C:\users\edward\downloads\downloader_diablo2_enus(2).exe" = protocol=6 | dir=in | app=c:\users\edward\downloads\downloader_diablo2_enus(2).exe |
    "TCP Query User{61256F96-1865-46BD-9D40-887F90B3BCFF}C:\users\edward\downloads\downloader_diablo2_lord_of_destruction_enus.exe" = protocol=6 | dir=in | app=c:\users\edward\downloads\downloader_diablo2_lord_of_destruction_enus.exe |
    "TCP Query User{6FA112D1-5F71-4DFD-B76E-1DE0352584DD}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
    "TCP Query User{727A88FA-1F71-4A86-90C4-71CDEE1D042E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "TCP Query User{9AF4DEC6-745B-4934-97A3-B34D0B43614D}C:\program files (x86)\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe |
    "TCP Query User{9C50581B-DC73-40E1-96D9-55FC2697FC13}C:\users\edward\downloads\downloader_starcraft_combo_enus(3).exe" = protocol=6 | dir=in | app=c:\users\edward\downloads\downloader_starcraft_combo_enus(3).exe |
    "TCP Query User{A59F703E-29B3-452F-8A79-8C3136E8A5F2}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
    "TCP Query User{BB80B1F4-6AED-4287-9641-7EB11CFA625F}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
    "TCP Query User{BF80E4A4-0461-431B-8A9B-C9878F276C13}C:\users\edward\downloads\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=c:\users\edward\downloads\starcraft_2_na_en-us.exe |
    "TCP Query User{C0D5F5B9-2E74-4869-88E8-1A826B08C697}C:\users\edward\downloads\downloader_diablo2_lord_of_destruction_enus(2).exe" = protocol=6 | dir=in | app=c:\users\edward\downloads\downloader_diablo2_lord_of_destruction_enus(2).exe |
    "TCP Query User{C47E773E-B257-4FE5-B9FD-4911239706C5}C:\users\edward\downloads\diablo-iii-8370-enus-installer-downloader(1).exe" = protocol=6 | dir=in | app=c:\users\edward\downloads\diablo-iii-8370-enus-installer-downloader(1).exe |
    "TCP Query User{D2C41853-AC82-4115-8EEA-40EF7F22B75F}C:\users\edward\downloads\diablo-iii-8370-enus-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\edward\downloads\diablo-iii-8370-enus-installer-downloader.exe |
    "TCP Query User{D819E7B9-5908-4F5B-A9A9-70AA4B457F95}C:\users\edward\downloads\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=c:\users\edward\downloads\downloader_starcraft_combo_enus.exe |
    "TCP Query User{DB63B9A0-71A9-41D0-A960-B0D1CA1285FF}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
    "TCP Query User{F0BE0622-BD7F-4B95-AEA5-2757FF3A937E}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
    "TCP Query User{F37FFEB3-C07B-4C14-9107-0B18BBDDBAB4}C:\users\edward\downloads\downloader_diablo2_enus.exe" = protocol=6 | dir=in | app=c:\users\edward\downloads\downloader_diablo2_enus.exe |
    "TCP Query User{F7CAB00C-83D7-4109-A321-2C42B022C783}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "UDP Query User{0159D450-E9D3-441C-A932-086E222DB8F0}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
    "UDP Query User{064587DF-B711-45E0-BB92-8A6A1C27292B}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "UDP Query User{1807988F-BDD6-4700-BA1B-C8FDA28EABEB}C:\program files (x86)\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
    "UDP Query User{1B317996-1411-4218-932E-77DAF1B9972B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "UDP Query User{1C254561-EA9A-42D6-BDC3-F3E90F257558}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
    "UDP Query User{2923F0BF-862B-4DF5-BAF1-A2FD10AAFBC0}C:\users\edward\downloads\downloader_starcraft_combo_enus(3).exe" = protocol=17 | dir=in | app=c:\users\edward\downloads\downloader_starcraft_combo_enus(3).exe |
    "UDP Query User{341C383B-C2F3-4EFC-B744-F0F9B7B49491}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
    "UDP Query User{34AB203C-154A-41EE-9D0C-8F68A87B3A7C}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
    "UDP Query User{3F81F03A-99E3-4111-9265-A521A764B8D2}C:\users\edward\downloads\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=c:\users\edward\downloads\starcraft_2_na_en-us.exe |
    "UDP Query User{48C32D78-3924-4B48-8393-313449E46926}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
    "UDP Query User{4A08B81B-F709-4135-9739-00978B2E0FE2}C:\users\edward\downloads\diablo-iii-8370-enus-installer-downloader(1).exe" = protocol=17 | dir=in | app=c:\users\edward\downloads\diablo-iii-8370-enus-installer-downloader(1).exe |
    "UDP Query User{4A610072-7335-4406-8393-9789DB3CED27}C:\users\edward\downloads\downloader_diablo2_enus(2).exe" = protocol=17 | dir=in | app=c:\users\edward\downloads\downloader_diablo2_enus(2).exe |
    "UDP Query User{5055D7C3-99F6-4D32-B69D-8DA29BD11F03}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
    "UDP Query User{52A8D929-FE7D-434D-BFD0-205D7F475D17}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
    "UDP Query User{5A4F4ADB-FC49-45EB-94FC-1B71ED0E10A2}C:\users\edward\downloads\downloader_diablo2_lord_of_destruction_enus(2).exe" = protocol=17 | dir=in | app=c:\users\edward\downloads\downloader_diablo2_lord_of_destruction_enus(2).exe |
    "UDP Query User{938E8DDD-6E22-408A-A090-B9745BEDDDB7}C:\program files (x86)\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
    "UDP Query User{94E17356-4D4D-44E7-B25B-16335378CAD6}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
    "UDP Query User{9ED44EAF-6B9B-4C5F-8DAE-3E73C414B7B2}C:\users\edward\downloads\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=c:\users\edward\downloads\downloader_starcraft_combo_enus.exe |
    "UDP Query User{A10912AA-6B88-4705-A268-DD8B5C5DFED1}C:\users\edward\downloads\downloader_diablo2_lord_of_destruction_enus.exe" = protocol=17 | dir=in | app=c:\users\edward\downloads\downloader_diablo2_lord_of_destruction_enus.exe |
    "UDP Query User{B4E524F5-F27E-4F4E-BA6B-A8D7F95CAE4C}C:\users\edward\downloads\downloader_diablo2_enus.exe" = protocol=17 | dir=in | app=c:\users\edward\downloads\downloader_diablo2_enus.exe |
    "UDP Query User{C3499F87-9207-433D-BF22-96C42BE24014}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
    "UDP Query User{C9D3C60C-B1F0-4488-89D3-346DA3A10881}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
    "UDP Query User{D537226B-09EA-44C1-AFF0-204473896FDE}C:\program files (x86)\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe |
    "UDP Query User{D7453452-FA6A-4174-8AD6-701C584E3C13}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
    "UDP Query User{E8D49D1C-9CB7-453C-A186-6B9A62EAFE94}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "UDP Query User{EA5A1834-DE1F-41B4-BCAF-449387E6A5CF}C:\program files (x86)\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
    "UDP Query User{F305ECA2-CD21-4FD9-A10A-45DD07E761C4}C:\users\edward\downloads\diablo-iii-8370-enus-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\edward\downloads\diablo-iii-8370-enus-installer-downloader.exe |
    "UDP Query User{F506FF07-FB5B-4F84-8285-2B9CE87AA726}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series" = Canon MX430 series MP Drivers
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
    "{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}" = COMODO Internet Security Premium
    "{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
    "{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.65
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.65
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}" = WinZip 17.5
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "WinRAR archiver" = WinRAR 5.10 beta 4 (64-bit)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}" = PAK Explorer
    "{2052A553-D32F-441D-976B-6FD48FFCD4C7}" = Garmin Express
    "{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 60
    "{29382fb9-c7e9-45a6-a223-db732d64f6a6}" = Garmin Express
    "{2BF943F9-BE32-4532-8497-DDED42072CCA}" = Terrafirma
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
    "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
    "{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
    "{99072AB4-D795-44D5-9D65-E3C9F8322C97}" = TomTom HOME
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
    "{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
    "{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{C22378E6-9A65-438E-964C-7DB8FBB568DE}" = LogMeIn Hamachi
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{D4B264BD-BC17-4379-A417-AF52CF47CDCD}" = Elevated Installer
    "{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
    "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "{E29F876F-0E92-4E03-9BDA-F1ABA0E6B41F}" = Garmin Express Tray
    "{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
    "B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 5.1.1
    "Battle.net" = Battle.net
    "Canon MX430 series On-screen Manual" = Canon MX430 series On-screen Manual
    "Canon MX430 series User Registration" = Canon MX430 series User Registration
    "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenuEX" = Canon Solution Menu EX
    "Diablo II" = Diablo II
    "Diablo III" = Diablo III
    "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
    "Heroes of Might and Magic 3 Complete_is1" = Heroes of Might and Magic 3 Complete
    "Heroes of Might and Magic V Bundle_is1" = Heroes of Might and Magic V Bundle
    "InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
    "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "League of Legends 3.0.0" = League of Legends
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
    "MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0
    "Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 5.1" = Canon MP Navigator EX 5.1
    "MyDriveConnect" = MyDriveConnect 3.3.0.1342
    "Notepad++" = Notepad++
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "RaidCall" = RaidCall
    "SimCity 2000 Special Edition_is1" = SimCity 2000 Special Edition
    "Speed Dial Utility" = Canon Speed Dial Utility
    "StarCraft" = StarCraft
    "StarCraft II" = StarCraft II
    "Steam App 104900" = ORION: Dino Horde
    "Steam App 105450" = Age of EmpiresĀ® III: Complete Collection
    "Steam App 105600" = Terraria
    "Steam App 17460" = Mass Effect
    "Steam App 200510" = XCOM: Enemy Unknown
    "Steam App 211820" = Starbound
    "Steam App 214510" = LEGO Lord of the Rings
    "Steam App 216250" = Dead Island Riptide
    "Steam App 219740" = Don't Starve
    "Steam App 221380" = Age of Empires II: HD Edition
    "Steam App 22380" = Fallout: New Vegas
    "Steam App 239220" = The Mighty Quest For Epic Loot
    "Steam App 244850" = Space Engineers
    "Steam App 24980" = Mass Effect 2
    "Steam App 259080" = Just Cause 2: Multiplayer Mod
    "Steam App 264140" = Pixel Piracy
    "Steam App 32370" = Star Wars: Knights of the Old Republic
    "Steam App 47890" = The Sims(TM) 3
    "Steam App 570" = Dota 2
    "Steam App 620" = Portal 2
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "Steam App 8190" = Just Cause 2
    "Steam App 8930" = Sid Meier's Civilization V
    "Steam App 91310" = Dead Island
    "Steam App 94200" = Jamestown
    "Vampire - The Masquerade - Redemption_is1" = Vampire - The Masquerade - Redemption
    "VLC media player" = VLC media player 2.1.2
    "Winamp" = Winamp
    "WinRAR archiver" = WinRAR archiver
    "World of Warcraft" = World of Warcraft
    ========== HKEY_USERS Uninstall List ==========
    [HKEY_USERS\S-1-5-21-3325668747-2427616362-1545595919-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "101a9f93b8f0bb6f" = Curse Client
    "Winamp Detect" = Winamp Detector Plug-in
    ========== Last 20 Event Log Errors ==========
    [ Application Events ]
    Error - 6/4/2014 2:17:27 AM | Computer Name = Bahamut | Source = SideBySide | ID = 16842761
    Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
    in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on
    line 2. The manifest file root element must be assembly.
    < End of report >
  6. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    OTL logs are clean.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  7. Songodin

    Songodin Newcomer, in training Topic Starter Posts: 29

    UNSUPPORTED OPERATING SYSTEM! ABORTED!
  8. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Skip Security Check.
  9. Songodin

    Songodin Newcomer, in training Topic Starter Posts: 29

    Farbar Service Scanner Version: 21-05-2014
    Ran by Edward (administrator) on 05-06-2014 at 22:33:00
    Running from "C:\Users\Edward\Desktop\Cleanup"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  10. Songodin

    Songodin Newcomer, in training Topic Starter Posts: 29

    C:\Users\All Users\Comodo\Cis\Quarantine\data\{73BC332B-D9CB-4EA7-9ED0-FDF0393A488C} a variant of Win32/Injector.BCUZ trojan
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
    C:\ProgramData\Comodo\Cis\Quarantine\data\{73BC332B-D9CB-4EA7-9ED0-FDF0393A488C} a variant of Win32/Injector.BCUZ trojan cleaned by deleting - quarantined
    C:\Users\Edward\Downloads\WinZip175.exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined
  11. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    The issue seems to be resolved


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.