Solved Black screen while booting up Vista.

[squall23]

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.19.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Bernard :: BERNARD-PC [administrator]

19/09/2013 2:59:33 AM
mbar-log-2013-09-19 (02-59-33).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 328207
Time elapsed: 1 hour(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

[squall23]

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_23

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, I:\ DRIVE_FIXED
CPU speed: 2.666000 GHz
Memory total: 6440763392, free: 2068135936

Downloaded database version: v2013.09.19.01
Downloaded database version: v2013.08.06.01
=======================================
Initializing...
------------ Kernel report ------------
09/19/2013 02:59:29
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spio.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\Rtlh64.sys
\SystemRoot\system32\DRIVERS\CAXHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\CAX_DP.sys
\SystemRoot\system32\DRIVERS\CAX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\PS2.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\AtihdLH6.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\hssdrv6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbcir.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\avgidsfiltera.sys
\??\C:\Windows\system32\drivers\hostnt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio64.sys
\SystemRoot\system32\drivers\VirtDisk64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\??\C:\Windows\SysWOW64\Drivers\X6va011
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR7
Upper Device Object: 0xfffffa8007779060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000007e\
Lower Device Object: 0xfffffa8007b6c3f0
Lower Device Driver Name: \Driver\USBSTOR\
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8008efb060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xfffffa8008f1c060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8008f28790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xfffffa8008fd4060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8008f6b790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000077\
Lower Device Object: 0xfffffa8008f0b6d0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8008f29790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000076\
Lower Device Object: 0xfffffa8008f29060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008d71790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000063\
Lower Device Object: 0xfffffa8008c9cb70
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006589610
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800624e050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006589610, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800658eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006589610, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800624e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xfffff880121cdb50, 0xfffffa8006589610, 0xfffffa80073a36f0
Lower DeviceData: 0xfffff880120e1490, 0xfffffa800624e050, 0xfffffa800756c640
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
The directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.
Drivers scan is aborted.
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 1441415997
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1441416060 Numsec = 23728005

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1465129168-1465149168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8008d71790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008c92040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008d71790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8008c9cb70, DeviceName: \Device\00000063\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0xfffff8801740a580, 0xfffffa8008d71790, 0xfffffa80083d5200
Lower DeviceData: 0xfffff880128a9580, 0xfffffa8008c9cb70, 0xfffffa800a3f33e0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 67DF76B1

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953519616

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204885504 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8008f29790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008f24040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008f29790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8008f29060, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8008f6b790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008f6c040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008f6b790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8008f0b6d0, DeviceName: \Device\00000077\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8008f28790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008f6b040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008f28790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8008fd4060, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8008efb060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008f0a6b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008efb060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8008f1c060, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished

 

[Broni]

In MBAM you didn't select ALL items for removal.
Re-run MBAM, fix ALL issues and post new log.

 

[squall23]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.16.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Bernard :: BERNARD-PC [administrator]

19/09/2013 9:26:38 PM
mbam-log-2013-09-19 (21-26-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288668
Time elapsed: 29 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 31
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.JsObject (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\wajam.WajamDownloader.1 (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\wajam.WajamDownloader (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCR\wajam.WajamBHO.1 (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCR\wajam.WajamBHO (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AppID\priam_bho.DLL (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdater (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 14
C:\Users\Bernard\AppData\Local\Temp\0YudRA7T.exe.part (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Bernard\AppData\Local\Temp\DTLite4471-0337.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Bernard\AppData\Local\Temp\nshFD08.tmp (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Bernard\AppData\Local\Temp\nshFDD9.tmp (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Bernard\AppData\Local\Temp\nsp38C4.tmp (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Bernard\AppData\Local\Temp\ct2737658\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Bernard\AppData\Local\Temp\ct2737658\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Bernard\AppData\Local\Temp\ct2737658\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Bernard\AppData\Local\Temp\ct2737658\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Bernard\AppData\Local\Temp\nscA422.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Bernard\AppData\Local\Temp\nsk34A8.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Bernard\AppData\Local\Temp\nssCAB0.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Bernard\Local Settings\Temporary Internet Files\Content.IE5\4MTG9NGS\bi_downloader[1].exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Bernard\Local Settings\Temporary Internet Files\Content.IE5\AGYRA7ZS\bi_downloader[1].exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.

(end)

 

[Broni]

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[squall23]

I'm getting an error message saying "You need Administrative Privileges" or something like that even though I am admin. Does that mean I should use rKill?

Also, can you be a little specific about what was fixed using the script and the farbar tool? I'm trying to narrow down reasons as to why my computer always reboots whenever it messes with virtual drives.

 

[Broni]

Does that mean I should use rKill?

No if Combofix runs.

 

[squall23]

But combofix doesn't run. After the error message, the program closes.

 

[Broni]

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

 

[squall23]

I already have Farbar from that first time you told me to download it remember? Should I just run it again?

 

[Broni]

Yes please.

 

[squall23]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-09-2013
Ran by Bernard (administrator) on BERNARD-PC on 22-09-2013 16:50:06
Running from C:\Users\Bernard\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\AVG\AVG2012\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Realtek Semiconductor) C:\WINDOWS\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alienware Corporation) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Bernard\AppData\Local\Akamai\netsession_win.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Akamai Technologies, Inc.) C:\Users\Bernard\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
( Inc.) C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
(AVG Technologies CZ, s.r.o.) C:\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() c:\hp\HPEZBTN\HPBtnSrv.exe
(AnchorFree Inc.) C:\Hotspot Shield\HssWPR\hsssrv.exe
() C:\Hotspot Shield\bin\hsswd.exe
(Intel Corporation) C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(AVG Technologies CZ, s.r.o.) C:\AVG\AVG2012\avgnsa.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Mr. John aka japamd) C:\RadeonPro\RadeonProSupport.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio64.exe
(Safer Networking Ltd.) C:\Spybot - Search & Destroy\SDWinSec.exe
() C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe
(AVG Technologies CZ, s.r.o.) C:\AVG\AVG2012\AVGIDSAgent.exe
(AVG Technologies CZ, s.r.o.) C:\AVG\AVG2012\avgtray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Waterfox\waterfox.exe
(Mozilla Corporation) C:\Waterfox\plugin-container.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6150656 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [HP Health Check Scheduler] - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [IAAnotif] - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [AlienFX Controller] - C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe [57672 2009-05-20] (Alienware Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-04-22] (Logitech, Inc.)
HKCU\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKCU\...\Run: [igndlm.exe] - C:\Download Manager\dlm.exe [1103216 2009-05-14] (IGN Entertainment)
HKCU\...\Run: [KiesHelper] - C:\Samsung\Kies\KiesHelper.exe /s
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Bernard\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [108136 2012-03-15] (Siber Systems)
HKCU\...\Run: [DAEMON Tools Lite] - "C:\DAEMON Tools Lite\DTLite.exe" -autorun
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4287536 2013-09-20] ()
HKCU\...\Run: [AlcoholAutomount] - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
MountPoints2: {33186d40-230e-11e3-84b0-806e6f6e6963} - K:\setup.exe
HKLM-x32\...\Run: [AVG_TRAY] - C:\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972128 2008-04-14] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972128 2008-04-14] (Hewlett-Packard)
Startup: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk
ShortcutTarget: Kuma_Tray.lnk -> C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe ()
Startup: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
ShortcutTarget: ViiKiiDesktopPlugin.lnk -> C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe (No File)
BootExecute: autocheck autochk * C:\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

ProxyServer: http=183.181.25.248:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM - {57392D2C-8F82-478C-994D-0C0D9FB35D6C} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKLM - {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM-x32 - DefaultScope {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM-x32 - {57392D2C-8F82-478C-994D-0C0D9FB35D6C} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKLM-x32 - {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - DefaultScope {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {4BA2EC92-8370-4335-A0BB-F13F0820BEFC} URL = http://flvdirect.iamwired.net/websearch.php?src=tops&search={SearchTerms}
SearchScopes: HKCU - {57392D2C-8F82-478C-994D-0C0D9FB35D6C} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKCU - {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\FlashGet\jccatch.dll (www.flashget.com)
BHO-x32: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: 3F2D81A2-AB9C-DA82-039C-33E7BC2362D3 Class - {3F2D81A2-AB9C-DA82-039C-33E7BC2362D3} - C:\Thunder Network\Thunder\BBInside\{3F2D81A2-AB9C-DA82-039C-33E7BC2362D3}\AddressBar.dll No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\FlashGet\getflash.dll (www.flashget.com)
BHO-x32: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
BHO-x32: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/UNO%20-%20Undercover/Images/stg_drm.ocx
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/UNO%20-%20Undercover/Images/armhelper.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1E2774A5-2766-4D2A-9844-B884397420A9}: [NameServer]208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default
FF user.js: detected! => C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\user.js
FF NetworkProxy: "autoconfig_url", "https://mediahint.com/default.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=0.80.0 - C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @fileplanet.com/fpdlm - C:\Download Manager\npfpdlm.dll (IGN Entertainment)
FF Plugin-x32: @gamersfirst.com/LiveLauncher - C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No File
FF Plugin-x32: google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: Nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @xunlei.com/npxluser - C:\Thunder Network\Thunder\BHO\xluser\npxluser.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Bernard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @xunlei.com/npxluser - C:\Thunder Network\Thunder\BHO\xluser\npxluser.dll No File
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\searchplugins\anime-news-network.xml
FF SearchPlugin: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\searchplugins\dictionarycom.xml
FF SearchPlugin: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\searchplugins\urban-dictionary.xml
FF SearchPlugin: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\searchplugins\youtube-video-search.xml
FF Extension: No Name - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\CSWebLauncher@cyberstep.com
FF Extension: ExHentai Easy - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\jid0-db0owQRjcx0mRj5LBNH2MHAwEkc@jetpack
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: NeffyPlugin Launcher - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{5601B994-0E9B-4ce2-8AB9-AD1155F2ABBD}
FF Extension: GameFOX - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
FF Extension: BitComet 视频下载器 - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF Extension: Cookies Manager+ - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
FF Extension: firefox - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\firefox@mega.co.nz.xpi
FF Extension: mediahint - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\mediahint@jetpack.xpi
FF Extension: SQLiteManager - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
FF Extension: uriloader - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\uriloader@pdf.js.xpi
FF Extension: No Name - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
FF Extension: No Name - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF Extension: No Name - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: No Name - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\AVG\AVG2012\Firefox4\
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\AVG\AVG2012\Firefox\DoNotTrack\
FF Extension: AVG Do Not Track - C:\AVG\AVG2012\Firefox\DoNotTrack\
FF HKCU\...\Firefox\Extensions: [{6FACD0C3-EF9B-4F52-94DB-6E745D1116A0}] - C:\Users\Bernard\AppData\Local\{6FACD0C3-EF9B-4F52-94DB-6E745D1116A0}
FF Extension: XULRunner - C:\Users\Bernard\AppData\Local\{6FACD0C3-EF9B-4F52-94DB-6E745D1116A0}
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Bernard\AppData\Roaming\IDM\idmmzcc5
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AVGIDSAgent; C:\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 BITCOMET_HELPER_SERVICE; C:\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 HPBtnSrv; c:\hp\HPEZBTN\HPBtnSrv.exe [198240 2007-05-29] ()
S2 hshld; C:\Hotspot Shield\bin\openvpnas.exe [474992 2012-07-24] ()
R2 HssSrv; C:\Hotspot Shield\HssWPR\hsssrv.exe [404848 2012-07-24] (AnchorFree Inc.)
S3 HssTrayService; C:\Hotspot Shield\bin\HssTrayService.EXE [78072 2012-07-24] ()
R2 HssWd; C:\Hotspot Shield\bin\hsswd.exe [387440 2012-07-24] ()
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3549696 2010-05-25] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-04] ()
R2 RadeonPro Support Service; C:\RadeonPro\RadeonProSupport.exe [12800 2011-02-10] (Mr. John aka japamd)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 SBSDWSCService; C:\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-10-02] ()
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-02-23] (DT Soft Ltd)
R2 HOSTNT; C:\Windows\system32\drivers\hostnt.sys [13864 2012-05-13] (SafeNet, Inc.)
R2 HOSTNT; C:\Windows\system32\drivers\hostnt.sys [13864 2012-05-13] (SafeNet, Inc.)
R3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1487872 2008-05-08] (Conexant Systems, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-07-24] (AnchorFree Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-10-01] ()
S3 ncvet.dll; C:\Windows\Temp\ncvet.dll [24144 2011-09-14] (Beijing Joychina Network Technologies Co., Ltd.)
S3 ncvet.dll; C:\Windows\Temp\ncvet.dll [24144 2011-09-14] (Beijing Joychina Network Technologies Co., Ltd.)
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2009-10-06] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18944 2009-10-06] (Nokia)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.)
S3 PLCNDIS5; C:\Windows\SysWow64\PLCNDIS5.SYS [17280 2004-04-26] (Intellon, Inc.)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-20] (Duplex Secure Ltd.)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2009-10-06] (Nokia)
S3 X6va006; C:\Users\Bernard\AppData\Local\Temp\006955E.tmp [17192 2012-03-17] ()
S3 X6va006; C:\Users\Bernard\AppData\Local\Temp\006955E.tmp [17192 2012-03-17] ()
R2 YLMFVDISK; C:\Windows\System32\drivers\VirtDisk64.sys [23896 2011-12-08] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S3 dump_wmimmc; \??\C:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PLCMPR5; \??\C:\Windows\system32\PLCMPR5.SYS [x]
S3 PLCNDIS5; \??\C:\Windows\system32\PLCNDIS5.SYS [x]
S3 X6va002; \??\C:\Users\Bernard\AppData\Local\Temp\002E129.tmp [x]
S3 X6va005; \??\C:\Users\Bernard\AppData\Local\Temp\005B0D0.tmp [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-22 16:49 - 2013-09-22 16:49 - 01955550 _____ (Farbar) C:\Users\Bernard\Desktop\FRST64.exe
2013-09-21 20:30 - 2013-09-21 20:30 - 00000286 _____ C:\Users\Bernard\Documents\ax_files.xml
2013-09-21 19:45 - 2013-09-21 20:54 - 00000000 ____D C:\King Of Fighters XIII
2013-09-21 19:39 - 2013-09-21 19:39 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2013-09-21 04:53 - 2013-09-21 04:53 - 05128554 _____ (Swearware) C:\Users\Bernard\Desktop\your_name.exe
2013-09-21 04:40 - 2013-09-21 04:50 - 00000000 ___SD C:\32788R22FWJFW
2013-09-20 22:11 - 2013-09-20 22:11 - 00001006 _____ C:\Users\Bernard\Desktop\Game Launcher.lnk
2013-09-20 22:11 - 2013-09-20 22:11 - 00000000 ____D C:\Windows\SysWOW64\AGEIA
2013-09-20 22:11 - 2013-09-20 22:11 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-20 22:10 - 2013-09-20 22:10 - 00000107 _____ C:\Users\Bernard\Desktop\Heva Clonia.url
2013-09-20 21:45 - 2013-09-20 21:45 - 00000000 ____D C:\Users\Bernard\.swt
2013-09-20 18:45 - 2013-09-20 18:45 - 00564824 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-09-19 21:22 - 2013-09-19 21:22 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\ImgBurn
2013-09-19 21:22 - 2013-09-19 21:22 - 00000000 ____D C:\ImgBurn
2013-09-19 02:59 - 2013-09-19 04:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-17 22:49 - 2013-09-18 03:25 - 00000000 ____D C:\Users\Bernard\Desktop\RK_Quarantine
2013-09-17 22:48 - 2013-09-17 22:48 - 03787776 _____ C:\Users\Bernard\Desktop\RogueKillerX64.exe
2013-09-16 23:34 - 2013-09-16 23:34 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2013-09-15 20:57 - 2013-09-15 20:57 - 00270888 _____ C:\Windows\Minidump\Mini091513-01.dmp
2013-09-11 18:08 - 2013-09-21 04:43 - 00001513 _____ C:\Users\Bernard\Desktop\avgremover.log
2013-09-11 18:08 - 2013-09-11 20:06 - 02899344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Bernard\Desktop\avg_remover_stf_x64_2012_2125.exe
2013-09-11 18:08 - 2013-09-11 18:08 - 00000000 ____D C:\FRST
2013-09-11 18:02 - 2013-09-11 18:03 - 00000000 ___SD C:\ComboFix
2013-09-11 17:57 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-11 17:57 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-11 17:57 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-11 17:57 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-11 17:57 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-11 17:57 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-11 17:57 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-11 17:57 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-11 17:49 - 2013-09-11 17:57 - 00000000 ____D C:\Qoobox
2013-09-11 17:48 - 2013-09-11 17:48 - 00000000 ____D C:\Windows\erdnt
2013-09-11 07:00 - 2013-09-18 03:25 - 00000000 ____D C:\anti virus
2013-09-11 06:10 - 2013-09-11 06:10 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Malwarebytes
2013-09-11 06:09 - 2013-09-11 06:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 06:09 - 2013-09-11 06:09 - 00000000 ____D C:\Malwarebytes' Anti-Malware
2013-09-11 06:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-11 05:33 - 2013-09-11 05:33 - 00000000 ____D C:\Users\Bernard\Documents\HTST - Copy
2013-09-11 03:04 - 2013-07-31 08:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 03:04 - 2013-07-31 07:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 03:04 - 2013-07-31 07:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 03:04 - 2013-07-31 07:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 03:04 - 2013-07-31 07:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 03:04 - 2013-07-31 07:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-11 03:04 - 2013-07-31 07:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-11 03:04 - 2013-07-31 07:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 03:04 - 2013-07-31 07:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-11 03:04 - 2013-07-31 07:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 03:04 - 2013-07-31 07:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-11 03:04 - 2013-07-31 07:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 03:04 - 2013-07-31 07:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 03:04 - 2013-07-31 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-11 03:04 - 2013-07-31 07:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 03:04 - 2013-07-31 07:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 03:04 - 2013-07-31 04:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 03:04 - 2013-07-31 04:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 03:04 - 2013-07-31 04:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 03:04 - 2013-07-31 03:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 03:04 - 2013-07-31 03:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-11 03:04 - 2013-07-31 03:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 03:04 - 2013-07-31 03:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-11 03:04 - 2013-07-31 03:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 03:04 - 2013-07-31 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 03:04 - 2013-07-31 03:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-11 03:04 - 2013-07-31 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-11 03:04 - 2013-07-31 03:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 03:04 - 2013-07-31 03:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 03:04 - 2013-07-31 03:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 03:04 - 2013-07-31 03:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-11 03:04 - 2013-07-31 03:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-10 21:55 - 2013-08-07 20:03 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-10 21:55 - 2013-07-16 03:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-10 21:55 - 2013-07-15 22:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2013-09-08 23:56 - 2013-09-08 23:56 - 00000000 ____D C:\Users\Bernard\Documents\Larian Studios
2013-09-08 23:48 - 2013-09-08 23:48 - 00372488 _____ C:\Users\Bernard\AppData\Local\dd_vcredistMSI3AEB.txt
2013-09-08 23:48 - 2013-09-08 23:48 - 00011462 _____ C:\Users\Bernard\AppData\Local\dd_vcredistUI3AEB.txt
2013-08-27 19:29 - 2013-08-02 08:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-27 19:29 - 2013-08-01 22:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

==================== One Month Modified Files and Folders =======

2013-09-22 16:50 - 2009-10-12 02:27 - 00000000 ____D C:\Users\Bernard\AppData\Local\PMB Files
2013-09-22 16:49 - 2013-09-22 16:49 - 01955550 _____ (Farbar) C:\Users\Bernard\Desktop\FRST64.exe
2013-09-22 16:12 - 2009-08-10 21:18 - 01749688 _____ C:\Windows\WindowsUpdate.log
2013-09-22 16:11 - 2012-02-25 00:32 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2013-09-22 16:04 - 2010-05-27 04:06 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-22 16:04 - 2006-11-02 09:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-22 16:04 - 2006-11-02 09:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-22 16:04 - 2006-11-02 09:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-22 07:02 - 2006-11-02 09:42 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-22 06:58 - 2009-08-11 01:31 - 00000000 ____D C:\BitComet
2013-09-22 06:52 - 2010-05-27 04:06 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-22 04:29 - 2006-11-02 06:46 - 00777444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-22 03:58 - 2009-08-12 02:01 - 00033280 _____ C:\Users\Bernard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-22 03:47 - 2009-08-12 02:00 - 00000000 ____D C:\Clips
2013-09-22 03:32 - 2010-06-19 04:31 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\vlc
2013-09-22 02:24 - 2009-12-21 02:47 - 00000000 ____D C:\Movies
2013-09-22 02:24 - 2009-08-11 04:48 - 00000000 ____D C:\Anime
2013-09-21 23:51 - 2009-08-11 01:32 - 00000000 ____D C:\Torrents
2013-09-21 20:54 - 2013-09-21 19:45 - 00000000 ____D C:\King Of Fighters XIII
2013-09-21 20:30 - 2013-09-21 20:30 - 00000286 _____ C:\Users\Bernard\Documents\ax_files.xml
2013-09-21 19:39 - 2013-09-21 19:39 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2013-09-21 16:39 - 2010-11-13 15:33 - 00002032 _____ C:\Users\Bernard\AppData\Local\d3d9caps.dat
2013-09-21 04:53 - 2013-09-21 04:53 - 05128554 _____ (Swearware) C:\Users\Bernard\Desktop\your_name.exe
2013-09-21 04:50 - 2013-09-21 04:40 - 00000000 ___SD C:\32788R22FWJFW
2013-09-21 04:43 - 2013-09-11 18:08 - 00001513 _____ C:\Users\Bernard\Desktop\avgremover.log
2013-09-21 04:33 - 2009-08-11 15:21 - 00000000 ____D C:\Games
2013-09-21 03:57 - 2009-08-11 23:22 - 00000000 ____D C:\Steam
2013-09-21 03:57 - 2009-08-10 23:31 - 00000000 ____D C:\Program Installers
2013-09-20 22:11 - 2013-09-20 22:11 - 00001006 _____ C:\Users\Bernard\Desktop\Game Launcher.lnk
2013-09-20 22:11 - 2013-09-20 22:11 - 00000000 ____D C:\Windows\SysWOW64\AGEIA
2013-09-20 22:11 - 2013-09-20 22:11 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-20 22:11 - 2012-03-22 19:50 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OGPlanet
2013-09-20 22:11 - 2010-01-14 17:44 - 00002406 _____ C:\Windows\DIFx.log
2013-09-20 22:10 - 2013-09-20 22:10 - 00000107 _____ C:\Users\Bernard\Desktop\Heva Clonia.url
2013-09-20 22:05 - 2010-10-03 02:21 - 00000000 ____D C:\OGPlanet
2013-09-20 21:48 - 2009-10-12 02:27 - 00000000 ____D C:\ProgramData\PMB Files
2013-09-20 21:45 - 2013-09-20 21:45 - 00000000 ____D C:\Users\Bernard\.swt
2013-09-20 21:45 - 2009-08-10 21:25 - 00000000 ____D C:\Users\Bernard
2013-09-20 18:45 - 2013-09-20 18:45 - 00564824 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2013-09-20 17:42 - 2008-01-20 21:26 - 00254618 _____ C:\Windows\PFRO.log
2013-09-19 21:22 - 2013-09-19 21:22 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\ImgBurn
2013-09-19 21:22 - 2013-09-19 21:22 - 00000000 ____D C:\ImgBurn
2013-09-19 04:29 - 2013-09-19 02:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-18 23:52 - 2009-08-10 23:32 - 00000000 ____D C:\Mozilla Firefox
2013-09-18 03:25 - 2013-09-17 22:49 - 00000000 ____D C:\Users\Bernard\Desktop\RK_Quarantine
2013-09-18 03:25 - 2013-09-11 07:00 - 00000000 ____D C:\anti virus
2013-09-18 03:24 - 2009-08-10 21:28 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Adobe
2013-09-17 22:48 - 2013-09-17 22:48 - 03787776 _____ C:\Users\Bernard\Desktop\RogueKillerX64.exe
2013-09-16 23:34 - 2013-09-16 23:34 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2013-09-16 17:44 - 2010-08-20 19:14 - 00000000 ____D C:\PS3 firmware
2013-09-15 20:57 - 2013-09-15 20:57 - 00270888 _____ C:\Windows\Minidump\Mini091513-01.dmp
2013-09-15 20:57 - 2012-06-30 23:59 - 00000000 ____D C:\Windows\Minidump
2013-09-15 20:56 - 2012-06-30 23:58 - 717933352 _____ C:\Windows\MEMORY.DMP
2013-09-13 03:01 - 2009-09-13 20:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 23:40 - 2009-08-12 17:24 - 00001535 _____ C:\Users\Bernard\Documents\passes1.txt
2013-09-11 20:06 - 2013-09-11 18:08 - 02899344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Bernard\Desktop\avg_remover_stf_x64_2012_2125.exe
2013-09-11 18:08 - 2013-09-11 18:08 - 00000000 ____D C:\FRST
2013-09-11 18:03 - 2013-09-11 18:02 - 00000000 ___SD C:\ComboFix
2013-09-11 17:57 - 2013-09-11 17:49 - 00000000 ____D C:\Qoobox
2013-09-11 17:48 - 2013-09-11 17:48 - 00000000 ____D C:\Windows\erdnt
2013-09-11 08:06 - 2009-08-10 21:25 - 00000732 _____ C:\Users\Bernard\AppData\Local\d3d9caps64.dat
2013-09-11 06:37 - 2009-08-10 21:31 - 00000000 ___RD C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 06:10 - 2013-09-11 06:10 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Malwarebytes
2013-09-11 06:09 - 2013-09-11 06:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 06:09 - 2013-09-11 06:09 - 00000000 ____D C:\Malwarebytes' Anti-Malware
2013-09-11 05:33 - 2013-09-11 05:33 - 00000000 ____D C:\Users\Bernard\Documents\HTST - Copy
2013-09-11 05:08 - 2006-11-02 09:21 - 00411064 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-08 23:56 - 2013-09-08 23:56 - 00000000 ____D C:\Users\Bernard\Documents\Larian Studios
2013-09-08 23:48 - 2013-09-08 23:48 - 00372488 _____ C:\Users\Bernard\AppData\Local\dd_vcredistMSI3AEB.txt
2013-09-08 23:48 - 2013-09-08 23:48 - 00011462 _____ C:\Users\Bernard\AppData\Local\dd_vcredistUI3AEB.txt
2013-09-08 23:47 - 2009-08-11 19:07 - 01084497 _____ C:\Windows\DirectX.log
2013-09-07 19:35 - 2013-02-16 02:13 - 00000000 ____D C:\Strike Suit Zero
2013-09-07 19:32 - 2008-05-12 12:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-07 18:51 - 2011-07-18 01:32 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\dvdcss
2013-09-06 17:47 - 2010-12-05 18:47 - 00000000 ____D C:\Users\Bernard\AppData\Local\Paint.NET
2013-08-31 01:18 - 2010-03-03 01:14 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Skype
2013-08-30 14:45 - 2006-11-02 09:27 - 00156805 _____ C:\Windows\setupact.log

Some content of TEMP:
====================
C:\Users\Bernard\AppData\Local\Temp\bitool.dll
C:\Users\Bernard\AppData\Local\Temp\swt-win32-3740.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-22 16:13

==================== End Of Log ============================

 

[Broni]

Looks good.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[squall23]

I have 2 AdwCleaner logs.

# AdwCleaner v3.005 - Report created 25/09/2013 at 05:07:45
# Updated 22/09/2013 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : Bernard - BERNARD-PC
# Running from : C:\anti virus\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\user.js
Folder Found C:\Program Files (x86)\baidu
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder
Folder Found C:\Users\Bernard\AppData\Local\Conduit
Folder Found C:\Users\Bernard\AppData\Local\Temp\AskSearch
Folder Found C:\Users\Bernard\AppData\LocalLow\Conduit
Folder Found C:\Users\Bernard\AppData\LocalLow\FreeOnlineRadioPlayerRecorder
Folder Found C:\Users\Bernard\AppData\LocalLow\PriceGong
Folder Found C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Found C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\5b2d8a2a5ef35052f655e43339797018
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\HavingFunOnline
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\FreeOnlineRadioPlayerRecorder
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\daemon tools toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeOnlineRadioPlayerRecorder Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Headlight
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : [x64] HKCU\Software\PIP
Key Found : [x64] HKCU\Software\SearchProtect
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B2DDB081-10D0-4804-AB95-73C70CBA3805}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2737658
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\FreeOnlineRadioPlayerRecorder
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45763005-ACF9-474B-B722-2C75951D09D0}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91993964-E39C-4E2C-B8C0-43342FA0D41C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2DDB081-10D0-4804-AB95-73C70CBA3805}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeOnlineRadioPlayerRecorder Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F999A48B-1950-4D81-9971-79018F807B4B}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F999A48B-1950-4D81-9971-79018F807B4B}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16506


-\\ Mozilla Firefox v7.0.1 (en-GB)

[ File : C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [7755 octets] - [25/09/2013 05:07:45]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7815 octets] ##########

 

[squall23]

# AdwCleaner v3.005 - Report created 25/09/2013 at 05:08:34
# Updated 22/09/2013 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : Bernard - BERNARD-PC
# Running from : C:\anti virus\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Program Files (x86)\baidu
[!] Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
[!] Folder Deleted : C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder
[!] Folder Deleted : C:\Users\Bernard\AppData\Local\Conduit
[!] Folder Deleted : C:\Users\Bernard\AppData\Local\Temp\AskSearch
[!] Folder Deleted : C:\Users\Bernard\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\Bernard\AppData\LocalLow\PriceGong
[!] Folder Deleted : C:\Users\Bernard\AppData\LocalLow\FreeOnlineRadioPlayerRecorder
[!] Folder Deleted : C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[!] Folder Deleted : C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\jetpack
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKCU\Software\5b2d8a2a5ef35052f655e43339797018
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2737658
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2DDB081-10D0-4804-AB95-73C70CBA3805}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2DDB081-10D0-4804-AB95-73C70CBA3805}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45763005-ACF9-474B-B722-2C75951D09D0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91993964-E39C-4E2C-B8C0-43342FA0D41C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F999A48B-1950-4D81-9971-79018F807B4B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F999A48B-1950-4D81-9971-79018F807B4B}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\HavingFunOnline
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\FreeOnlineRadioPlayerRecorder
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\FreeOnlineRadioPlayerRecorder
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeOnlineRadioPlayerRecorder Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\daemon tools toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeOnlineRadioPlayerRecorder Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16506


-\\ Mozilla Firefox v7.0.1 (en-GB)

[ File : C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [7939 octets] - [25/09/2013 05:07:45]
AdwCleaner[S0].txt - [7501 octets] - [25/09/2013 05:08:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7561 octets] ##########

 

[squall23]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Bernard on 25/09/2013 at 15:19:39.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] hshld
Successfully deleted: [Service] hshld
Successfully stopped: [Service] hsstrayservice
Successfully deleted: [Service] hsstrayservice
Successfully stopped: [Service] hsswd
Successfully deleted: [Service] hsswd



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2477874223-606777688-1295357527-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\hotspotshield
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\hotspotshield
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4BA2EC92-8370-4335-A0BB-F13F0820BEFC}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\hotspot shield"
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{00CD5193-F849-4EAD-B3EA-CB2FFD73CBCE}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{0230CE1E-CE13-41D5-B7B9-4C53DB142401}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{023CF37E-3251-4CB4-B207-8263B0F9BCB2}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{0334F5FD-4C07-4F16-A2DC-C0A918962AEC}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{039122C5-A3D3-472A-9BA9-91BD2B3D9B83}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{04B30835-8280-4FC3-B24E-328E473EB16A}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{05054E64-B53B-4618-8CF6-7758FAF004C1}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{050D4DC0-A40F-454E-B0E5-350E851C3110}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{054C7F76-017C-4022-AAF9-DDB264818D1D}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{06251CF1-80CA-4C84-AEB3-2F487F45E26E}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{068D4565-11D8-4C2C-A75A-DEC6584228E3}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{069AB127-FC61-4011-B895-2FF4FC080DE4}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{06DE0D66-D4A4-4B31-9459-93D3B2C5EA8E}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{06EDEADD-93AD-473E-8776-2C174EA83035}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{078F4ACC-2F7C-438E-9A18-B2E523E22316}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{07A73DFB-3620-4E87-AD54-5E6FA72B8D2E}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{082BB222-D9C9-48BF-B78B-8EDA1898FAD6}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{08BFDE2B-0EBA-4C55-BB62-529BFC49B3CD}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{094E3990-5AC8-4C61-9E69-105A9A828A3A}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{0A64C090-8658-4283-A148-6D5FB249255D}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{0CD19E7D-094D-46FE-A4D3-0EA6234D495F}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{0CD321F0-CDF9-4AD3-96A2-2B99AB79C8CE}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{106D643A-6C10-41CD-B85D-58178BDA226B}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{10801353-75EB-4310-923D-F41EE56E9A7B}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{11852960-BC37-4722-AE74-3449543ADB37}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{11927751-E0B1-4D78-B6B4-1AD723805731}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{121B8809-58D4-4539-BB48-EE2B2395B158}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{12D1F49A-33F0-4D7B-9B16-379D67EA583B}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{1395423C-4ADB-4578-AABA-6756DC6CB0EB}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{147B76AB-CA9A-4E50-9F4F-8BC807BCCEDE}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{15D5D619-ABF0-48DE-BDA3-8A2AD736D7F6}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{1633F2CD-121F-49EE-8C1E-5D48F2423F8F}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{164FF1D2-4305-462E-BE1A-05E5FD3A9CE3}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{165EB529-FDD1-4624-BC69-07060652721E}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{1707FD9D-BD2A-426D-B1B6-5F16C72CBD8A}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{17DC285B-548E-4100-9264-A9574845FC6B}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{186DCB94-8DB6-40B2-A12E-B7CB828BCCED}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{19589B07-3BA4-408D-84C0-854178ED381B}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{1F2644E8-54EF-4B80-977D-C5EB6A8AE491}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{1F4B1AB3-F5FB-4A3E-8E6D-3A20ECFD0E4D}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{1FF690EB-C935-48B5-9FCF-90CB639BBE93}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{2081F93A-0D7F-4A4E-9BF6-592A3AC30FA4}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{213BF0A6-0677-48EA-BA69-B2AF6356E2BC}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{220385FA-EE54-4A39-B19F-60303F10CB04}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{22FAD384-E00A-4662-B37F-947AD71DF084}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{23673C61-1530-4CD4-A3B1-23A7D0B9752C}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{23BC2D34-9973-4935-A373-DEB3E8851C6F}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{24EC1946-B21D-498E-913D-CAD4F8056CE6}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{25706284-6B76-41FA-B50F-8B7319CA657D}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{25E6D32C-0D72-49F9-9B95-2BA7C1468F41}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{26CE163B-C82A-4C06-B578-B2B3D1AC2830}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{27598272-F18A-4662-AA43-EDA7D5BA2E86}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{27F4A06A-9F4A-4697-9882-02FAC6A94922}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{2818E177-0B63-47A5-A5AC-9EF03BE7CB49}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{28B02EB4-91D0-4E6E-B8F5-A362C66791B6}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{2964F04A-6106-4675-A686-E8B305E89DB4}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{2971EDA8-AF56-4A8E-973B-3FBC600E409A}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{2CA61DE1-CC3D-4819-A292-876FCDFBCAF5}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{2CCB7A28-EF88-4605-841F-CE0B4DFDD1B0}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{2D30ED9C-8FF2-40CB-A6B3-A114877BA8B7}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{2D5407BB-2342-40C7-A461-51640C3C93E0}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{2ED6566F-9AAE-4A52-9AC5-4FE6B976BD8D}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{2F26CD76-1FB9-4ADA-9D9D-71DF84620AFD}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{315386AC-C395-4A54-8E9D-C45427F5DACE}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{315C1385-D4EE-45B4-8BF2-21CB8ACB2D82}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{321B44DB-4BDF-4AF9-B7F0-6F4175F4D534}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{32859DB4-013C-44C1-8567-F3DD16047C7E}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{32B22F69-39F5-42CE-BBF8-62975710D0CB}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{3434076A-B045-44CF-B5A0-131BB6133322}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{34BDEEB0-2768-47A8-B9B1-64EA2F89DD9C}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{34C48B3D-E462-4C95-AE0E-FDA4A6462C13}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{355DE55F-CF05-40A8-84D2-C1A883BFE3F4}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{36EB2A3D-3E50-4513-8D94-B47329B9EA34}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{38A0D923-6B90-4CAC-90EE-D1B324C6D780}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{38DDD5D2-9B74-4BB6-B2D5-2155F9CB63FB}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{392CAD26-D816-49B5-9AFE-8B555B6C09D6}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{39B731B0-D9B1-4136-AC5A-4927453D91D9}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{3AF6EDE5-503C-4932-98DD-AE1B8E4CE861}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{3B04C554-11A1-41AF-AB5E-55A91FF6770A}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{3B4F942B-28E7-400A-9C88-264B49966F24}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{3BA28CD7-959E-4157-AC81-9EF443794475}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{3C0CD799-EDEF-4B95-99C9-CEB7B12B3703}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{3C976868-6844-4608-8A95-2343ACE0D899}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{3E32DDC9-587C-40DE-BEAF-198DC6A11767}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{3E3E5DDF-0533-4265-8A38-A7637954864F}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{3F6851BA-F94C-42B2-A72C-F1D19AD2C7AE}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{3F812F3E-FE99-442F-9161-B6715821B773}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{3F850325-8F01-422C-8664-4CE77433ACA7}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{40378178-4200-40FB-8172-57898DB04CFF}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{4056C01F-B0E1-45AA-8D68-B8B99CCF2688}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{406A3846-2AA5-4B8C-9EC9-3A810E9473F7}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{40772565-C2C0-456A-9BD1-E34CAA34FEEE}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{4181AB8B-AD63-49B7-888C-3783EE49CF55}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{41A5FA1A-D520-4E5A-B4F1-922971DED878}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{4301897D-ED58-4E91-AA11-BEAF6C7EC286}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{431EE2B9-8AAE-45E5-B1D9-8DBD2F3FEED1}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{45261AA3-A30D-47C4-8646-802B53045D79}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{47517643-426C-4B7E-BC18-780D540DE886}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{47853BF3-2C32-4B9D-9BD6-32DA24077E0D}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{47B48E17-A498-478F-B1B0-B70770B9D6D3}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{482A4290-87E3-47CE-8151-B5C34B708166}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{48AF75AD-FFAE-49F4-B41B-216643F1CB45}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{4A179F0F-DC09-45E4-9930-A24CD81F30F3}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{4A2D779E-45EB-4DBD-9AA3-44CF61CAC8BB}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{4ACFAA26-D852-421F-8D5C-E34C13A6E3FB}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{4AE56FEC-39E8-407B-98B3-FFB8E3F4ABD7}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{4BC79FF8-D011-43F6-8DA7-5DB3450BB09C}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{4C2DB99A-3B5C-448F-B3AF-B961FA885657}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{4C5C8808-9300-408F-86D4-905BC67BC624}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{4CA0EBF8-7F8F-4495-B906-4FA48245C8B7}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{4D3EBAA0-685D-41AC-969A-89723998CC0B}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{4D50B096-AF59-4B6B-846E-820A4099A8CB}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{4EA51CCE-D677-4D2B-A333-6DF129345066}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{4EF31FA2-101B-4B46-A2CB-B805DAB035AF}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{4F4B40F2-60AE-4699-840B-6917381CD036}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{50A677C9-9834-4383-BAB6-C812F8165323}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{521BF648-0E80-4467-8CA0-286008AE77EC}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{541C25F6-A29E-4ED5-91C4-C47DA1E5A4EE}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{5441F995-0D78-4870-A500-2A8E58D5C434}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{54B2F3EC-15A4-4856-A105-7B49A38075F4}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{54BB2D0B-454F-495C-9D4E-A7A404FF5B70}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{54EAC59F-8210-4450-B9AD-1337DE1285D8}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{5579A46D-EF3E-4AD8-AFD0-8AE63DE652AE}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{564CDAA9-30E3-4787-9BB2-F6793E84E18E}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{573A2620-2C8E-434B-ADE8-1B7D110D9314}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{5889F485-4B43-40D0-B5B5-4A5AE4D99988}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{5941C747-8339-456E-B6EA-D01D19CF81B0}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{599F9E72-B0C7-4F7D-8D60-9DB43BDCBDC4}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{5B1110D4-9AE5-4A2B-BC6D-5ED3E77EAE19}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{5B9A2309-1206-4C8F-B803-72319034B5ED}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{5BAB6DDE-A08E-475A-9147-4E8B006ED041}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{5BD93528-EB3C-4BE2-8F60-9B1DC93076F0}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{5C35F3D9-8FED-4811-B956-895102BEFE71}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{5E056753-9B88-4DC6-8196-44B8F8BF4F12}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{5ECCF337-EEAD-4266-8768-ADF83827D1E5}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{5F692D48-4B78-41DB-A845-3A7297EA37DC}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{6158AE42-B131-4EFA-B617-5EFD4405EDFC}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{61B9CF68-C0E3-4411-8458-AF7FF12361FF}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{62C8CCD3-B4CD-46A3-ADE7-EA2CF26462F8}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{633CF66E-991F-4E77-B77E-E26DDF35CD0F}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{64A40089-1458-4950-AEA2-A8F99765DF93}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{65F920D7-1844-4F20-873B-E5FF1C5C32CF}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{683C6318-BD80-411E-AF01-708718EF713C}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{68CC38FA-55A6-49C1-BFBB-6F64FF47465C}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{69BC7D9B-C745-4A98-823D-83C71BAD716C}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{69CE816A-2BA7-48C3-AB3B-5ED99A3218CB}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{6D28CAC9-3CB3-4B32-8D97-B851C67E10F9}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{6D2DC30E-C910-4862-9CBB-90B1F231A51B}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{6D2FAFA1-FF46-4A85-8161-82435FACF106}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{6DEF3F0A-2023-4696-91C7-701EDD2C6D6A}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{6E8253F9-ED76-4D3C-BAC7-F3C6A5E846C1}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{6F2FBA06-D355-4427-9CA3-215F0B29A1B0}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{7061F8E7-20E6-4E9E-B416-932CF75EC47F}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{707F2E0A-0323-48D6-9F5F-CBAA245A796B}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{708E68DF-47E6-4C86-89EE-F1660E8AA024}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{709B435F-D4F0-44EE-80C1-3644200276AF}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{71A083D3-1F75-456A-B59A-5916F1BF03DA}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{72186D54-4B1C-4FD1-B2B4-BB9EB4A33491}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{74C5B5FA-FF9F-46F3-9BA9-0B1C1C6742C6}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{76198A9D-4EE3-4434-BB87-D8A082231B2B}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{766F39D4-C245-46F5-BC9B-FC71E4B5F15A}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{76A1DA5F-806B-4B4E-AB79-24A432AFC338}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{77FE7FC2-9D2D-4F81-B52C-13A12C9E97FB}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{78138486-45E5-4725-ADAB-613107AAE5FF}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{78A4CD8C-197D-4AC5-8F4D-558BF5474C2B}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{7A5D64F0-B4A0-4C84-88DD-6E17E3752246}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{7B8FADB0-6CB7-491B-B27E-683002006EE3}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{7BC1E64B-118E-4F5C-ACCD-29FBDA9E269A}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{7E40422D-E8D6-47F9-BA25-CB3DDDB6CF13}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{7F02075A-B66F-47CC-A6B1-901C972AABA0}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{80C91704-C5B7-4DD7-A636-94A5DC7CC9E4}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{825F7849-D0A4-4921-89AC-51C011836E3D}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{82AE00E9-1483-44D2-817C-6B3B19354FD5}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{83E14763-01E3-4186-AB1B-04AAE64E9B08}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{850F989F-A9AE-4294-BFA0-674A3A2B5427}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{85C67D93-AE7A-4E73-A890-5F707268FC70}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{86984DB7-6C1B-4A63-B982-78380DCC42B4}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{884C733B-3BEA-4014-A128-932C18CDC9B6}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{885EE7AC-53E7-46F4-9C9B-77B5F13B67E3}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{8899F966-A56F-4E9B-9F42-9537682711BF}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{8A67E656-243B-4CDB-813C-73C806D881C9}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{8BAA378C-3F0C-4005-9243-F2CDB80168CC}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{8C303386-7E48-487F-96A6-90B774BC1A81}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{8D6BAC75-9FBA-4C98-8D94-ED2B77E07C4E}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{8DFEE540-F792-412E-B557-B231AFB41A91}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{8E3E9FB7-51B9-4E73-9CF5-93C00F1C658A}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{8F1106F7-8589-4939-8DF1-DAFAF6370344}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{8F1BBB0B-621E-448A-9E91-51E84A000320}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{8F2425B9-13CD-4177-BE6C-BDE5AFFEC312}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{90091FEB-E147-4A25-861F-88A4E9FE1917}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{914DE5F6-562A-43FB-B200-F8D24B5DB3F3}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{923E8561-7F79-44FE-A15F-585B0C568F3F}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{9294C165-3663-4662-BF53-B202125D5AF9}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{93658F29-DB48-4429-962B-B346417CD22A}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{942EE2D3-3466-4D1B-B4F1-4062DB1ABD1D}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{977DD1CB-F2A7-4C5F-BFE3-5DA9ABBF4832}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{97DE56DF-E48C-4001-811F-F5E8B4930CB3}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{97DEA330-1FB4-44D4-9CE1-09328E6327F6}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{9825C8CF-B178-4599-8354-42036D902560}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{9847A087-E848-46AC-8139-0F6BBA425FAE}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{98A4A9DE-6385-4DAA-A442-30EF37CE7490}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{98D476CD-F583-48E9-BE7F-569EDC3B82E5}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{99F566D3-5912-4772-B1E0-F71BFFE100BC}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{9AA00088-D38D-4551-871C-706DBBC9F909}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{9C9B70C0-D661-406C-B77E-FA7DF9416A1C}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{9CB2BC19-17FB-4D7B-901B-2E42FD9F590A}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{9CF06075-0795-497D-8262-D6895427E977}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{9D6D658E-D611-4B91-82B1-5811185B69D9}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{9DA6DE91-32AB-4AC4-B972-60747856605E}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{9E01B121-8E70-4BB3-B572-FD5178902458}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{9E1E9B7E-3664-4B4A-9A90-26E76EAE3C84}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{9EFA7DE3-ACD4-4AF4-867F-5001C6FBFF60}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{9F0F1D69-0EBF-447C-8970-148571355598}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{9F34D7FB-3BD5-4017-9CAA-40FEF34B98CC}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{A1812687-ECC2-4F34-A32A-8A3D51A85F70}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{A355CFC8-BA90-4B3A-8521-F88A31974288}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{A5939BCB-F8B1-4CD6-9C9D-E58F43833C3D}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{A60338CE-F852-4AEB-9145-C2BD6B4DC3D4}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{A9A8F19D-4699-4005-B31F-95F15FA68545}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{AA23DFB1-0902-4CF8-808A-8B58202BE896}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{AA9672D9-1061-48AD-8D60-3956D4A60DC5}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{AABC30CF-916C-4D32-B8BB-EC111191369D}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{AB328847-A570-42E9-A5BA-54910730DA69}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{AC0A0EC2-2180-4922-9075-12AE65610F8E}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{AC2A9700-E030-47AE-AA80-868BE76B39EE}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{AE8C06D3-D949-418E-A018-DF5A7524A9D5}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{AFEF5A9A-5E3B-417A-BA6D-528DA6C0B4B3}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{B182FFFC-DD5B-482D-9F92-72CB57636A74}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{B25C832C-16F3-40AF-8C4E-1E476F134BB6}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{B31E2788-D0FD-45EA-AF25-7EAA4900E90E}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{B384081E-4CF1-4299-935A-EDFE95EEF09E}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{B3C307CF-DD30-462D-8238-8A2217053D4E}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{B44DF945-9E26-4E09-A86E-B9F6564CEAE2}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{B5EB090B-933C-4158-AF09-8EBD2B8A9B40}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{B71F3BCF-7719-4D5F-89ED-B0C5E3CADA2B}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{B77C57ED-450A-4F9D-9F85-14ADA1294143}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{B79FE313-0E8D-4457-96D1-9F0B544019F3}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{B935819B-C3B5-48E3-94E8-39429F4C5E83}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{BB1424BC-A7AF-4925-B4BB-0690FEFD4BB2}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{BB3BB05E-1B79-41BB-B6BC-E8DED64B90AF}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{BBBDD4F7-A950-47BE-87BC-E9B793690E55}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{BC8F9C33-DE0E-4198-878C-E95E0360F041}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{BCA151CF-5E6C-4FF1-AB61-5702DFAAB863}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{BCAF37AC-B211-4B04-98EC-C07E5DA58C93}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{BDBDB1A5-9037-4589-9966-94FABAB69715}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{BE1E56F0-61ED-4504-9DAD-40117FAFD274}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{BE5A2A77-FEA5-4B9E-B924-02A5E64AD878}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{C3BE864C-A061-4462-A15D-38021630876F}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{C3DE33BC-B70F-4C71-80A4-4FA49C3091DB}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{C4135BBE-FC37-43D1-B53C-40CE7A7DCF96}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{C4A759BB-29D7-4DCA-BD48-2EEA49768312}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{C525AB6A-1192-4F2E-9CE2-76C0E07F1668}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{C5331EAC-AFCD-4EAE-AF74-2A670CFF9040}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{C6BED79B-3AFD-41CA-833C-A7EE329D631B}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{C6F46C22-BAD4-44B1-948C-18A836CFDA02}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{CA129A29-FBCC-42FF-A53D-4356B43BFDED}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{CA36A9DA-E24B-4EE5-9375-424082473269}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{CB5712D8-5D16-4AB8-8F38-7A37729A72E8}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{CC020430-2B4F-4A3E-8292-11B3F1E40628}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{CC6B6645-6537-45E4-B22E-D3D06C0C0D0A}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{CCECB5DA-249D-4E83-A321-AC86CE2AA352}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{CD2E6217-CD1C-435E-9747-B680B048BC3D}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{CD2E97FE-02E2-40D0-BA05-389BF733DC88}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{CD54511F-3FED-4125-A05F-4A3307E10D60}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{CE19A43B-979A-4296-9ED6-5FF758E36C66}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{CE476846-7B9E-4206-96D8-65D39D15393C}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{CF0EFC99-2CDD-4281-96FC-52DF3D3A4239}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{CF984DFD-E187-4B39-B4E6-872E8101A198}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D0110088-73AE-453A-9B5C-709E7818C313}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D08EEBAB-9336-46CF-9236-40BE67D535DD}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D1CBD823-5F0E-4BC0-BBB6-C01563D60398}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D4517AFC-B5B1-493D-90B8-D9F4C9B3CEF1}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D48CF94B-9AB5-4534-AAB8-A5CF54200B4C}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D4E47FA3-7275-44AF-9CF4-493A3AEB8EE7}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D5789760-7AC8-4DE6-B186-5C348070830F}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D66F4949-D753-4377-AA51-5D8D8F69AC6D}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D6C1A776-A15E-4006-B326-E7E57301AE4C}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D6EDB4E2-633C-4A70-888D-C248EDF7E83E}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D7435823-C888-473E-A0FB-2DCD6C0ED07C}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D7813590-1D00-430F-AD41-0FB6C2FD8A04}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D787FC23-E364-4E0A-A16C-2014F5DCE446}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D8696A66-3852-4FF5-800B-75AFC0800D8F}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D86D2D6C-B97D-4484-8F20-D40F7E49E18E}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D8B8AB7F-AE6F-4035-80AD-3C8A9384CDFC}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D908BBF4-1D2F-459F-83CD-E559EC6C2491}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D91802D4-AFA7-418D-B95A-C9B7059DCA33}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D92A7783-73A9-415F-BED7-09862A6BE070}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D981C60B-2665-4C78-A26F-D157178C79D2}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{D99D7D92-CD55-4F9E-B7FC-5F03A404ADFF}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{DAC8EBE4-76C0-47D3-9B61-23F15C88D83F}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{DB492BA6-4EAA-4184-B972-FB73C2C6BCFF}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{DB8DC83C-0B6C-4546-A914-C1DD4548E762}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{DBE67BDC-A213-43C0-BB85-285837F1F41A}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{DC0FA6B7-2B2E-465A-AA6F-265BEE248661}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{DC3D33F5-F3F8-4988-890F-69C27C43A4B1}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{DCECDD24-7233-4E48-9EA9-458B7015FDA5}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{DD4D4F08-9B5D-4BF4-905E-DA8461FF76C5}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{DE1F5C46-5FF7-47FB-BF2B-FC82269BCE61}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{DEDF4ACE-F474-49AB-8048-598842182538}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{DF0AD6BF-60FD-40FD-A0D7-60FF8301821B}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{DF29DB2E-10A2-41A2-9EEC-0CD792DE0BCF}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{DF6152F4-9473-47B6-B1D5-3277A4F74A41}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{E0251489-6C3B-4C8E-B37A-96E7582A5D84}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{E036EA40-C61B-4F78-BB7F-1F3CC730F5C7}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{E0FD32C0-40CF-4C61-A7F0-994DA8EB1F2F}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{E1C5BC93-EA26-44FE-816D-EBAF0076DB8A}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{E1E4F4EE-76C4-40EC-8B77-9F3C3BEB6CBF}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{E3CE8C8F-A0C6-49F3-B4D5-3A034A2BC078}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{E5F72E1C-3CCB-494B-A1A4-7B560E1794AB}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{E7024FCC-FFC7-40EA-87ED-2A853DA88ED2}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{E9CA10CC-919A-49D4-8E27-839A5F6C7EEB}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{EC47A0E9-FA47-4ED7-9104-423C6B3D555D}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{ECA0AC56-F409-4523-BF4A-72DBD8CB26A6}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{ECA56A58-8CD0-4C5E-A694-4889C7EB3D24}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{ED51C866-03AD-44FF-B563-5C34117D5B95}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{EE5E1825-D4C7-4648-92D8-271DA4D0A712}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{EE964F5F-6ACA-416A-B4F2-512905776A2E}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{EEEDD2BA-7DDF-4036-AE10-4750A44995C8}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{EF6806EA-DF28-47E6-A4F7-408CE96985A3}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{EFBE16AC-217E-49A7-9854-EB6BFD3D02A0}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{F579A88E-8A15-417E-9FEB-5FBA59E58EF9}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{F5FFC9C7-97DD-4533-8DBC-69682302D4E5}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{F690C2F3-03A1-4DB9-97E8-315157BE59B5}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{F69DB8AB-B1B6-4EA9-AB65-490C71FE462A}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{F8DB928C-58B9-4242-836D-0265AFED93A3}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{F92BECA7-E47F-470B-AB82-E8CC129EEE54}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{F9EAA909-624E-4AC4-A708-F26FDD383332}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{FA155446-E43E-45D4-82AA-8C3FEB719120}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{FA80F44D-5B99-47B6-8EB7-6CB83628B1BE}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{FC0E3D3D-9669-41A9-BB4A-00457B1C93BB}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{FC71D66A-A392-470B-8452-F333A1C6EE6E}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{FCA1FE75-910A-4B2D-87BA-D959B7B0FAC7}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{FCAD9CA7-1119-4C56-85B6-4C2627076CB3}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{FD1392A9-57D5-4353-9147-64E2BBE6143C}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{FD5862FC-2FA2-4DBD-8804-439A7632C5E8}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{FE3D475D-FAE3-424C-AD64-5351CA57896C}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{FE94AF47-58FF-4262-A274-456C6D0975DB}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{FEA60A88-528D-4119-8A4D-F1EA396D2D6C}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{FF49D467-CCFD-4665-A63B-5C16A1822BEC}
Successfully deleted: [Empty Folder] C:\Users\Bernard\appdata\local\{FF75984B-3E0B-44D0-A1AA-240BBEF18252}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/09/2013 at 15:27:08.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[squall23]

OTL logfile created on: 26/09/2013 1:39:54 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\anti virus
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 3.52 Gb Available Physical Memory | 58.70% Memory free
10.50 Gb Paging File | 7.95 Gb Available in Paging File | 75.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.32 Gb Total Space | 4.67 Gb Free Space | 0.68% Space Free | Partition Type: NTFS
Drive D: | 11.31 Gb Total Space | 1.50 Gb Free Space | 13.29% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 179.55 Gb Free Space | 19.28% Space Free | Partition Type: NTFS
Drive N: | 931.51 Gb Total Space | 111.07 Gb Free Space | 11.92% Space Free | Partition Type: NTFS

Computer Name: BERNARD-PC | User Name: Bernard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/26 01:37:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\anti virus\OTL.exe
PRC - [2013/09/21 12:34:58 | 001,814,440 | ---- | M] (Valve Corporation) -- C:\Steam\Steam.exe
PRC - [2013/09/20 21:45:43 | 004,287,536 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Bernard\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/02/04 01:09:55 | 000,076,888 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2012/11/19 18:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\AVG\AVG2012\avgtray.exe
PRC - [2012/07/24 14:32:10 | 000,404,848 | ---- | M] (AnchorFree Inc.) -- C:\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012/03/15 18:54:28 | 000,108,136 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/02/10 02:00:16 | 000,012,800 | ---- | M] (Mr. John aka japamd) -- C:\RadeonPro\RadeonProSupport.exe
PRC - [2010/08/10 18:09:26 | 000,033,472 | ---- | M] () -- C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe
PRC - [2009/05/20 17:59:44 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
PRC - [2009/05/20 17:59:34 | 000,057,672 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2009/04/10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\conime.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/07/12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/12 17:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/05/29 16:19:06 | 000,198,240 | ---- | M] () -- c:\hp\HPEZBTN\HPBtnSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/21 12:35:00 | 001,121,192 | ---- | M] () -- C:\Steam\bin\chromehtml.dll
MOD - [2013/09/20 21:45:43 | 004,287,536 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2013/09/10 16:20:56 | 020,625,832 | ---- | M] () -- C:\Steam\bin\libcef.dll
MOD - [2013/08/21 16:18:28 | 000,687,104 | ---- | M] () -- C:\Steam\SDL2.dll
MOD - [2013/08/14 15:57:41 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
MOD - [2013/08/14 04:41:27 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b8e424ef545f262fd6cb9f35b97fc8b9\System.Configuration.ni.dll
MOD - [2013/08/14 03:37:53 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/14 03:37:41 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f575e4c534a93294c72fea670ca73492\System.Windows.Forms.ni.dll
MOD - [2013/08/14 03:37:34 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/14 03:37:24 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1eff630f4194c74287d1dd4a859693f7\System.Data.ni.dll
MOD - [2013/08/14 03:37:18 | 002,295,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\58cc7987d11d3b0a2fc4427eb6cc057e\System.Core.ni.dll
MOD - [2013/08/14 03:37:15 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1907eca427f3b8a0b672d7582427bace\PresentationFramework.ni.dll
MOD - [2013/08/14 03:37:03 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a42ae90abfc074ec34aac50353324f66\PresentationCore.ni.dll
MOD - [2013/08/14 03:36:53 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\e887556e2e663db3f545345d634e125b\WindowsBase.ni.dll
MOD - [2013/08/14 03:36:42 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/10 03:48:29 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2013/06/14 17:49:12 | 001,100,800 | ---- | M] () -- C:\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 17:49:12 | 000,192,000 | ---- | M] () -- C:\Steam\bin\avformat-53.dll
MOD - [2013/06/14 17:49:12 | 000,124,416 | ---- | M] () -- C:\Steam\bin\avutil-51.dll
MOD - [2013/04/29 19:18:23 | 016,032,648 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010/12/01 18:24:31 | 007,158,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.51.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll
MOD - [2010/12/01 18:24:31 | 000,444,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.51.0__bebb3c8816410241\AlienwareAlienFXTools.dll
MOD - [2010/12/01 18:24:31 | 000,073,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.49.0__bebb3c8816410241\AlienLabsTools.dll
MOD - [2010/12/01 18:24:31 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
MOD - [2010/12/01 18:24:31 | 000,035,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
MOD - [2010/12/01 18:24:31 | 000,031,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.49.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
MOD - [2010/12/01 18:24:31 | 000,027,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
MOD - [2010/12/01 18:24:31 | 000,027,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
MOD - [2010/12/01 18:24:31 | 000,024,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.51.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
MOD - [2010/12/01 18:24:31 | 000,024,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.51.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
MOD - [2010/12/01 18:24:31 | 000,019,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.51.0__bebb3c8816410241\AlienFX.Communication.Core.dll
MOD - [2010/12/01 18:24:31 | 000,014,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.51.0__bebb3c8816410241\AlienFX.Communication.dll
MOD - [2010/08/10 18:09:26 | 000,033,472 | ---- | M] () -- C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe
MOD - [2009/03/29 21:42:18 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2006/10/18 08:35:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Kuma Games\kgsystray\_socket.pyd
MOD - [2006/10/18 08:35:16 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Kuma Games\kgsystray\pyexpat.pyd
MOD - [2006/10/18 08:35:14 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Kuma Games\kgsystray\zlib.pyd
MOD - [2006/10/18 08:35:10 | 001,871,872 | ---- | M] () -- C:\Program Files (x86)\Kuma Games\kgsystray\python24.dll
MOD - [2006/10/18 08:18:58 | 000,499,712 | ---- | M] () -- C:\Program Files (x86)\Kuma Games\kgsystray\_ssl.pyd
MOD - [2006/09/22 21:12:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Kuma Games\kgsystray\winxpgui.pyd
MOD - [2006/09/22 21:11:58 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Kuma Games\kgsystray\win32gui.pyd
MOD - [2006/09/22 21:02:10 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Kuma Games\kgsystray\win32api.pyd
MOD - [2006/09/22 21:01:50 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Kuma Games\kgsystray\pywintypes24.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/27 19:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 09:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2013/09/21 12:35:00 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/01 14:08:23 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/04 01:09:55 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/11/02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/24 14:32:10 | 000,404,848 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012/07/12 13:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/05 09:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/02/10 02:00:16 | 000,012,800 | ---- | M] (Mr. John aka japamd) [Auto | Running] -- C:\RadeonPro\RadeonProSupport.exe -- (RadeonPro Support Service)
SRV - [2010/12/28 02:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/06/25 11:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/05/25 09:17:28 | 003,549,696 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/05/29 16:19:06 | 000,198,240 | ---- | M] () [Auto | Running] -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/20 18:45:23 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013/04/11 03:18:40 | 000,384,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/10 04:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/11/08 04:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/27 20:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/09/27 20:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/27 19:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/24 14:11:54 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/05/13 15:47:29 | 000,013,864 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hostnt.sys -- (HOSTNT)
DRV:64bit: - [2012/05/12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 06:31:50 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/08 22:00:58 | 000,023,896 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VirtDisk64.sys -- (YLMFVDISK)
DRV:64bit: - [2011/05/24 17:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\taphss.sys -- (taphss)
DRV:64bit: - [2011/02/23 05:42:49 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/08/19 20:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/06/25 11:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/01/01 11:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/10/06 12:54:18 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2009/10/06 12:53:56 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2009/10/06 12:53:56 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2009/10/06 12:53:54 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009/10/02 21:00:20 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/10/01 20:40:04 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/28 16:20:44 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/08/09 15:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2009/04/22 18:10:56 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2009/04/22 18:10:40 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/04/22 18:10:32 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/04/10 22:39:38 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/05/08 06:27:00 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2008/05/08 06:25:12 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/05/08 06:24:08 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys -- (HSF_DP)
DRV:64bit: - [2008/03/26 09:24:04 | 000,405,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28x.sys -- (netr28x)
DRV:64bit: - [2008/03/19 01:29:30 | 001,379,584 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2008/02/14 08:56:14 | 000,160,768 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/20 20:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/10/18 09:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/07/12 10:35:44 | 000,381,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2007/06/29 14:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2006/06/19 08:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2012/03/17 17:49:09 | 000,017,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Bernard\AppData\Local\Temp\006955E.tmp -- (X6va006)
DRV - [2011/09/14 17:17:31 | 000,024,144 | ---- | M] (Beijing Joychina Network Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\Temp\ncvet.dll -- (ncvet.dll)
DRV - [2005/01/01 21:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2004/04/26 19:11:32 | 000,017,280 | ---- | M] (Intellon, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\PLCNDIS5.SYS -- (PLCNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10}
IE:64bit: - HKLM\..\SearchScopes\{57392D2C-8F82-478C-994D-0C0D9FB35D6C}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{57392D2C-8F82-478C-994D-0C0D9FB35D6C}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\SearchScopes,DefaultScope = {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{57392D2C-8F82-478C-994D-0C0D9FB35D6C}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
IE - HKCU\..\SearchScopes\{6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=183.181.25.248:80

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: CSWebLauncher%40cyberstep.com:1.0.0.13
FF - prefs.js..extensions.enabledAddons: SQLiteManager%40mrinalkant.blogspot.com:0.8.0
FF - prefs.js..extensions.enabledAddons: %7B35106bca-6c78-48c7-ac28-56df30b51d2a%7D:1.3.9
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B6dd0bdba-0a02-429e-b595-87a7dfdca7a1%7D:0.8.8.1
FF - prefs.js..extensions.enabledAddons: %7Bbb6bc1bb-f824-4702-90cd-35e2fb24f25d%7D:1.5.1.1
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: firefox%40mega.co.nz:1.0.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Thunder Network\Thunder\BHO\xluser\npxluser.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Bernard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Thunder Network\Thunder\BHO\xluser\npxluser.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\AVG\AVG2012\Firefox4\ [2013/05/14 12:59:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/03/15 18:56:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 17:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Mozilla Firefox\components [2013/03/12 22:43:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Mozilla Firefox\plugins [2013/02/14 01:39:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 18.0.1\extensions\\Components: C:\Program Files\\Waterfox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 18.0.1\extensions\\Plugins: C:\Program Files\\Waterfox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6FACD0C3-EF9B-4F52-94DB-6E745D1116A0}: C:\Users\Bernard\AppData\Local\{6FACD0C3-EF9B-4F52-94DB-6E745D1116A0} [2011/07/08 15:50:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Bernard\AppData\Roaming\IDM\idmmzcc5

[2009/08/10 23:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Extensions
[2013/09/18 23:53:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions
[2010/04/27 15:10:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/06 23:18:21 | 000,000,000 | ---D | M] (NeffyPlugin Launcher) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{5601B994-0E9B-4ce2-8AB9-AD1155F2ABBD}
[2012/10/12 17:04:38 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2012/02/28 23:19:04 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012/09/19 12:26:10 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011/06/23 21:41:32 | 000,000,000 | ---D | M] ("CS Web Launcher") -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\CSWebLauncher@cyberstep.com
[2013/09/18 23:53:31 | 000,000,000 | ---D | M] (ExHentai Easy) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\jid0-db0owQRjcx0mRj5LBNH2MHAwEkc@jetpack
[2013/08/09 17:08:45 | 000,004,366 | ---- | M] () (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\firefox@mega.co.nz.xpi
[2013/04/18 23:23:19 | 000,069,170 | ---- | M] () (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\mediahint@jetpack.xpi
[2013/05/03 05:55:28 | 000,248,978 | ---- | M] () (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
[2013/05/05 16:13:11 | 000,581,999 | ---- | M] () (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\uriloader@pdf.js.xpi
[2011/10/17 21:39:31 | 000,067,870 | ---- | M] () (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
[2013/04/17 18:31:11 | 000,282,569 | ---- | M] () (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2013/09/09 00:54:55 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/04 16:29:49 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/05/03 05:54:32 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/09/21 17:14:17 | 000,002,431 | ---- | M] () -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\searchplugins\anime-news-network.xml
[2012/11/01 20:53:51 | 000,000,914 | ---- | M] () -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\searchplugins\dictionarycom.xml
[2013/09/19 22:42:13 | 000,002,006 | ---- | M] () -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\searchplugins\urban-dictionary.xml
[2009/08/11 02:29:51 | 000,000,952 | ---- | M] () -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\searchplugins\youtube-video-search.xml

 

[squall23]

O1 HOSTS File: ([2013/09/11 19:30:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (3F2D81A2-AB9C-DA82-039C-33E7BC2362D3 Class) - {3F2D81A2-AB9C-DA82-039C-33E7BC2362D3} - C:\Thunder Network\Thunder\BBInside\{3F2D81A2-AB9C-DA82-039C-33E7BC2362D3}\AddressBar.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\FlashGet\getflash.dll (www.flashget.com)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Bernard\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\DAEMON Tools Lite\DTLite.exe" -autorun File not found
O4 - HKCU..\Run: [igndlm.exe] C:\Download Manager\dlm.exe (IGN Entertainment)
O4 - HKCU..\Run: [KiesHelper] C:\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce\Setup: [Registering MS MPEG4 ActiveX filter...] C:\WINDOWS\SysWOW64\MPG4ds32.ax (Microsoft Corporation)
O4 - HKLM..\RunOnce\Setup: [Registering WMA ActiveX filter...] C:\WINDOWS\SysWOW64\msadds32.ax (Microsoft Corporation)
O4 - Startup: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk = C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe ()
O4 - Startup: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: &?????? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &?????????? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\FlashGet\JC_LINK.HTM ()
O8:64bit: - Extra context menu item: &ʹÓÃÓŵ°ÏÂÔØ - C:\UDown\getUrl.htm File not found
O8:64bit: - Extra context menu item: &ʹÓÃÓŵ°ÏÂÔØÈ«²¿Á´½Ó - C:\UDown\getAllUrl.htm File not found
O8:64bit: - Extra context menu item: &E1OAOAμ°IAOO - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &E1OAOAμ°IAOOE≪2?A´?O - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &U????????? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &U?????????????????? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &UE1OAA×EEIAOO2￠EO2O - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &UʹÓÃÃ×ÈËÏÂÔز¢ÊÕ²Ø - C:\NamiRobot\Data\du.html File not found
O8:64bit: - Extra context menu item: &U使用米人下?并收藏 - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &U使用米人下载并收藏 - C:\NamiRobot\Data\du.html File not found
O8:64bit: - Extra context menu item: &ﾑｸﾀﾗﾏﾂﾔﾘｵｽﾊﾖｻ - Reg Error: Key error. File not found
O8:64bit: - Extra context menu item: &使用?蛋下? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &使用?蛋下?全部?接 - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &使用115优蛋下载 - C:\115\UDown\getUrl.htm ()
O8:64bit: - Extra context menu item: &使用115优蛋下载全部链接 - C:\115\UDown\getAllUrl.htm ()
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Xilisoft\Download YouTube Video\upod_link.HTM ()
O8:64bit: - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Xilisoft\YouTube Video Converter\upod_link.HTM ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: &?????? - Reg Error: Value error. File not found
O8 - Extra context menu item: &?????????? - Reg Error: Value error. File not found
O8 - Extra context menu item: &Download All with FlashGet - C:\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &ʹÓÃÓŵ°ÏÂÔØ - C:\UDown\getUrl.htm File not found
O8 - Extra context menu item: &ʹÓÃÓŵ°ÏÂÔØÈ«²¿Á´½Ó - C:\UDown\getAllUrl.htm File not found
O8 - Extra context menu item: &E1OAOAμ°IAOO - Reg Error: Value error. File not found
O8 - Extra context menu item: &E1OAOAμ°IAOOE≪2?A´?O - Reg Error: Value error. File not found
O8 - Extra context menu item: &U????????? - Reg Error: Value error. File not found
O8 - Extra context menu item: &U?????????????????? - Reg Error: Value error. File not found
O8 - Extra context menu item: &UE1OAA×EEIAOO2￠EO2O - Reg Error: Value error. File not found
O8 - Extra context menu item: &UʹÓÃÃ×ÈËÏÂÔز¢ÊÕ²Ø - C:\NamiRobot\Data\du.html File not found
O8 - Extra context menu item: &U使用米人下?并收藏 - Reg Error: Value error. File not found
O8 - Extra context menu item: &U使用米人下载并收藏 - C:\NamiRobot\Data\du.html File not found
O8 - Extra context menu item: &ﾑｸﾀﾗﾏﾂﾔﾘｵｽﾊﾖｻ - Reg Error: Key error. File not found
O8 - Extra context menu item: &使用?蛋下? - Reg Error: Value error. File not found
O8 - Extra context menu item: &使用?蛋下?全部?接 - Reg Error: Value error. File not found
O8 - Extra context menu item: &使用115优蛋下载 - C:\115\UDown\getUrl.htm ()
O8 - Extra context menu item: &使用115优蛋下载全部链接 - C:\115\UDown\getAllUrl.htm ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Xilisoft\Download YouTube Video\upod_link.HTM ()
O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Xilisoft\YouTube Video Converter\upod_link.HTM ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/UNO%20-%20Undercover/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/UNO%20-%20Undercover/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{081F9EF9-9B38-4560-8DE5-BCF5512DA67E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E2774A5-2766-4D2A-9844-B884397420A9}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/10 18:54:52 | 000,000,170 | ---- | M] () - I:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{33186d40-230e-11e3-84b0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{33186d40-230e-11e3-84b0-806e6f6e6963}\Shell\AutoRun\command - "" = K:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/25 15:19:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/25 05:07:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/22 16:49:43 | 001,955,550 | ---- | C] (Farbar) -- C:\Users\Bernard\Desktop\FRST64.exe
[2013/09/21 19:45:59 | 000,000,000 | ---D | C] -- C:\King Of Fighters XIII
[2013/09/21 19:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
[2013/09/21 19:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2013/09/21 16:37:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/21 04:53:04 | 005,128,554 | ---- | C] (Swearware) -- C:\Users\Bernard\Desktop\your_name.exe
[2013/09/21 04:40:38 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/09/20 22:11:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2013/09/20 22:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/09/20 21:45:06 | 000,000,000 | ---D | C] -- C:\Users\Bernard\.swt
[2013/09/20 18:45:23 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013/09/19 21:22:50 | 000,000,000 | ---D | C] -- C:\Users\Bernard\AppData\Roaming\ImgBurn
[2013/09/19 21:22:06 | 000,000,000 | ---D | C] -- C:\ImgBurn
[2013/09/19 21:19:40 | 000,000,000 | ---D | C] -- C:\Users\Bernard\AppData\Local\ElevatedDiagnostics
[2013/09/19 02:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/09/17 22:49:39 | 000,000,000 | ---D | C] -- C:\Users\Bernard\Desktop\RK_Quarantine
[2013/09/16 23:34:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2013/09/11 18:08:50 | 000,000,000 | ---D | C] -- C:\FRST
[2013/09/11 18:08:26 | 002,899,344 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Bernard\Desktop\avg_remover_stf_x64_2012_2125.exe
[2013/09/11 18:02:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/09/11 17:57:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/11 17:57:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/11 17:57:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/11 17:49:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/11 17:48:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/11 07:00:50 | 000,000,000 | ---D | C] -- C:\anti virus
[2013/09/11 06:10:21 | 000,000,000 | ---D | C] -- C:\Users\Bernard\AppData\Roaming\Malwarebytes
[2013/09/11 06:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/11 06:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/11 06:09:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/11 06:09:50 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2013/09/11 05:33:00 | 000,000,000 | ---D | C] -- C:\Users\Bernard\Documents\HTST - Copy
[2013/09/08 23:56:16 | 000,000,000 | ---D | C] -- C:\Users\Bernard\Documents\Larian Studios
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[20 C:\Users\Bernard\AppData\Local\*.tmp files -> C:\Users\Bernard\AppData\Local\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/26 00:52:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/26 00:04:40 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/26 00:04:40 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/25 23:31:33 | 000,777,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/25 23:31:33 | 000,645,952 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/25 23:31:33 | 000,125,094 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/25 15:52:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/25 14:11:14 | 138,223,410 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/09/25 14:04:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/25 03:59:09 | 000,040,448 | ---- | M] () -- C:\Users\Bernard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/24 18:06:52 | 000,916,067 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/09/22 16:49:49 | 001,955,550 | ---- | M] (Farbar) -- C:\Users\Bernard\Desktop\FRST64.exe
[2013/09/21 20:30:06 | 000,000,286 | ---- | M] () -- C:\Users\Bernard\Documents\ax_files.xml
[2013/09/21 16:39:52 | 000,002,032 | ---- | M] () -- C:\Users\Bernard\AppData\Local\d3d9caps.dat
[2013/09/21 04:53:07 | 005,128,554 | ---- | M] (Swearware) -- C:\Users\Bernard\Desktop\your_name.exe
[2013/09/20 22:11:44 | 000,001,006 | ---- | M] () -- C:\Users\Bernard\Desktop\Game Launcher.lnk
[2013/09/20 18:45:23 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013/09/17 22:48:33 | 003,787,776 | ---- | M] () -- C:\Users\Bernard\Desktop\RogueKillerX64.exe
[2013/09/15 20:56:21 | 717,933,352 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/11 20:06:40 | 002,899,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Bernard\Desktop\avg_remover_stf_x64_2012_2125.exe
[2013/09/11 19:30:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/09/11 08:06:41 | 000,000,732 | ---- | M] () -- C:\Users\Bernard\AppData\Local\d3d9caps64.dat
[2013/09/11 05:08:28 | 000,411,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[20 C:\Users\Bernard\AppData\Local\*.tmp files -> C:\Users\Bernard\AppData\Local\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/21 20:30:06 | 000,000,286 | ---- | C] () -- C:\Users\Bernard\Documents\ax_files.xml
[2013/09/20 22:11:44 | 000,001,006 | ---- | C] () -- C:\Users\Bernard\Desktop\Game Launcher.lnk
[2013/09/17 22:48:30 | 003,787,776 | ---- | C] () -- C:\Users\Bernard\Desktop\RogueKillerX64.exe
[2013/09/11 17:57:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/11 17:57:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/11 17:57:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/11 17:57:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/11 17:57:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/24 02:09:47 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\dvttrn.dll
[2013/03/12 20:35:10 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat
[2013/02/04 00:28:46 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/07/14 05:26:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/07/14 04:57:05 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/07/01 00:00:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/06/09 18:42:18 | 000,000,552 | ---- | C] () -- C:\Users\Bernard\AppData\Local\d3d8caps.dat
[2012/05/13 15:47:57 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\RC_Err_Info.dll
[2012/03/17 22:47:40 | 000,819,200 | -HS- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/17 22:47:40 | 000,180,224 | -HS- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/02/06 01:57:22 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2012/01/07 23:59:09 | 000,002,006 | -HS- | C] () -- C:\Users\Bernard\AppData\Local\tg2241df7qlm73d86m436gn8m8y1hmqoy104oqcv2y87vy
[2012/01/07 23:59:09 | 000,002,006 | -HS- | C] () -- C:\ProgramData\tg2241df7qlm73d86m436gn8m8y1hmqoy104oqcv2y87vy
[2011/10/16 18:20:09 | 000,000,026 | -HS- | C] () -- C:\Windows\SysWow64\Userdata.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/07/08 15:50:50 | 000,000,120 | ---- | C] () -- C:\Users\Bernard\AppData\Local\Wyiru.dat
[2011/07/08 15:50:50 | 000,000,000 | ---- | C] () -- C:\Users\Bernard\AppData\Local\Fdagoyadomi.bin
[2011/07/08 15:42:36 | 000,017,663 | ---- | C] () -- C:\Users\Bernard\AppData\Roaming\FF5E.B3A
[2011/04/10 15:25:31 | 000,000,109 | ---- | C] () -- C:\Users\Bernard\AppData\Roaming\svchost.jxe
[2011/03/16 03:01:10 | 000,000,600 | ---- | C] () -- C:\Users\Bernard\AppData\Roaming\winscp.rnd
[2010/11/13 15:33:59 | 000,002,032 | ---- | C] () -- C:\Users\Bernard\AppData\Local\d3d9caps.dat
[2010/04/12 23:22:59 | 000,000,000 | ---- | C] () -- C:\Users\Bernard\AppData\Local\prvlcl.dat
[2010/03/03 01:16:11 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/12 02:01:08 | 000,040,448 | ---- | C] () -- C:\Users\Bernard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/10 21:25:48 | 000,000,732 | ---- | C] () -- C:\Users\Bernard\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 09:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 20:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2012/04/14 01:54:38 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\115
[2011/12/21 16:11:09 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\356AE
[2011/12/21 16:11:09 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\40D35
[2013/03/18 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\AdbDriverInstaller
[2013/03/12 22:33:26 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\AnvSoft
[2012/02/25 00:33:57 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\AVG2012
[2011/05/11 01:23:20 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\avidemux
[2011/12/26 22:22:47 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Beat Hazard
[2012/01/19 22:15:45 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\BigHugeEngine
[2010/03/04 22:15:54 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Bioshock2
[2013/01/13 04:56:42 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\BitComet
[2010/08/07 03:28:02 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\BoneTown
[2012/05/25 04:04:17 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Carbon
[2010/12/01 21:41:15 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2009/08/28 16:57:29 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DAEMON Tools Lite
[2012/02/20 20:55:14 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DarknessII
[2012/01/25 05:22:01 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DarknessIIDemo
[2011/03/29 22:23:51 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DarksporeData
[2012/09/30 00:36:46 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Defod
[2011/11/13 21:51:26 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\digipen
[2010/11/09 21:27:05 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DiskAid
[2011/12/25 00:05:37 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DMCache
[2012/02/06 01:57:22 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DonationCoder
[2013/04/12 22:15:59 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Doublefine
[2012/09/30 00:36:52 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Exyq
[2012/12/30 20:15:38 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\FairyBloomRe
[2009/08/11 15:19:29 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\FlashGet
[2013/03/12 22:43:12 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Free AVI MPEG WMV MP4 FLV Video Joiner
[2010/10/07 17:12:55 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\FreeArc
[2009/09/21 00:29:18 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\GetRightToGo
[2011/05/08 03:08:18 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Ice-pick Lodge
[2013/04/29 02:16:47 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\iFunbox_UserCache
[2009/08/11 21:52:43 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\ijjigame
[2013/09/19 21:22:50 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\ImgBurn
[2011/09/15 21:04:21 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\JoyChina
[2011/05/24 19:33:53 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Leadertech
[2011/05/26 17:11:54 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Lionhead Studios
[2011/12/16 04:53:25 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Lixax
[2011/03/06 00:59:05 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\LolClient
[2009/09/04 19:34:06 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/11/22 06:11:27 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Megaupload
[2011/10/01 22:55:25 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
[2011/05/11 01:43:49 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\mkvtoolnix
[2011/12/18 03:35:18 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\MotioninJoy
[2010/04/18 20:38:26 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Mount&Blade Warband
[2011/05/03 19:58:04 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Mount&Blade With Fire and Sword
[2013/03/27 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\MP3SkypeRecorder
[2011/10/30 01:03:58 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Mp3tag
[2011/10/31 03:54:00 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\muvee Technologies
[2013/07/26 23:19:30 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Natural Selection 2
[2009/10/12 03:01:08 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\NeopleLauncherDFO
[2009/12/16 20:52:26 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Nokia
[2013/05/03 06:14:28 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Notepad++
[2012/02/06 01:55:57 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Orbit
[2011/10/26 00:12:15 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Origin
[2009/12/16 20:44:06 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\PC Suite
[2010/03/30 03:11:17 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\PlayFirst
[2012/02/06 01:47:03 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\ProgSense
[2011/03/21 00:06:42 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\PunkBuster
[2012/03/21 18:27:06 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\RadeonPro
[2010/09/02 19:43:04 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\runic games
[2011/03/12 17:38:48 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Samsung
[2010/06/08 19:48:40 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\SEGA Corporation
[2009/12/13 02:10:59 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\SonyEricsson
[2009/08/16 00:45:30 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\SpinTop
[2012/02/09 16:57:17 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\TeamViewer
[2013/09/24 00:30:17 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\The Creative Assembly
[2013/03/26 21:36:37 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Ubisoft
[2012/05/13 21:02:09 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\UDown
[2012/10/13 21:45:21 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Unity
[2009/08/16 00:51:42 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\UNOUndercover
[2011/08/06 22:12:48 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Upyri
[2010/10/31 20:55:45 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\uTorrent
[2012/09/30 00:36:46 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Vahais
[2009/12/08 03:37:01 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2010/03/16 01:40:45 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\VitySoft
[2012/01/25 17:55:26 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Vocou
[2011/12/17 05:58:21 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\VOWSoft
[2013/05/03 05:44:11 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Waterfox Limited
[2010/03/30 03:08:51 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\WildTangent
[2012/05/26 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Windows Authenticator
[2010/01/29 03:26:06 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Xilisoft
[2013/01/21 00:27:26 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\YoudaGames

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/09/16 14:50:32 | 000,000,000 | ---D | M](C:\Users\Bernard\Documents\?? ???) -- C:\Users\Bernard\Documents\넥슨 플러그
[2010/09/16 14:50:32 | 000,000,000 | ---D | C](C:\Users\Bernard\Documents\?? ???) -- C:\Users\Bernard\Documents\넥슨 플러그
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷?件) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?z?X?s?^???e?B?`???e?a‰@?A?I?G???・?￢?e“u‰@?≪???`) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ƒzƒXƒsƒ^ƒŠƒeƒB`‚ ‚é•a‰@‚ł̃Gƒ‚·‚¬‚é“ü‰@«Šˆ`

< End of report >

 

[squall23]

OTL Extras logfile created on: 11/09/2013 7:06:08 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\anti virus
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 5.06 Gb Available Physical Memory | 84.37% Memory free
12.11 Gb Paging File | 11.42 Gb Available in Paging File | 94.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.32 Gb Total Space | 2.15 Gb Free Space | 0.31% Space Free | Partition Type: NTFS
Drive D: | 11.31 Gb Total Space | 1.50 Gb Free Space | 13.29% Space Free | Partition Type: NTFS
Drive O: | 57.58 Gb Total Space | 0.67 Gb Free Space | 1.17% Space Free | Partition Type: FAT32

Computer Name: BERNARD-PC | User Name: Bernard | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Waterfox\waterfox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 04 4C 99 F9 CB 5A CB 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C8787B2-6572-45AF-BD5F-3C98BA915CED}" = rport=80 | protocol=6 | dir=out | app=c:\steam\steamapps\common\warframe\warframe.exe |
"{1EA9B778-E6D5-428A-B31F-B10BAE1F85AC}" = lport=6890 | protocol=17 | dir=in | name=league of legends launcher |
"{225AC9C2-95FE-4F08-BA0E-C4E050BBDCE8}" = lport=49172 | protocol=6 | dir=in | name=akamai netsession interface |
"{2661E26D-0FB7-4C61-A6D1-14E1F6578B7C}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{3071811C-93AA-40FE-B669-5D82120E32B4}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{3A5AE4EE-9BBD-4B24-A23F-278CF711B899}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{3C19EE88-8CB6-496B-BC26-31ADEBC74B12}" = lport=8372 | protocol=17 | dir=in | name=league of legends launcher |
"{4462E2B9-B975-4776-9939-F3B9F2BA7E96}" = lport=50858 | protocol=6 | dir=in | name=akamai netsession interface |
"{47624D21-D2E3-4C3C-A21A-C0F994FB0745}" = lport=6881 | protocol=17 | dir=in | name=bitcomet 6881 udp |
"{4B25CD69-74EB-4923-A2BE-031BA03D4266}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{51B80C2B-2D50-4EEF-A785-C6A39065CD87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{5C20101A-F5F5-4FA2-A6A6-220F757AB057}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{63CE5789-09A9-4B96-9FBA-BB40BB866F06}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6B027062-0F8A-47FE-9C7D-360D3A282AD3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{74A0568E-1E62-438E-A4C3-6E969D2080D8}" = lport=6890 | protocol=6 | dir=in | name=league of legends launcher |
"{77531FC8-05A4-45F9-992A-7DC0223617F9}" = lport=6909 | protocol=6 | dir=in | name=league of legends launcher |
"{944DB591-E679-4C37-B292-26F7CB6BD0D5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{952F005D-1B32-4B40-A36C-49D65D41D0C7}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{97F03058-30FE-4AE6-BBDB-43A79D311870}" = lport=6909 | protocol=17 | dir=in | name=league of legends launcher |
"{A7CA8F0D-7043-47D6-9C24-3CFFE3BBAAB9}" = rport=80 | protocol=6 | dir=out | app=c:\steam\steamapps\common\warframe\warframe.x64.exe |
"{B3BC0298-777C-496D-9E55-25CF7C59F81F}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{BABFF3E4-3FC2-45EC-844E-6819617E5D30}" = lport=8372 | protocol=6 | dir=in | name=league of legends launcher |
"{C51F62B1-6560-49E3-96B2-113DB38D68B3}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{D1804A5E-2639-4B04-9D88-868ADC1C7F5F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{E276FA86-3788-4AB9-814D-16E43BC63025}" = lport=6881 | protocol=6 | dir=in | name=bitcomet 6881 tcp |
"{F66FE3D4-23D8-4BD9-9BAB-003FFAF9A5F2}" = rport=80 | protocol=6 | dir=out | app=c:\steam\steamapps\common\warframe\tools\launcher.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020E4C54-7E06-4FC0-A794-FD2F36F16535}" = protocol=17 | dir=out | app=c:\steam\steamapps\common\warframe\warframe.exe |
"{02906DFE-1E96-425D-9E56-47A8EF3688DF}" = protocol=6 | dir=in | app=c:\ventrilo\ventrilo.exe |
"{03086954-9609-40C7-9A88-4B1971551178}" = protocol=6 | dir=in | app=c:\program files (x86)\kuma games\kuma.exe |
"{04DFDC5C-5CC4-4DD3-A3A7-8B019562CEA9}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\beat hazard\beathazard.exe |
"{05D5C414-78DE-4EDD-9B50-8FA4E212F32F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{082A8841-A9AB-49ED-871A-AC610C85E31A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0B299EB8-DDA6-47C0-BCD2-1BF606A659A2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{0D2A4524-F5C2-4EFD-A034-E2E98AE52F40}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{0E2BBFC6-281F-4EC3-9E46-AF687FB9774C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{102D3091-67C2-4802-BF91-1A4C5EFFF316}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\recettear - demo\recettear.exe |
"{128EC3C3-3639-4594-9D0B-FBF8FCE7E67D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{136B0141-2F39-417C-BA2A-11094A24E4D9}" = protocol=17 | dir=in | app=c:\users\bernard\appdata\local\temp\purplebean.exe |
"{14091400-23E9-47DE-8270-DD91AAC85BC0}" = protocol=17 | dir=in | app=c:\avg\avg2012\avgdiagex.exe |
"{1651EB21-63D3-4B84-9162-DBD15EA5D8B2}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\beat hazard\runme.exe |
"{1BF653C6-4819-4BE0-AFEB-5D5C7A38C105}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\autopatcherx.exe |
"{211470E3-DDD8-45CA-A350-97B2FA976390}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{21DA93FB-9B46-4344-87CF-A113724AC212}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{27081B54-57C8-43B9-8BB1-B65ECC7FA4C2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\autopatcher2.exe |
"{282A637B-3FD2-4B4D-B91A-D9549EE75288}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{2AAF0EDD-C9DB-42E6-AF5C-5E7D9BAC9819}" = protocol=6 | dir=in | app=c:\users\public\thunder network\xmp4\core\program\xmp.exe |
"{2CB66BA7-88EA-4CF7-8041-13AF67825993}" = protocol=6 | dir=in | app=c:\thunder network\thunder\program\thunderexternal\thunderplatform.exe |
"{2ED7AB7A-D659-4BEF-85C6-35E7676D04BB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{32A1810D-4CF1-4BBB-87C3-4C86B86349F5}" = protocol=6 | dir=in | app=c:\steam\steam.exe |
"{32BA6B57-BE48-45BB-941C-AF7F5F9CEC8A}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\recettear\custom.exe |
"{3A1091DC-4B0D-4425-8F77-B0D73D78FE2D}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\team fortress 2\hl2.exe |
"{3AC5CF4C-2ADA-40BB-833A-F1CC380DC447}" = protocol=6 | dir=in | app=c:\bitcomet\bitcomet.exe |
"{3B258F9F-ED10-4877-B77A-8D6F3BF352F8}" = protocol=17 | dir=in | app=c:\steam\steam.exe |
"{3C94D11E-8D84-4128-A78B-175B54E26358}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\autopatcher2.exe |
"{40F279D2-3193-4F40-9AE8-0A7393B9D1EB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{419ACC8A-99D6-4846-B64E-2F57D64E2D04}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{45D4A9DF-6597-4997-A430-744E0185EE0D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{52386782-2E89-40C8-8166-7EF93A453B3A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\autopatcher.exe |
"{52F79D5B-3549-4E12-BA73-A2D349DDAB72}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\portal 2\portal2.exe |
"{54121D72-CE0F-44C4-BBB6-E873A0A84E72}" = protocol=17 | dir=in | app=c:\thunder network\xmp\program\xmp.exe |
"{56A2F7F2-5618-4210-B3B9-997518F3B973}" = protocol=17 | dir=in | app=c:\avg\avg2012\avgnsa.exe |
"{5B3E2332-8A7E-473B-9C97-C29C29647756}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\recettear\custom.exe |
"{5CECA9E3-E978-4E4E-846D-8CDF848AA29D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
"{5DBE6D38-855F-47FD-8FCD-C754CFFD66F0}" = protocol=17 | dir=in | app=c:\avg\avg2012\avgmfapx.exe |
"{5E12A95D-E474-4CE8-B452-55F97F62568F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6060F546-02D2-4720-B0B7-33B13670DB92}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\beat hazard\beathazard.exe |
"{66C91482-797B-4FA1-9A45-19529207FABF}" = protocol=17 | dir=in | app=c:\thunder network\thunder\program\thunderexternal\thunderplatform.exe |
"{697F9472-5AE7-4984-9F2E-5FF2466B4119}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\valvetestapp206500\airmech.exe |
"{701ED60A-29DA-4164-9340-2012205024C8}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{70CB44C7-4A91-46FC-AE95-AD55923FBB9A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{73BE7BCF-BF2C-4977-B36A-C4479E8A4296}" = protocol=6 | dir=in | app=c:\avg\avg2012\avgnsa.exe |
"{7611B4C9-E3DB-4D4F-9102-6E2EAF0EBC26}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{7807EF12-11C4-4004-9F97-899D1C938466}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\team fortress 2\hl2.exe |
"{7A921AC3-44AF-4715-ABE2-5F4F3B0C7247}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8383E5FC-9D90-4532-947F-324D1BE18230}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8603A774-D4F9-4DAA-8246-767C091B4FFB}" = protocol=17 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe |
"{87BB92DD-0E3A-4A1B-A99F-F803C16D29A4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8894DC7C-2FD5-4A0E-84C9-6DA437CE3B51}" = dir=in | app=c:\itunes\itunes.exe |
"{8A05912D-4C29-4B7B-8EEC-94A090682D11}" = protocol=6 | dir=in | app=c:\thunder network\thunder\xldoctor\7.2.13.3882_1\program\xldoctorui.exe |
"{8AB09C8A-604C-41B3-A860-CFA8D3E73F9F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8D61CAAC-034F-41AD-9377-B691304723CB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8EA0A077-C29E-4576-A451-DA51ACFA22AC}" = protocol=17 | dir=in | app=c:\users\public\thunder network\xmp4\core\program\xmp.exe |
"{8EF40EB2-682E-4FB5-A74D-F38B8CE4DC07}" = protocol=6 | dir=in | app=c:\program files (x86)\reactor\ijjioptimizer.exe |
"{93263C73-80C7-43EE-ADF3-FD18A56FDDD4}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\warframe\warframe.exe |
"{94CBE745-E7F7-4145-A6FA-6EBA651B49D8}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\natural selection 2\ns2.exe |
"{94E52F17-2035-46B5-8D6B-317974F083BC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{94F5CBB6-F54F-48AB-9476-CCA2B47C866E}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\warframe\tools\launcher.exe |
"{95C040F7-59EC-4597-B4E9-44DEEE32BFA3}" = protocol=17 | dir=out | app=c:\steam\steamapps\common\warframe\warframe.x64.exe |
"{95E06537-11C2-453D-B0AE-3DE6552553FE}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{961CF073-E786-47FF-8C5B-0B0359ECD30C}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{96D2B2C1-FC06-4047-8B53-4CEDD6894D7E}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{97177760-0D16-4FFF-85F9-BBB93B75DF9E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{98F42007-F070-4882-9796-E9C407E83DB0}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{9A1A59A3-196A-4024-A1EB-44484660601C}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\recettear\recettear.exe |
"{A3917068-6CE7-4409-953E-5CE00EA8385A}" = protocol=6 | dir=in | app=c:\avg\avg2012\avgmfapx.exe |
"{A43D8DFD-DBD9-4F2A-B9B2-4B0DFEF6C772}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{A4D5C19C-A66C-460C-9B27-6E526A2AD1C5}" = protocol=6 | dir=in | app=c:\avg\avg2012\avgemca.exe |
"{A5A09018-061F-480F-B17F-4CABEB090024}" = protocol=17 | dir=in | app=c:\program files (x86)\kuma games\kuma.exe |
"{A68DF8D6-DF3C-42C4-9EED-66AD32AC5502}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\recettear - demo\custom.exe |
"{A74908AA-9428-4F83-9E1B-70630F206CEC}" = protocol=17 | dir=in | app=c:\avg\avg2012\avgemca.exe |
"{A9B74B72-43A1-4B8D-BE26-324D7784895C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\autopatchery.exe |
"{AD61BAD6-E3CA-48F7-BFF5-BA3C1E4C6832}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\autopatchery.exe |
"{AD74A8D2-698F-4E8A-8C52-1578A02B4489}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\autopatcherx.exe |
"{B713369D-4356-4D89-8619-623F82C72B94}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B851101A-68E2-4A38-8884-B2CB67135DFD}" = protocol=17 | dir=in | app=c:\ventrilo\ventrilo.exe |
"{B8BA64E1-D9F4-4E5B-9F7B-EDC5FA0725C9}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\natural selection 2\ns2.exe |
"{BC8196E2-0A70-45DD-9F14-B0AB5AD9CF61}" = protocol=17 | dir=in | app=c:\bitcomet\bitcomet.exe |
"{BCC6A9D0-8A5A-40FE-8A58-BDA0C5FC464C}" = protocol=6 | dir=in | app=c:\capcom\super street fighter iv\ssfiv.exe |
"{C00165DA-26E0-43AB-8C0A-20B3C2C22BD6}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\recettear - demo\custom.exe |
"{C1D2B963-7F6D-4B1F-A384-E50929084BFD}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\valvetestapp206500\airmech.exe |
"{C2438C78-2965-4156-8F79-78967C27D3A0}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\warframe\warframe.x64.exe |
"{C4375872-72CC-4089-897C-3990264D5E2F}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\airmech\airmech.exe |
"{C5AADAEB-D112-4D01-AE6E-15D0BCE08EDB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C5E72838-6ACC-4A47-A75B-8487C967499A}" = protocol=17 | dir=in | app=c:\thunder network\thunder\xldoctor\7.2.13.3882_1\program\xldoctorui.exe |
"{C92CBC4F-5814-4574-AD78-5AA287FE7C02}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\airmech\airmech.exe |
"{C94EE524-D924-444A-9B89-C87425A4DB05}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CA458FBF-A513-49CD-A8ED-C804D0F2DD5D}" = protocol=6 | dir=in | app=c:\users\bernard\appdata\local\temp\purplebean.exe |
"{CC7B2D02-1926-46AC-8C1F-DD83D125E61A}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\beat hazard\runme.exe |
"{CEA782D0-7201-4A33-AC17-F23DD1703231}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\warframe\tools\launcher.exe |
"{CFCB7785-CE42-4AF0-A1AD-00FEA0AF8D77}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{D0D767A1-0FE7-429B-87F3-BF83DF8BFDEA}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\planetside 2\launchpad.exe |
"{D19F8AE5-682C-4E90-A461-443431FBD8DB}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\portal 2\portal2.exe |
"{D7C6F7A2-C54B-4C7A-82B1-ADF097EF9A7C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D92B9A4A-3C4B-4A5D-925C-D177A656EF41}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D9563D99-C15E-4A3C-9E34-F92267137AA8}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\recettear\recettear.exe |
"{D9C156DE-36EB-48A8-86F3-F50974C6F800}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{DB3D55BC-1C15-4B1C-B692-5A9176D732DE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{DF0146D9-FA69-4F0B-AB4B-D21E9490EE68}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E1C97F60-CC66-4AAC-8AD1-84B647F3C400}" = protocol=6 | dir=in | app=c:\thunder network\xmp\program\xmp.exe |
"{EA73E974-D52C-4C2A-9171-5A335CF13F6C}" = protocol=6 | dir=in | app=c:\avg\avg2012\avgdiagex.exe |
"{EA740AB6-F210-4BC6-9889-30D5329FD869}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EB2EFD1A-6B28-44E1-A91D-E44C07E4A473}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EB597EF6-46C4-41E1-ABE7-BCA5AE830D35}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\planetside 2\launchpad.exe |
"{EE81FC2F-12CC-4E73-8A6A-FED13DEB407D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
"{F03DDBA2-00B6-4710-97DA-B80CC12C27E4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{F2E559D3-772F-4BCA-AAFF-912FBE9B6D26}" = protocol=17 | dir=in | app=c:\capcom\super street fighter iv\ssfiv.exe |
"{F50C7E43-38DA-4E81-9456-AE096405D03B}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{F6E31E35-D6E2-40E4-8133-ED2F2ABF22EA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\autopatcher.exe |
"{F6FEC71E-DE40-4B7B-971F-A7A7FDF5406D}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{F90B9493-172E-41ED-92C4-3BDF24094C44}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\recettear - demo\recettear.exe |
"{FFFD0892-C50B-435D-9EFE-81CB05799E23}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{00877BA5-76DE-4160-AC5A-B559B24ADB52}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{0A0978FD-CD35-47E3-99CA-E408911D37AF}C:\farcry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\farcry 3\bin\farcry3.exe |
"TCP Query User{0A27B7C5-D5FC-4302-A937-BF7027CDDFB3}C:\strike suit zero\pc\main\binary\ssz.exe" = protocol=6 | dir=in | app=c:\strike suit zero\pc\main\binary\ssz.exe |
"TCP Query User{15FF65FA-6318-4710-967D-E1ED14D60B6C}C:\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe" = protocol=6 | dir=in | app=c:\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe |
"TCP Query User{1EF2DD0E-E09E-41E8-8DF7-6B05D2CBC402}C:\ijji\english\ava\binaries\ava.exe" = protocol=6 | dir=in | app=c:\ijji\english\ava\binaries\ava.exe |
"TCP Query User{220375BA-91DA-461C-A83A-317017F3D396}C:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\guild wars 2\gw2.exe |
"TCP Query User{284DE6A8-4473-4999-AE7E-92E39AC1E3EB}C:\steam\steamapps\b_ka_keen_ho@hotmail.com\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\steam\steamapps\b_ka_keen_ho@hotmail.com\team fortress 2\hl2.exe |
"TCP Query User{2F574114-7A17-4A26-885A-E605326CDA93}C:\115\udown\udown.exe" = protocol=6 | dir=in | app=c:\115\udown\udown.exe |
"TCP Query User{43B68E9C-6250-4F2A-A4B1-EA0B7C7240AE}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{45FF558F-A7BA-4F9F-9DE3-97B3DFE7A198}C:\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\steam\steamapps\common\planetside 2\planetside2.exe |
"TCP Query User{48F4FCDE-C699-49BC-B0E2-4B51522E7B8B}C:\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\the witcher 2\bin\witcher2.exe |
"TCP Query User{49DE74BC-660E-4253-B4B1-E54FB04DCE16}C:\ggpo\ggpo.exe" = protocol=6 | dir=in | app=c:\ggpo\ggpo.exe |
"TCP Query User{4D72736B-D2A5-4A48-AE5C-2E5A1361302D}C:\program files (x86)\java\jre1.6.0_01\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_01\bin\java.exe |
"TCP Query User{64D210E6-A425-46F4-A9A5-4C4F0DE02418}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{65CE81B6-DA37-4AC0-B7B7-4BA62EFE0D2C}C:\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"TCP Query User{66F7D62F-4713-4793-8138-9061365D5670}C:\ogplanet\sd gundam capsule fighter\gonline.exe" = protocol=6 | dir=in | app=c:\ogplanet\sd gundam capsule fighter\gonline.exe |
"TCP Query User{74C3D991-12D7-4FD3-9000-D527D89FDD5E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{76502672-5159-406E-8298-0FF1F198D06B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{7F2FE0A4-0308-4B06-AC59-18D667346CC3}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"TCP Query User{8117C589-7012-4635-AECA-FBCF5AC4964A}C:\dell voice\dellvoice.exe" = protocol=6 | dir=in | app=c:\dell voice\dellvoice.exe |
"TCP Query User{837D0DBA-78F7-4337-A971-8142A86D7907}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{8551EAE4-F45C-42BC-AD4E-1D95F07FC7BE}C:\steam\steamapps\b_ka_keen_ho@hotmail.com\team fortress 2 beta\hl2.exe" = protocol=6 | dir=in | app=c:\steam\steamapps\b_ka_keen_ho@hotmail.com\team fortress 2 beta\hl2.exe |
"TCP Query User{8D39EF39-915F-41DF-87EA-69581BD0F480}C:\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\2k games\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{9342CD64-1F85-49BD-B52A-5F3D62B41E06}C:\users\bernard\appdata\local\temp\fj_downloader.exe" = protocol=6 | dir=in | app=c:\users\bernard\appdata\local\temp\fj_downloader.exe |
"TCP Query User{93B8D88C-9088-465E-92EB-5DB135B02F64}C:\program files (x86)\java\jre1.6.0_01\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_01\bin\javaw.exe |
"TCP Query User{97C5348A-2DB2-48D1-B629-BBA376155160}C:\games\dmc\binaries\win32\dmc-devilmaycry.exe" = protocol=6 | dir=in | app=c:\games\dmc\binaries\win32\dmc-devilmaycry.exe |
"TCP Query User{9DE42DC3-008F-4603-871D-52A3A03A9120}C:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\warcraft iii\war3.exe |
"TCP Query User{A88A102E-2483-46AF-BF3C-48D835FF2482}C:\games\diablo-iii-setup-engb.exe" = protocol=6 | dir=in | app=c:\games\diablo-iii-setup-engb.exe |
"TCP Query User{AB32615B-A0AE-4960-A3AE-AB7963DA8EF0}C:\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\mozilla firefox\firefox.exe |
"TCP Query User{BD3074D8-69A9-4131-9E6B-65E103D413CB}C:\farcry 3\bin\farcry3_d3d11.exe" = protocol=6 | dir=in | app=c:\farcry 3\bin\farcry3_d3d11.exe |
"TCP Query User{C721C573-5CEE-4CD7-A49E-BB41DD796A49}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{CAE7E962-01A5-401C-A2DE-47139CD52DE5}C:\resident evil 6\bh6.exe" = protocol=6 | dir=in | app=c:\resident evil 6\bh6.exe |
"TCP Query User{DB653186-ADA2-454B-B4DF-9CBD306B0A16}C:\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\flashget\flashget.exe |
"TCP Query User{DF9BC9EB-B152-4A35-BE15-C3F75E8A6071}C:\games\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=c:\games\saints row iv\saintsrowiv.exe |
"TCP Query User{E6861623-D015-46EE-BE84-BEDB16A089E0}C:\mp3 skype recorder\mp3 skype recorder.exe" = protocol=6 | dir=in | app=c:\mp3 skype recorder\mp3 skype recorder.exe |
"TCP Query User{F03DBF14-EB64-4D2F-A476-B544817BCE0B}C:\aliens colonial marines\binaries\win32\acm.exe" = protocol=6 | dir=in | app=c:\aliens colonial marines\binaries\win32\acm.exe |
"TCP Query User{F086265D-FC7D-49E3-9CDD-99FC191DDDC0}C:\sanctum 2\binaries\win32\sanctumgame-win32-shipping.exe" = protocol=6 | dir=in | app=c:\sanctum 2\binaries\win32\sanctumgame-win32-shipping.exe |
"TCP Query User{F167BC18-7C1C-4EC8-B866-FA5C0CB4BAE3}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{FAF6460A-2162-4FD5-8241-4D499E695D17}C:\games\divekick\divekick\divekickd3d11.exe" = protocol=6 | dir=in | app=c:\games\divekick\divekick\divekickd3d11.exe |
"TCP Query User{FDDB83FF-E259-429D-967E-2AA6AE3AD880}C:\users\bernard\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\bernard\appdata\local\akamai\netsession_win.exe |
"UDP Query User{0516BE03-C7CC-499C-AC7F-24E00C5CABBE}C:\users\bernard\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\bernard\appdata\local\akamai\netsession_win.exe |
"UDP Query User{0C7FA62B-8588-4CF7-8075-1098F2064EDF}C:\games\dmc\binaries\win32\dmc-devilmaycry.exe" = protocol=17 | dir=in | app=c:\games\dmc\binaries\win32\dmc-devilmaycry.exe |
"UDP Query User{131FD3D2-2291-49E0-B08C-356228321E24}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{191167B2-FD83-4DB5-A7BC-AC5C2B84C726}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"UDP Query User{1C8169B4-EC3A-47D0-B3DD-3F4814E23CAA}C:\aliens colonial marines\binaries\win32\acm.exe" = protocol=17 | dir=in | app=c:\aliens colonial marines\binaries\win32\acm.exe |
"UDP Query User{236A1E20-8C81-43F1-94A8-2C2258EEA9C5}C:\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"UDP Query User{26F52F84-9E23-4B8F-A4B0-DF3BC49D59BA}C:\steam\steamapps\b_ka_keen_ho@hotmail.com\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\steam\steamapps\b_ka_keen_ho@hotmail.com\team fortress 2\hl2.exe |
"UDP Query User{276DBBA0-0044-417C-8362-0212E7A89827}C:\users\bernard\appdata\local\temp\fj_downloader.exe" = protocol=17 | dir=in | app=c:\users\bernard\appdata\local\temp\fj_downloader.exe |
"UDP Query User{29BEBFA8-11A6-4E31-BFF5-0C8CA4B08DA8}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{31D652AB-E3E0-4E53-B4D6-6E55A8668C05}C:\sanctum 2\binaries\win32\sanctumgame-win32-shipping.exe" = protocol=17 | dir=in | app=c:\sanctum 2\binaries\win32\sanctumgame-win32-shipping.exe |
"UDP Query User{31F09974-1085-4F03-A3E1-7A23095F1E73}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{3BA2A1A0-1ACD-4A6E-94E4-9754E115A7AE}C:\resident evil 6\bh6.exe" = protocol=17 | dir=in | app=c:\resident evil 6\bh6.exe |
"UDP Query User{3E858080-B149-40F6-8814-F65DC5EA7A3B}C:\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\the witcher 2\bin\witcher2.exe |
"UDP Query User{41F5CDBA-0DF0-4078-9A3D-DD6502019666}C:\strike suit zero\pc\main\binary\ssz.exe" = protocol=17 | dir=in | app=c:\strike suit zero\pc\main\binary\ssz.exe |
"UDP Query User{47F0B76F-5CFA-4D31-8735-EBB9D0ED9310}C:\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\2k games\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{53F0CB62-B075-4A1E-A774-B277C16A688E}C:\farcry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\farcry 3\bin\farcry3.exe |
"UDP Query User{5B463C9C-FDC4-4110-A2BD-6BA34EB8E48F}C:\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe" = protocol=17 | dir=in | app=c:\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe |
"UDP Query User{678E7F6F-37DA-435B-AE22-AB626EDD4E36}C:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\guild wars 2\gw2.exe |
"UDP Query User{732682BC-E722-4AE3-804D-22F3845225B3}C:\mp3 skype recorder\mp3 skype recorder.exe" = protocol=17 | dir=in | app=c:\mp3 skype recorder\mp3 skype recorder.exe |
"UDP Query User{765DE97E-BD68-468E-AF7C-DE82ABFBED80}C:\dell voice\dellvoice.exe" = protocol=17 | dir=in | app=c:\dell voice\dellvoice.exe |
"UDP Query User{79435779-2810-487B-A876-E3B12CFDB150}C:\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\flashget\flashget.exe |
"UDP Query User{79815210-69B3-484B-9EC5-9199AAE60CFA}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{827BE411-DE17-4D7F-B6C2-F829C61C2A9B}C:\games\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=c:\games\saints row iv\saintsrowiv.exe |
"UDP Query User{84146746-E0B6-4546-970B-C1827D169266}C:\steam\steamapps\b_ka_keen_ho@hotmail.com\team fortress 2 beta\hl2.exe" = protocol=17 | dir=in | app=c:\steam\steamapps\b_ka_keen_ho@hotmail.com\team fortress 2 beta\hl2.exe |
"UDP Query User{8646DBCA-4E25-4A2F-9CAA-2B701E068756}C:\farcry 3\bin\farcry3_d3d11.exe" = protocol=17 | dir=in | app=c:\farcry 3\bin\farcry3_d3d11.exe |
"UDP Query User{8AABB65B-092E-49BA-AF50-31CECF73887D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{A3C1D506-A907-4D29-AE7B-09C9F931D2DF}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{A7347306-FC5F-45FA-9565-BE07674C1936}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{A841C0E1-9031-4FAC-9E60-757F2C82BE82}C:\program files (x86)\java\jre1.6.0_01\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_01\bin\java.exe |
"UDP Query User{AE981D9C-0A29-410F-A3A0-C88E78EBC60B}C:\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\mozilla firefox\firefox.exe |
"UDP Query User{B6915C93-5EDE-4CF5-94D0-F4549376D2C9}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{BF9035F7-D1B4-42AF-810A-218A59B9C9FF}C:\115\udown\udown.exe" = protocol=17 | dir=in | app=c:\115\udown\udown.exe |
"UDP Query User{BFA1481D-427D-47F6-8DD1-0DA03D662311}C:\ijji\english\ava\binaries\ava.exe" = protocol=17 | dir=in | app=c:\ijji\english\ava\binaries\ava.exe |
"UDP Query User{C3276369-ED46-4DE5-BE33-BCD59D6840CC}C:\games\divekick\divekick\divekickd3d11.exe" = protocol=17 | dir=in | app=c:\games\divekick\divekick\divekickd3d11.exe |
"UDP Query User{C665B607-C6AD-4F72-8C6D-7F2B22CE6954}C:\games\diablo-iii-setup-engb.exe" = protocol=17 | dir=in | app=c:\games\diablo-iii-setup-engb.exe |
"UDP Query User{D7D6979C-CE8E-4207-A91C-C7F72132A257}C:\ggpo\ggpo.exe" = protocol=17 | dir=in | app=c:\ggpo\ggpo.exe |
"UDP Query User{D8DA8421-0271-4428-B47C-67F1E579836A}C:\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{E0E38FBC-8139-4A30-B9F5-F2558F6E50FA}C:\program files (x86)\java\jre1.6.0_01\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_01\bin\javaw.exe |
"UDP Query User{E1F8144A-B42C-4433-95C1-1F9BD34E9EFB}C:\ogplanet\sd gundam capsule fighter\gonline.exe" = protocol=17 | dir=in | app=c:\ogplanet\sd gundam capsule fighter\gonline.exe |
"UDP Query User{FF83B7D6-DD68-4759-AD8E-31E560175A65}C:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\warcraft iii\war3.exe |

 

[squall23]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{10C407FA-12AF-49C6-97EA-4E468204B813}" = AVG 2012
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50BD00DC-127E-BF00-FDD5-E1A93AB3507C}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"{B0D59FDC-FEAB-49A2-9B5A-E5E0A8F9D7E0}" = Alienware TactX(TM) Mouse CI 1.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D93AC9C8-B6CF-391E-BD2F-48AF4727476C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DFE4E6BB-70F0-4292-B7EB-7A3AD48EBB5C}" = AVG 2012
"{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD7DEB7B-8CEA-44E5-AB2D-7C66786C0563}" = Waterfox
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"jdownloader2" = JDownloader 2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{13086F8B-2AA9-4488-BC9C-BB6B912A5524}" = muvee autoProducer 6.1
"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner 1.1
"{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = piaip AppLocale
"{3B494589-027C-4F7C-B1E4-3498E211A164}" = ツゴウノイイ彼女タチ
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"{43430FA0-4A2E-404A-B715-951000018101}" = SUPER STREET FIGHTER IV: ARCADE EDITION
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}" = ILLUSION　ジンコウガクエン きゃらめいく
"{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0
"{5DC0DF76-3B2F-4C38-BE34-58627949BC1A}" = Mega Manager
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D87CAD9-9B94-4421-A439-B25F8DE14575}" = Tom Clancy's Ghost Recon Future Soldier
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7AEBFFF0-15A1-48A9-88F3-06604486C7C9}" = WMPTagSupportExtender
"{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish
"{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 2.102
"{80FB1468-9065-4648-9D09-8137F98DAE2E}_is1" = MD5 Checker version 4.0.0
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = Catalyst Control Center
"{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1" = HF pAppLoc version 1.0
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1070C1-D522-4E00-8263-F442422D26CA}_is1" = Game Dev Tycoon DEMO version 1.0.1
"{9B55759D-424F-4CB1-B84E-AAE83CC1D20A}_is1" = Nitronic Rush (2011-11-11) version 20111111.0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish
"{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AD8C578B-76E3-4EF3-AE99-81A3E5E46F54}" = Dell Voice
"{B0B921DC-B86A-41FE-BF4C-BC7D3026918B}" = HuxleyTheDystopia
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B810D852-DFD6-DRKSPTD-89A5-CC4D47756DAF}_is1" = Dark Souls Prepare To Die Edition version 5.1
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB606F47-7D0E-40DF-95BB-0E5413A1295F}" = MP3 Skype Recorder
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5C424A1-5C0A-426C-BB0B-D75907243EC3}" = Ultimate Knight ウィンダムXP
"{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All
"{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech
"{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1476612-02D6-42A3-BDC1-E292B4115738}" = HP Easy Setup - Frontend
"{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EC0B2A03-9FBF-4B21-AD3B-14C49C2232C7}" = GenesisAD_Setup
"{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F5025D45-CAE1-4329-8FA9-F12B1BB7E540}" = GrandDog Run Time System V1.0.35
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = RoboForm 7-7-4 (All Users)
"Akamai" = Akamai NetSession Interface Service
"Any Video Converter 5_is1" = Any Video Converter 5 5.0.3
"Audacity_is1" = Audacity 1.2.6
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battlelog Web Plugins" = Battlelog Web Plugins
"BIT.TRIP RUNNER" = BIT.TRIP RUNNER (remove only)
"BitComet" = BitComet 1.14
"BitComet_x64" = BitComet 1.31 64-bit
"Call of Juarez The Cartel_is1" = Call of Juarez The Cartel
"Capsule" = Capsule
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"CloneDVD2" = CloneDVD2
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"Cucusoft YouTube Mate (Downloader+Player+Converter)_is1" = Cucusoft YouTube Mate 7.18
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diner Dash 2" = Diner Dash 2
"DiskAid_is1" = DiskAid 4.11
"Divinity: Dragon Commander_is1" = Divinity: Dragon Commander
"Download Manager" = Download Manager 2.3.6
"Driver San Francisco" = Driver San Francisco
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESN Sonar-0.70.0" = ESN Sonar
"FlashGet" = FlashGet 1.9.6.1073
"Free AVI MPEG WMV MP4 FLV Video Joiner_is1" = Free AVI MPEG WMV MP4 FLV Video Joiner 5.0.2
"FreeArc" = FreeArc 0.666
"FreeOnlineRadioPlayerRecorder Toolbar" = FreeOnlineRadioPlayerRecorder Toolbar
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"GamersFirst LIVE!" = GamersFirst LIVE!
"GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection
"GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"Hamachi" = Hamachi 1.0.3.0
"HotspotShield" = Hotspot Shield 2.65
"iFunbox_is1" = iFunbox (v2.6.2375.747), iFunbox DevTeam
"ImgBurn" = ImgBurn
"InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.1.1.1
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"MKVtoolnix" = MKVtoolnix 4.7.0
"MobilityDotNET" = DH Mobility Modder.NET
"Mozilla Firefox 7.0.1 (x86 en-GB)" = Mozilla Firefox 7.0.1 (x86 en-GB)
"Mp3tag" = Mp3tag v2.49
"NDOUKYU" = 炎の孕ませおっぱい乳同級生
"Neffy" = Neffy 1,2,4,0
"Notepad++" = Notepad++
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OpenAL" = OpenAL
"Origin" = Origin
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PCSX2-beta-r1888" = PCSX2 - Playstation 2 Emulator
"plist Editor Pro" = plist Editor Pro 2.0.0
"PlugLink 9650 Utility" = PlugLink 9650 Utility
"Poker Night 2_is1" = Poker Night 2
"PS3 Cheats Editor" = PS3 Cheats Editor
"PunkBusterSvc" = PunkBuster Services
"R2FtZURldlR5Y29vbnYxMzI=_is1" = Game Dev Tycoon v1.3.2 (c) Greenheart Games version 1
"RadeonPro_is1" = RadeonPro 1.0 (Build 1.1.0.6)
"RapidLinkConverter" = RapidLinkConverter
"RaySource" = RaySource 2.1.10.8366
"RealAlt_is1" = Real Alternative 2.0.0
"Rockstar Games Social Club" = Rockstar Games Social Club
"SD Gundam Capsule Fighter" = SD Gundam Capsule Fighter
"SearchProtect" = Search Protect by conduit
"Sonic and All Stars Racing Transformed (c) SEGA_is1" = Sonic and All Stars Racing Transformed (c) SEGA version 1
"Sony Ericsson DRM Packager" = Sony Ericsson DRM Packager 1.35
"StarCraft II" = StarCraft II
"Steam App 12900" = Audiosurf
"Steam App 206500" = AirMech
"Steam App 218" = Source SDK Base 2007
"Steam App 218230" = PlanetSide 2
"Steam App 240" = Counter-Strike: Source
"Steam App 440" = Team Fortress 2
"Steam App 4920" = Natural Selection 2
"Steam App 49600" = Beat Hazard
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 70400" = Recettear: An Item Shop's Tale
"Steam App 70410" = Recettear: An Item Shop's Tale - Demo
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"UnLock Root" = UnLock Root 3.1.1
"UnLock Root Pro" = UnLock Root Pro 3.41
"UNO - Undercover" = UNO - Undercover
"Uplay" = Uplay
"URLSnooper 2_is1" = URL Snooper v2.29.01
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"VueScan" = VueScan
"Wajam" = Wajam
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.3.2
"Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video
"Xilisoft YouTube Video Converter" = Xilisoft YouTube Video Converter
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"115UDown" = 115UDown
"203a975b1d3cc563" = Pcsx2 Cheat converter
"Akamai" = Akamai NetSession Interface
"NCsoft-Aion" = Aion
"UnityWebPlayer" = Unity Web Player
"Warcraft III" = Warcraft III: All Products

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/09/2013 8:02:33 AM | Computer Name = Bernard-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\BreakPoint Software\Hex
Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 11/09/2013 8:05:55 AM | Computer Name = Bernard-PC | Source = EventSystem | ID = 4609
Description =

Error - 11/09/2013 8:06:14 AM | Computer Name = Bernard-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\BreakPoint Software\Hex
Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 11/09/2013 8:06:15 AM | Computer Name = Bernard-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\BreakPoint Software\Hex
Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 11/09/2013 8:06:39 AM | Computer Name = Bernard-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/09/2013 8:06:58 AM | Computer Name = Bernard-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\BreakPoint Software\Hex
Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 11/09/2013 8:44:17 AM | Computer Name = Bernard-PC | Source = EventSystem | ID = 4609
Description =

Error - 11/09/2013 8:44:37 AM | Computer Name = Bernard-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\BreakPoint Software\Hex
Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 11/09/2013 8:44:37 AM | Computer Name = Bernard-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\BreakPoint Software\Hex
Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 11/09/2013 8:45:12 AM | Computer Name = Bernard-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/09/2013 8:45:28 AM | Computer Name = Bernard-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\BreakPoint Software\Hex
Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

[ System Events ]
Error - 11/09/2013 8:41:42 AM | Computer Name = Bernard-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 11/09/2013 8:42:21 AM | Computer Name = Bernard-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume HP.

Error - 11/09/2013 8:43:45 AM | Computer Name = Bernard-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 11/09/2013 8:43:45 AM | Computer Name = Bernard-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 11/09/2013 8:44:05 AM | Computer Name = Bernard-PC | Source = DCOM | ID = 10005
Description =

Error - 11/09/2013 8:44:17 AM | Computer Name = Bernard-PC | Source = DCOM | ID = 10005
Description =

Error - 11/09/2013 8:44:49 AM | Computer Name = Bernard-PC | Source = DCOM | ID = 10005
Description =

Error - 11/09/2013 8:45:13 AM | Computer Name = Bernard-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/09/2013 8:45:13 AM | Computer Name = Bernard-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/09/2013 8:46:06 AM | Computer Name = Bernard-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=183.181.25.248:80
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Thunder Network\Thunder\BHO\xluser\npxluser.dll File not found
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Thunder Network\Thunder\BHO\xluser\npxluser.dll File not found
O2 - BHO: (3F2D81A2-AB9C-DA82-039C-33E7BC2362D3 Class) - {3F2D81A2-AB9C-DA82-039C-33E7BC2362D3} - C:\Thunder Network\Thunder\BBInside\{3F2D81A2-AB9C-DA82-039C-33E7BC2362D3}\AddressBar.dll File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\DAEMON Tools Lite\DTLite.exe" -autorun File not found
O4 - HKCU..\Run: [KiesHelper] C:\Samsung\Kies\KiesHelper.exe /s File not found
O4 - Startup: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = File not found
O8:64bit: - Extra context menu item: &?????? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &?????????? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &ʹÓÃÓŵ°ÏÂÔØÈ«²¿Á´½Ó - C:\UDown\getAllUrl.htm File not found
O8:64bit: - Extra context menu item: &E1OAOAμ°IAOO - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &E1OAOAμ°IAOOE≪2?A´?O - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &U????????? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &U?????????????????? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &UE1OAA×EEIAOO2￠EO2O - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &UʹÓÃÃ×ÈËÏÂÔز¢ÊÕ²Ø - C:\NamiRobot\Data\du.html File not found
O8:64bit: - Extra context menu item: &U使用米人下?并收藏 - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &U使用米人下载并收藏 - C:\NamiRobot\Data\du.html File not found
O8:64bit: - Extra context menu item: &ﾑｸﾀﾗﾏﾂﾔﾘｵｽﾊﾖｻ - Reg Error: Key error. File not found
O8:64bit: - Extra context menu item: &使用?蛋下? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &使用?蛋下?全部?接 - Reg Error: Value error. File not found
O8 - Extra context menu item: &?????? - Reg Error: Value error. File not found
O8 - Extra context menu item: &?????????? - Reg Error: Value error. File not found
O8 - Extra context menu item: &ʹÓÃÓŵ°ÏÂÔØ - C:\UDown\getUrl.htm File not found
O8 - Extra context menu item: &ʹÓÃÓŵ°ÏÂÔØÈ«²¿Á´½Ó - C:\UDown\getAllUrl.htm File not found
O8 - Extra context menu item: &E1OAOAμ°IAOO - Reg Error: Value error. File not found
O8 - Extra context menu item: &E1OAOAμ°IAOOE≪2?A´?O - Reg Error: Value error. File not found
O8 - Extra context menu item: &U????????? - Reg Error: Value error. File not found
O8 - Extra context menu item: &U?????????????????? - Reg Error: Value error. File not found
O8 - Extra context menu item: &UE1OAA×EEIAOO2￠EO2O - Reg Error: Value error. File not found
O8 - Extra context menu item: &UʹÓÃÃ×ÈËÏÂÔز¢ÊÕ²Ø - C:\NamiRobot\Data\du.html File not found
O8 - Extra context menu item: &U使用米人下?并收藏 - Reg Error: Value error. File not found
O8 - Extra context menu item: &U使用米人下载并收藏 - C:\NamiRobot\Data\du.html File not found
O8 - Extra context menu item: &ﾑｸﾀﾗﾏﾂﾔﾘｵｽﾊﾖｻ - Reg Error: Key error. File not found
O8 - Extra context menu item: &使用?蛋下? - Reg Error: Value error. File not found
O8 - Extra context menu item: &使用?蛋下?全部?接 - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O33 - MountPoints2\{33186d40-230e-11e3-84b0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{33186d40-230e-11e3-84b0-806e6f6e6963}\Shell\AutoRun\command - "" = K:\setup.exe
[2012/01/07 23:59:09 | 000,002,006 | -HS- | C] () -- C:\Users\Bernard\AppData\Local\tg2241df7qlm73d86m436gn8m8y1hmqoy104oqcv2y87vy
[2012/01/07 23:59:09 | 000,002,006 | -HS- | C] () -- C:\ProgramData\tg2241df7qlm73d86m436gn8m8y1hmqoy104oqcv2y87vy
[2012/09/30 00:36:52 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Exyq


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Broni]

Still with me?

 

[squall23]

Yeah sorry. Been a little busy. I'll try and get those scans ASAP.

 

[Broni]

 

[squall23]

Hey Broni, I've ran OTL both in normal and safe mode and they hang right after emptyflash. It seems that it's done it's job (since it did give back quite a few gigabytes of free space and got rid of my Flash player, maybe you should've warned me about that, lol) but it just won't restart so there's no log. Should I just proceed to the other scans?