TechSpot

Just caught something in rouge killer and figure i will need some help to remove it

Solved
By Randy icenhour
Sep 23, 2013
  1. Just noticed that my computer had all of a sudden started acting weird so I ran rouge killer and it found something and I learned from my last trip down this road ill probably need help to get rid of it.
     
  2. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    Here are the rouge killer logs
    RogueKiller V8.6.12 _x64_ [Sep 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : icenhour76 [Admin rights]
    Mode : Scan -- Date : 09/23/2013 16:20:30
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST1000DL002-9TT153 ATA Device +++++
    --- User ---
    [MBR] f10bd13662e6ee41b42d50dde31bca48
    [BSP] a6aac6f13a1c6a1ea71c3a6276a59484 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) (Standard disk drives) - USB Flash Memory USB Device +++++
    --- User ---
    [MBR] b931408b23bac40f5aa14f2b72f4f6ae
    [BSP] 2d4f429f4520299e1cdfa3bd2ec35de8 : MBR Code unknown
    Partition table:
    0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 3819 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) (Standard disk drives) - Seagate USB 3.0 Cable USB Device +++++
    --- User ---
    [MBR] c12da8a36023e8c182bc01060ebb34c3
    [BSP] 5cab7fac78b6fe5301595cea6da44b25 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1430796 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[0]_S_09232013_162030.txt >>
     
  3. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    RogueKiller V8.6.12 _x64_ [Sep 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : icenhour76 [Admin rights]
    Mode : Remove -- Date : 09/23/2013 16:21:41
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST1000DL002-9TT153 ATA Device +++++
    --- User ---
    [MBR] f10bd13662e6ee41b42d50dde31bca48
    [BSP] a6aac6f13a1c6a1ea71c3a6276a59484 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) (Standard disk drives) - USB Flash Memory USB Device +++++
    --- User ---
    [MBR] b931408b23bac40f5aa14f2b72f4f6ae
    [BSP] 2d4f429f4520299e1cdfa3bd2ec35de8 : MBR Code unknown
    Partition table:
    0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 3819 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) (Standard disk drives) - Seagate USB 3.0 Cable USB Device +++++
    --- User ---
    [MBR] c12da8a36023e8c182bc01060ebb34c3
    [BSP] 5cab7fac78b6fe5301595cea6da44b25 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1430796 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[0]_D_09232013_162141.txt >>
    RKreport[0]_S_09232013_162030.txt
     
  4. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    RogueKiller V8.6.12 _x64_ [Sep 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : icenhour76 [Admin rights]
    Mode : HOSTSFix -- Date : 09/23/2013 16:21:50
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ Reset HOSTS: ¤¤¤
    127.0.0.1localhost


    Finished : << RKreport[0]_H_09232013_162150.txt >>
    RKreport[0]_D_09232013_162141.txt;RKreport[0]_S_09232013_162030.txt
     
  5. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    RogueKiller V8.6.12 _x64_ [Sep 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : icenhour76 [Admin rights]
    Mode : Scan -- Date : 09/23/2013 16:23:48
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST1000DL002-9TT153 ATA Device +++++
    --- User ---
    [MBR] f10bd13662e6ee41b42d50dde31bca48
    [BSP] a6aac6f13a1c6a1ea71c3a6276a59484 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) (Standard disk drives) - USB Flash Memory USB Device +++++
    --- User ---
    [MBR] b931408b23bac40f5aa14f2b72f4f6ae
    [BSP] 2d4f429f4520299e1cdfa3bd2ec35de8 : MBR Code unknown
    Partition table:
    0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 3819 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) (Standard disk drives) - Seagate USB 3.0 Cable USB Device +++++
    --- User ---
    [MBR] c12da8a36023e8c182bc01060ebb34c3
    [BSP] 5cab7fac78b6fe5301595cea6da44b25 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1430796 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[0]_S_09232013_162348.txt >>
    RKreport[0]_D_09232013_162141.txt;RKreport[0]_H_09232013_162150.txt;RKreport[0]_S_09232013_162030.txt
     
  6. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    Malwarebytes log

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.09.23.11

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16686
    icenhour76 :: ICENHOUR76-PC [administrator]

    9/23/2013 4:30:42 PM
    mbam-log-2013-09-23 (16-30-42).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 223893
    Time elapsed: 6 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  7. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    Dds log
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2
    Run by icenhour76 at 16:31:34 on 2013-09-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16383.12637 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    C:\Program Files\Rainmeter\Rainmeter.exe
    C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\Explorer.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://us.yahoo.com?fr=fp-comodo
    BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
    StartupFolder: C:\Users\ICENHO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{86AB6FA6-FCFA-46CA-982F-A74586D9A137} : NameServer = 208.67.220.222
    TCP: Interfaces\{86AB6FA6-FCFA-46CA-982F-A74586D9A137} : DHCPNameServer = 192.168.2.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    x64-Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    x64-Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
    x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\icenhour76\AppData\Roaming\Mozilla\Firefox\Profiles\ntebj8uu.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
    FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
    FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    FF - plugin: C:\Users\icenhour76\AppData\Roaming\E-centives\NPcolPM460.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-6-18 23168]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-6-18 708632]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-6-18 48360]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-9-19 70352]
    R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-5-29 2094216]
    R2 GeekBuddyRSP;GeekBuddyRSP Server;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-9-17 2327248]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-21 418376]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-3 14997280]
    R2 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-3-2 25504]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-7-22 1817560]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-7-22 1033688]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-7-22 171928]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-19 283064]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-21 25928]
    R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-9-3 39200]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-7 539240]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-8-7 44672]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-21 701512]
    S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-2-3 46136]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
    S3 BRDriver64;BRDriver64;C:\ProgramData\BitRaider\BRDriver64.sys [2013-5-9 74024]
    S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2013-5-9 938776]
    S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-6-18 158936]
    S3 L6PODHDBEAN;Service - Line 6 POD HD;C:\Windows\System32\drivers\L6PODHDBEAN64.sys [2012-3-26 772224]
    S3 L6PODX3;L6 POD X3 Service;C:\Windows\System32\drivers\L6PODX364.sys [2011-11-30 772096]
    S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2013-3-6 14136]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-1 19456]
    S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
    S3 SaiKF622;SaiKF622;C:\Windows\System32\drivers\SaiKF622.sys [2009-6-2 140800]
    S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-3-2 27584]
    S3 SSMO3v2Filter;MMO3v2 Mouse;C:\Windows\System32\drivers\MO3v2Driver.sys [2011-12-29 23040]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-1 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-1 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-31 1255736]
    S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-12 203776]
    .
    =============== Created Last 30 ================
    .
    2013-09-21 04:38:02--------d-----w-C:\Program Files (x86)\ESET
    2013-09-20 11:49:50--------d-----w-C:\Program Files (x86)\Common Files\COMODO
    2013-09-13 22:17:58--------d-s---w-C:\ProgramData\Shared Space
    2013-09-13 22:17:46--------d-----w-C:\Program Files\COMODO
    2013-09-13 22:17:1056072----a-w-C:\Windows\System32\certsentry.dll
    2013-09-13 22:17:1047368----a-w-C:\Windows\SysWow64\certsentry.dll
    2013-09-13 22:16:57--------d-----w-C:\ProgramData\Comodo Downloader
    2013-09-13 21:39:133968960----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2013-09-06 17:38:40--------d-----w-C:\$RECYCLE.BIN
    2013-09-06 05:48:55332288----a-w-C:\Windows\System32\uxtheme.new
    2013-09-06 05:27:2840208----a-w-C:\Windows\System32\Partizan.exe
    2013-09-06 05:16:12--------d-----w-C:\ProgramData\RegRun
    2013-09-06 05:16:062--shatr-C:\Windows\winstart.bat
    2013-09-06 05:16:01--------d-----w-C:\Program Files (x86)\UnHackMe
    2013-09-04 00:24:33--------d-----w-C:\AdwCleaner
    2013-09-03 11:30:3439200----a-w-C:\Windows\System32\drivers\nvvad64v.sys
    2013-09-03 11:30:3429984----a-w-C:\Windows\System32\nvaudcap64v.dll
    2013-09-03 11:30:3428448----a-w-C:\Windows\SysWow64\nvaudcap32v.dll
    2013-09-03 02:44:19--------d-----w-C:\Users\icenhour76\AppData\Roaming\SanDisk SecureAccess
    2013-08-27 22:48:5839936----a-w-C:\Windows\System32\drivers\tssecsrv.sys
    2013-08-27 22:48:021910208----a-w-C:\Windows\System32\drivers\tcpip.sys
    .
    ==================== Find3M ====================
    .
    2013-09-20 03:23:1371048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-09-20 03:23:13692616----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-08-19 06:50:40283064----a-w-C:\Windows\System32\drivers\dtsoftbus01.sys
    2013-08-18 17:44:231376768----a-w-C:\Users\icenhour76\7z920-x64.msi
    2013-08-10 05:22:182241024----a-w-C:\Windows\System32\wininet.dll
    2013-08-10 05:20:593959296----a-w-C:\Windows\System32\jscript9.dll
    2013-08-10 05:20:5567072----a-w-C:\Windows\System32\iesetup.dll
    2013-08-10 05:20:55136704----a-w-C:\Windows\System32\iesysprep.dll
    2013-08-10 03:59:101767936----a-w-C:\Windows\SysWow64\wininet.dll
    2013-08-10 03:58:092876928----a-w-C:\Windows\SysWow64\jscript9.dll
    2013-08-10 03:58:0661440----a-w-C:\Windows\SysWow64\iesetup.dll
    2013-08-10 03:58:06109056----a-w-C:\Windows\SysWow64\iesysprep.dll
    2013-08-10 03:17:382706432----a-w-C:\Windows\System32\mshtml.tlb
    2013-08-10 03:07:502706432----a-w-C:\Windows\SysWow64\mshtml.tlb
    2013-08-10 02:27:5989600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
    2013-08-10 02:17:1971680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-08-08 01:20:433155456----a-w-C:\Windows\System32\win32k.sys
    2013-08-05 02:25:45155584----a-w-C:\Windows\System32\drivers\ataport.sys
    2013-08-02 02:23:535550528----a-w-C:\Windows\System32\ntoskrnl.exe
    2013-08-02 02:15:441732032----a-w-C:\Windows\System32\ntdll.dll
    2013-08-02 02:15:03362496----a-w-C:\Windows\System32\wow64win.dll
    2013-08-02 02:15:03243712----a-w-C:\Windows\System32\wow64.dll
    2013-08-02 02:15:0313312----a-w-C:\Windows\System32\wow64cpu.dll
    2013-08-02 02:14:57215040----a-w-C:\Windows\System32\winsrv.dll
    2013-08-02 02:14:1116384----a-w-C:\Windows\System32\ntvdm64.dll
    2013-08-02 02:13:34424448----a-w-C:\Windows\System32\KernelBase.dll
    2013-08-02 01:59:303913664----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2013-08-02 01:51:231292192----a-w-C:\Windows\SysWow64\ntdll.dll
    2013-08-02 01:50:425120----a-w-C:\Windows\SysWow64\wow32.dll
    2013-08-02 01:50:42274944----a-w-C:\Windows\SysWow64\KernelBase.dll
    2013-08-02 01:09:17338432----a-w-C:\Windows\System32\conhost.exe
    2013-08-02 00:59:09112640----a-w-C:\Windows\System32\smss.exe
    2013-08-02 00:45:3725600----a-w-C:\Windows\SysWow64\setup16.exe
    2013-08-02 00:45:3614336----a-w-C:\Windows\SysWow64\ntvdm64.dll
    2013-08-02 00:45:357680----a-w-C:\Windows\SysWow64\instnm.exe
    2013-08-02 00:45:342048----a-w-C:\Windows\SysWow64\user.exe
    2013-08-02 00:43:056144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2013-08-02 00:43:054608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-08-02 00:43:053584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2013-08-02 00:43:053072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2013-07-25 09:25:541888768----a-w-C:\Windows\System32\WMVDECOD.DLL
    2013-07-25 08:57:271620992----a-w-C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-19 01:58:422048----a-w-C:\Windows\System32\tzres.dll
    2013-07-19 01:41:012048----a-w-C:\Windows\SysWow64\tzres.dll
    2013-07-09 05:52:52224256----a-w-C:\Windows\System32\wintrust.dll
    2013-07-09 05:51:161217024----a-w-C:\Windows\System32\rpcrt4.dll
    2013-07-09 05:46:20184320----a-w-C:\Windows\System32\cryptsvc.dll
    2013-07-09 05:46:201472512----a-w-C:\Windows\System32\crypt32.dll
    2013-07-09 05:46:20139776----a-w-C:\Windows\System32\cryptnet.dll
    2013-07-09 04:52:33663552----a-w-C:\Windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52:10175104----a-w-C:\Windows\SysWow64\wintrust.dll
    2013-07-09 04:46:31140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
    2013-07-09 04:46:311166848----a-w-C:\Windows\SysWow64\crypt32.dll
    2013-07-09 04:46:31103936----a-w-C:\Windows\SysWow64\cryptnet.dll
    2013-07-08 20:59:52708632----a-w-C:\Windows\System32\drivers\cmdguard.sys
    2013-07-01 17:58:1596168----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-07-01 17:58:15867240----a-w-C:\Windows\SysWow64\npdeployJava1.dll
    2013-07-01 17:58:15789416----a-w-C:\Windows\SysWow64\deployJava1.dll
    .
    ============= FINISH: 16:35:00.94 ===============
     
  8. Broni

    Broni Malware Annihilator Posts: 47,075   +257

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    Not much there.
    Are you having any particular issues?

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  9. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    Rkill 2.6.1 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 09/23/2013 06:32:46 PM in x64 mode. (Safe Mode)
    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Defender Disabled

    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:

    * Base Filtering Engine (BFE) is not Running.
    Startup Type set to: Automatic

    * DHCP Client (Dhcp) is not Running.
    Startup Type set to: Automatic

    * DNS Client (Dnscache) is not Running.
    Startup Type set to: Automatic

    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Automatic

    * Windows Firewall (MpsSvc) is not Running.
    Startup Type set to: Automatic

    * Network Connections (Netman) is not Running.
    Startup Type set to: Manual

    * Network Store Interface Service (nsi) is not Running.
    Startup Type set to: Automatic

    * Windows Defender (WinDefend) is not Running.
    Startup Type set to: Manual

    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Ancillary Function Driver for Winsock (AFD) is not Running.
    Startup Type set to: System

    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup Type set to: Manual

    * NetBT (NetBT) is not Running.
    Startup Type set to: System

    * NSI proxy service driver. (nsiproxy) is not Running.
    Startup Type set to: System

    * NetIO Legacy TDI Support Driver (tdx) is not Running.
    Startup Type set to: System

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1localhost

    Program finished at: 09/23/2013 06:32:52 PM
    Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)
     
  10. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    ComboFix 13-09-23.02 - icenhour76 09/23/2013 18:38:05.9.6 - x64 MINIMAL
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16383.15042 [GMT -4:00]
    Running from: c:\users\icenhour76\Desktop\your_name.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Preferences
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-08-23 to 2013-09-23 )))))))))))))))))))))))))))))))
    .
    .
    2013-09-21 04:38 . 2013-09-21 04:38--------d-----w-c:\program files (x86)\ESET
    2013-09-20 11:49 . 2013-09-20 11:49--------d-----w-c:\program files (x86)\Common Files\COMODO
    2013-09-13 22:17 . 2013-09-13 22:19--------d-s---w-c:\programdata\Shared Space
    2013-09-13 22:17 . 2013-09-13 22:17--------d-----w-c:\program files\COMODO
    2013-09-13 22:17 . 2013-09-13 22:1756072----a-w-c:\windows\system32\certsentry.dll
    2013-09-13 22:17 . 2013-09-13 22:1747368----a-w-c:\windows\SysWow64\certsentry.dll
    2013-09-13 22:16 . 2013-09-13 22:16--------d-----w-c:\programdata\Comodo Downloader
    2013-09-13 21:39 . 2013-08-02 01:593968960----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2013-09-06 05:48 . 2013-09-06 05:48332288----a-w-c:\windows\system32\uxtheme.new
    2013-09-06 05:27 . 2013-09-06 05:2740208----a-w-c:\windows\system32\Partizan.exe
    2013-09-06 05:16 . 2013-09-07 16:18--------d-----w-c:\programdata\RegRun
    2013-09-06 05:16 . 2013-09-06 05:162--shatr-c:\windows\winstart.bat
    2013-09-06 05:16 . 2013-09-07 16:19--------d-----w-c:\program files (x86)\UnHackMe
    2013-09-04 00:24 . 2013-09-06 18:05--------d-----w-C:\AdwCleaner
    2013-09-03 11:30 . 2013-08-20 13:3339200----a-w-c:\windows\system32\drivers\nvvad64v.sys
    2013-09-03 11:30 . 2013-08-20 13:3229984----a-w-c:\windows\system32\nvaudcap64v.dll
    2013-09-03 11:30 . 2013-08-20 13:3228448----a-w-c:\windows\SysWow64\nvaudcap32v.dll
    2013-09-03 02:44 . 2013-09-03 02:44--------d-----w-c:\users\icenhour76\AppData\Roaming\SanDisk SecureAccess
    2013-08-27 22:48 . 2013-06-15 04:3239936----a-w-c:\windows\system32\drivers\tssecsrv.sys
    2013-08-27 22:48 . 2013-07-06 06:031910208----a-w-c:\windows\system32\drivers\tcpip.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-09-20 03:23 . 2012-03-30 04:19692616----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2013-09-20 03:23 . 2011-12-29 20:2671048----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-09-13 21:43 . 2011-12-31 15:0379143768----a-w-c:\windows\system32\MRT.exe
    2013-08-19 06:50 . 2013-08-19 06:50283064----a-w-c:\windows\system32\drivers\dtsoftbus01.sys
    2013-08-18 17:44 . 2013-08-18 17:441376768----a-w-c:\users\icenhour76\7z920-x64.msi
    2013-08-02 01:48 . 2013-09-13 21:3944032----a-w-c:\windows\apppatch\acwow64.dll
    2013-07-15 07:34 . 2013-07-22 00:319460976----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{694B69B6-CF48-44E3-9797-969BE3766595}\mpengine.dll
    2013-07-08 20:59 . 2013-06-18 20:16708632----a-w-c:\windows\system32\drivers\cmdguard.sys
    2013-07-01 17:58 . 2013-07-01 17:5896168----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-07-01 17:58 . 2012-02-12 14:24867240----a-w-c:\windows\SysWow64\npdeployJava1.dll
    2013-07-01 17:58 . 2012-02-05 02:02789416----a-w-c:\windows\SysWow64\deployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
    "Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2011-02-22 182784]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-09-17 2327248]
    .
    c:\users\icenhour76\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-11-4 41160]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2013-9-19 49360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
    R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]
    R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
    R2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
    R2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    R2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x]
    R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys;c:\programdata\bitraider\BRDriver64.sys [x]
    R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
    R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
    R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 L6PODHDBEAN;Service - Line 6 POD HD;c:\windows\system32\Drivers\L6PODHDBEAN64.sys;c:\windows\SYSNATIVE\Drivers\L6PODHDBEAN64.sys [x]
    R3 L6PODX3;L6 POD X3 Service;c:\windows\system32\Drivers\L6PODX364.sys;c:\windows\SYSNATIVE\Drivers\L6PODX364.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
    R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
    R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
    R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    R3 SaiKF622;SaiKF622;c:\windows\system32\DRIVERS\SaiKF622.sys;c:\windows\SYSNATIVE\DRIVERS\SaiKF622.sys [x]
    R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
    R3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys;c:\windows\SYSNATIVE\drivers\MO3v2Driver.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
    S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
    S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys;c:\windows\SYSNATIVE\DRIVERS\nvoclk64.sys [x]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-09-19 00:391177552----a-w-c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 03:23]
    .
    2013-09-23 c:\windows\Tasks\GlaryInitialize 3.job
    - c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-07-06 14:31]
    .
    2013-09-23 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files (x86)\Glary Utilities\initialize.exe [2012-04-03 20:51]
    .
    2013-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10 02:33]
    .
    2013-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10 02:33]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
    "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272]
    "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-25 13320808]
    "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
    "IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
    "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-07-08 1502424]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://us.yahoo.com?fr=fp-comodo
    uInternet Settings,ProxyServer = localhost:8080
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{86AB6FA6-FCFA-46CA-982F-A74586D9A137}: NameServer = 208.67.220.222
    FF - ProfilePath - c:\users\icenhour76\AppData\Roaming\Mozilla\Firefox\Profiles\ntebj8uu.default\
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3248671020-3738731255-3598294349-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):a9,02,94,de,50,49,8a,df,05,1a,ed,a5,0a,b0,c7,b5,1b,20,fe,1d,2f,
    48,d7,53,3a,cb,b3,91,d4,69,33,7a,bf,5f,f0,20,af,4c,f2,95,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3248671020-3738731255-3598294349-1001_Classes\Wow6432Node\CLSID\{5edfaf09-d210-4871-96d9-313263d5bf2f}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000083
    "Therad"=dword:0000001e
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,53,4e,1a,5b,76,50,55,59,9d,cc,e7,b1,95,58,29,cd,57,86,fd,49,12,56,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-09-23 18:49:18
    ComboFix-quarantined-files.txt 2013-09-23 22:49
    .
    Pre-Run: 62,811,537,408 bytes free
    Post-Run: 62,673,915,904 bytes free
    .
    - - End Of File - - 167B53E8C601EDB8A82FB1B9F09FE3B6
    A36C5E4F47E84449FF07ED3517B43A31
     
  11. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    Had to run both of those in safe mode cause combo fix would just not run and kept stalling out and freezeing the fisrt time I tried
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,075   +257

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    # AdwCleaner v3.005 - Report created 23/09/2013 at 19:55:05
    # Updated 22/09/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : icenhour76 - ICENHOUR76-PC
    # Running from : C:\Users\icenhour76\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16686


    -\\ Mozilla Firefox v18.0.2 (en-US)

    [ File : C:\Users\icenhour76\AppData\Roaming\Mozilla\Firefox\Profiles\ntebj8uu.default\prefs.js ]


    -\\ Google Chrome v29.0.1547.76

    [ File : C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R1].txt - [922 octets] - [06/09/2013 14:03:05]
    AdwCleaner[R2].txt - [1479 octets] - [23/09/2013 19:53:40]
    AdwCleaner[S1].txt - [982 octets] - [06/09/2013 14:05:30]
    AdwCleaner[S2].txt - [1410 octets] - [23/09/2013 19:55:05]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1470 octets] ##########
     
  14. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    And now jrt wont run its giving me a 7zip efx error
     
  15. Broni

    Broni Malware Annihilator Posts: 47,075   +257

    What's the exact error?

    Did you?
     
  16. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    Yes did that
     
  17. Broni

    Broni Malware Annihilator Posts: 47,075   +257

     
  18. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    OTL logfile created on: 9/23/2013 8:22:29 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\icenhour76\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16686)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    16.00 Gb Total Physical Memory | 13.66 Gb Available Physical Memory | 85.39% Memory free
    32.00 Gb Paging File | 29.58 Gb Available in Paging File | 92.43% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 58.67 Gb Free Space | 6.30% Space Free | Partition Type: NTFS
    Drive F: | 7.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive G: | 6.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive I: | 1397.26 Gb Total Space | 382.15 Gb Free Space | 27.35% Space Free | Partition Type: NTFS
    Drive K: | 3.72 Gb Total Space | 0.01 Gb Free Space | 0.16% Space Free | Partition Type: FAT32

    Computer Name: ICENHOUR76-PC | User Name: icenhour76 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/09/23 19:51:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\icenhour76\Desktop\OTL.exe
    PRC - [2013/09/19 11:15:30 | 000,227,024 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
    PRC - [2013/09/19 11:15:30 | 000,216,272 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
    PRC - [2013/09/19 11:15:30 | 000,070,352 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
    PRC - [2013/09/17 12:00:52 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    PRC - [2013/08/27 17:16:41 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    PRC - [2013/08/27 17:16:03 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2013/08/09 22:33:00 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
    PRC - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2013/05/29 08:19:04 | 002,094,216 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/11/19 18:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/03/02 18:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2012/02/14 04:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
    PRC - [2011/02/22 11:52:12 | 000,182,784 | ---- | M] (Ideazon, Inc.) -- C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/09/23 18:54:57 | 000,112,318 | ---- | M] () -- C:\Users\icenhour76\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
    MOD - [2013/08/28 13:38:08 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
    MOD - [2013/08/28 13:38:08 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.Wrapper.dll
    MOD - [2013/08/28 13:38:07 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
    MOD - [2013/08/28 13:38:06 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
    MOD - [2013/08/28 13:37:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
    MOD - [2013/08/28 13:37:23 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
    MOD - [2013/08/28 13:36:43 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
    MOD - [2013/08/28 13:36:37 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
    MOD - [2013/08/28 13:36:35 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
    MOD - [2013/07/23 22:13:55 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll
    MOD - [2013/07/23 22:13:27 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
    MOD - [2011/02/16 14:38:44 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Ideazon\ZEngine\AxWBOCXLib.dll
    MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/11/20 23:24:07 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    MOD - [2009/07/13 21:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
    MOD - [2009/06/10 17:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/08/27 17:17:43 | 014,997,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
    SRV:64bit: - [2013/07/08 16:59:40 | 006,199,520 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV:64bit: - [2013/06/18 16:15:30 | 000,158,936 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
    SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2011/01/12 22:56:56 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2013/09/19 23:23:16 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/09/19 11:15:30 | 000,070,352 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
    SRV - [2013/09/17 12:00:52 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
    SRV - [2013/08/27 17:16:03 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/07/26 18:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2013/05/29 08:19:04 | 002,094,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
    SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/05/09 17:59:50 | 000,938,776 | ---- | M] (BitRaider, LLC) [On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRSptSvc.exe -- (BRSptSvc)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013/02/01 14:22:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/11/02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/03/02 18:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
    SRV - [2012/03/02 18:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/09/19 17:59:40 | 000,278,336 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/08/20 09:33:40 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
    DRV:64bit: - [2013/08/19 02:50:40 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2013/06/18 16:16:08 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
    DRV:64bit: - [2013/04/11 03:18:40 | 000,384,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2013/02/25 01:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012/12/10 04:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012/11/08 04:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/10/12 16:35:26 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/03/26 16:00:20 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6PODHDBEAN64.sys -- (L6PODHDBEAN)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/11/30 16:13:48 | 000,772,096 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6PODX364.sys -- (L6PODX3)
    DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
    DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
    DRV:64bit: - [2011/06/10 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2011/01/12 23:39:32 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/01/12 22:15:22 | 000,299,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/12/17 16:25:44 | 000,023,040 | ---- | M] (Sagatek Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MO3v2Driver.sys -- (SSMO3v2Filter)
    DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2010/11/29 04:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/17 08:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/08/10 08:43:14 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
    DRV:64bit: - [2010/08/10 08:43:14 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
    DRV:64bit: - [2010/06/17 05:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
    DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2009/09/15 14:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
    DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/02 15:08:50 | 000,140,800 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiKF622.sys -- (SaiKF622)
    DRV:64bit: - [2007/07/23 10:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
    DRV:64bit: - [2007/03/20 12:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
    DRV - [2013/05/09 19:11:14 | 000,074,024 | ---- | M] (BitRaider) [File_System | On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRDriver64.sys -- (BRDriver64)
    DRV - [2012/02/04 22:23:04 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
    DRV - [2010/10/22 11:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
    IE - HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 A7 7D A0 65 DF CD 01 [binary data]
    IE - HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\..\SearchScopes\{34915D43-3CC5-49D5-8458-672730A1455C}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
    IE - HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080

    IE - HKU\S-1-5-21-3248671020-3738731255-3598294349-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-3248671020-3738731255-3598294349-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-3248671020-3738731255-3598294349-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F F3 02 92 E7 6E CD 01 [binary data]
    IE - HKU\S-1-5-21-3248671020-3738731255-3598294349-1007\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3248671020-3738731255-3598294349-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3248671020-3738731255-3598294349-1007\..\SearchScopes\{34915D43-3CC5-49D5-8458-672730A1455C}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-3248671020-3738731255-3598294349-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
    FF - HKCU\Software\MozillaPlugins\@plugin.couponnetwork.com/Coupon Print Activator;version=4.5: C:\Users\icenhour76\AppData\Roaming\E-centives\NPcolPM460.dll (Invenda)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/05/15 08:38:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/16 09:09:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/16 15:30:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/24 19:52:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/24 19:52:39 | 000,000,000 | ---D | M]

    [2013/02/13 16:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\icenhour76\AppData\Roaming\Mozilla\Extensions
    [2013/04/10 09:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\icenhour76\AppData\Roaming\Mozilla\Firefox\Profiles\ntebj8uu.default\extensions
    [2013/04/10 09:02:27 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\icenhour76\AppData\Roaming\Mozilla\Firefox\Profiles\ntebj8uu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/02/13 16:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/02/01 14:22:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2013/02/01 14:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/02/01 14:22:13 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
    CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
    CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Coupon Activator Netscape Plugin v. 4.5.0.0 (Enabled) = C:\Users\icenhour76\AppData\Roaming\E-centives\NPcolPM460.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
    CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
    CHR - Extension: Google Docs = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
    CHR - Extension: Google Drive = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
    CHR - Extension: WOT = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.0.17_0\
    CHR - Extension: Audiotool = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk\1.1_0\
    CHR - Extension: YouTube = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
    CHR - Extension: Classic Games = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc\1.0_0\
    CHR - Extension: Guitarist's Reference = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\cddaabhppoebkmalboinjhgofbhdbcgk\1_0\
    CHR - Extension: Adblock Plus = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\
    CHR - Extension: Google Search = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
    CHR - Extension: Netflix = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh\1.0.0.2_0\
    CHR - Extension: Tampermonkey = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.4.3568.10_0\
     
  19. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    CHR - Extension: Full Screen Weather = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
    CHR - Extension: AdBlock = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0\
    CHR - Extension: Crackle = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
    CHR - Extension: Google Play = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0\
    CHR - Extension: Divvr = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackkieddhpmioebogincgkkcagabhgm\2.0_0\
    CHR - Extension: AudioSauna = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae\0.404_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
    CHR - Extension: Falling Sand Game = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdknckljjbdpkhgmcokoahffbdinafbo\1.3_0\
    CHR - Extension: Gmail = C:\Users\icenhour76\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

    O1 HOSTS File: ([2013/09/23 18:47:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
    O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
    O4 - HKLM..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
    O4 - HKU\S-1-5-21-3248671020-3738731255-3598294349-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
    O4 - HKU\S-1-5-21-3248671020-3738731255-3598294349-1007..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Users\icenhour76\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3248671020-3738731255-3598294349-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3248671020-3738731255-3598294349-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.25.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.25.2)
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86AB6FA6-FCFA-46CA-982F-A74586D9A137}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86AB6FA6-FCFA-46CA-982F-A74586D9A137}: NameServer = 208.67.220.222
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/09/23 20:17:23 | 001,030,038 | ---- | C] (Thisisu) -- C:\Users\icenhour76\Desktop\JRT.exe
    [2013/09/23 19:51:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\icenhour76\Desktop\OTL.exe
    [2013/09/23 18:49:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/09/23 18:49:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/09/23 18:36:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/09/23 18:36:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/09/23 18:36:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/09/23 18:33:30 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/09/23 16:08:42 | 000,000,000 | ---D | C] -- C:\Users\icenhour76\Desktop\RK_Quarantine
    [2013/09/21 00:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2013/09/21 00:37:29 | 002,347,384 | ---- | C] (ESET) -- C:\Users\icenhour76\Desktop\esetsmartinstaller_enu.exe
    [2013/09/20 07:49:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COMODO
    [2013/09/13 18:17:58 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
    [2013/09/13 18:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2013/09/13 18:17:10 | 000,056,072 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
    [2013/09/13 18:17:10 | 000,047,368 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
    [2013/09/13 18:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
    [2013/09/07 12:21:21 | 000,000,000 | ---D | C] -- C:\Users\icenhour76\Desktop\bluescreenview
    [2013/09/06 12:55:00 | 000,000,000 | ---D | C] -- C:\Users\icenhour76\Desktop\mbar
    [2013/09/06 01:27:28 | 000,040,208 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
    [2013/09/06 01:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
    [2013/09/06 01:16:05 | 000,000,000 | ---D | C] -- C:\Users\icenhour76\Documents\RegRun2
    [2013/09/06 01:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
    [2013/09/05 01:56:38 | 000,000,000 | ---D | C] -- C:\Users\icenhour76\Desktop\JoyToKey_en
    [2013/09/03 20:24:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/09/02 22:44:19 | 000,000,000 | ---D | C] -- C:\Users\icenhour76\AppData\Roaming\SanDisk SecureAccess
    [2012/09/01 17:29:46 | 017,747,416 | ---- | C] (DisplayLink Corp.) -- C:\Users\icenhour76\DisplayLink_6.3M1.exe
    [2012/07/07 01:00:46 | 006,993,056 | ---- | C] (Saitek ) -- C:\Users\icenhour76\Saitek_Cyborg_V3_Pad_SD6_64_Drivers_pfw.exe
    [2012/07/07 01:00:36 | 060,267,040 | ---- | C] (Saitek ) -- C:\Users\icenhour76\Smart_Technology_7_0_2_7_64bit.exe
    [2012/03/03 18:01:17 | 015,125,536 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\icenhour76\SUPERAntiSpyware.exe
    [2012/02/04 22:18:27 | 002,841,613 | ---- | C] (Igor Pavlov) -- C:\Users\icenhour76\RivaTuner224c-[Guru3D.com].exe
    [2011/12/29 16:06:20 | 003,104,808 | ---- | C] (Imation Corporation) -- C:\Users\icenhour76\Link Paring Tool v3.exe

    ========== Files - Modified Within 30 Days ==========

    [2013/09/23 20:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/09/23 20:17:33 | 001,030,038 | ---- | M] (Thisisu) -- C:\Users\icenhour76\Desktop\JRT.exe
    [2013/09/23 20:17:12 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/09/23 20:17:12 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/09/23 20:09:21 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job
    [2013/09/23 20:08:22 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/09/23 20:08:13 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
    [2013/09/23 20:07:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/09/23 20:07:26 | 4294,320,126 | -HS- | M] () -- C:\hiberfil.sys
    [2013/09/23 19:51:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\icenhour76\Desktop\OTL.exe
    [2013/09/23 19:51:03 | 001,042,066 | ---- | M] () -- C:\Users\icenhour76\Desktop\adwcleaner.exe
    [2013/09/23 19:38:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/09/23 18:56:19 | 138,012,152 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2013/09/23 18:47:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/09/23 16:14:51 | 003,812,352 | ---- | M] () -- C:\Users\icenhour76\Desktop\RogueKillerX64.exe
    [2013/09/21 00:40:17 | 000,005,454 | ---- | M] () -- C:\Users\icenhour76\Documents\cc_20130921_004011.reg
    [2013/09/21 00:37:31 | 002,347,384 | ---- | M] (ESET) -- C:\Users\icenhour76\Desktop\esetsmartinstaller_enu.exe
    [2013/09/20 07:49:51 | 000,002,043 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
    [2013/09/20 07:49:51 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
    [2013/09/20 06:32:53 | 000,000,221 | ---- | M] () -- C:\Users\icenhour76\Desktop\Risen 2 - Dark Waters.url
    [2013/09/19 18:33:37 | 000,839,684 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2013/09/19 06:15:46 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/09/19 06:15:46 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/09/19 06:15:46 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/09/18 20:41:45 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/09/14 00:03:11 | 000,000,220 | ---- | M] () -- C:\Users\icenhour76\Desktop\Armed and Dangerous.url
    [2013/09/13 20:38:42 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
    [2013/09/13 18:17:30 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk
    [2013/09/13 18:17:19 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
    [2013/09/13 18:17:10 | 000,056,072 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
    [2013/09/13 18:17:10 | 000,047,368 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
    [2013/09/08 13:52:47 | 000,067,612 | ---- | M] () -- C:\Users\icenhour76\Desktop\DIASYNGrevA.pdf
    [2013/09/07 12:21:00 | 000,066,913 | ---- | M] () -- C:\Users\icenhour76\Desktop\bluescreenview.zip
    [2013/09/06 13:38:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130913-191454.backup
    [2013/09/06 01:48:51 | 000,000,076 | ---- | M] () -- C:\Windows\SysNative\Partizan.RRI
    [2013/09/06 01:27:28 | 000,040,208 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
    [2013/09/06 01:16:06 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
    [2013/09/06 01:16:06 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
    [2013/09/06 01:16:06 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
    [2013/09/05 01:56:28 | 000,753,800 | ---- | M] () -- C:\Users\icenhour76\Desktop\JoyToKey_en.zip
    [2013/08/27 16:06:30 | 000,356,986 | ---- | M] () -- C:\Users\icenhour76\txt dog.jpg
    [2013/08/27 02:23:40 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/08/27 01:17:34 | 000,059,922 | ---- | M] () -- C:\Users\icenhour76\cominfor yabooty.jpg
    [2013/08/26 02:36:01 | 741,808,174 | ---- | M] () -- C:\Users\icenhour76\Desktop\ddlsource.com_Cottage.Country.2013.DVDRip.XviD-F0RFUN.avi
    [2013/08/26 02:26:30 | 857,493,015 | ---- | M] () -- C:\Users\icenhour76\Desktop\SMM2Dx-IGUANA.mkv

    ========== Files Created - No Company Name ==========

    [2013/09/23 19:51:02 | 001,042,066 | ---- | C] () -- C:\Users\icenhour76\Desktop\adwcleaner.exe
    [2013/09/23 18:36:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/09/23 18:36:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/09/23 18:36:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/09/23 18:36:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/09/23 18:36:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/09/23 16:14:41 | 003,812,352 | ---- | C] () -- C:\Users\icenhour76\Desktop\RogueKillerX64.exe
    [2013/09/21 00:40:15 | 000,005,454 | ---- | C] () -- C:\Users\icenhour76\Documents\cc_20130921_004011.reg
    [2013/09/20 06:32:53 | 000,000,221 | ---- | C] () -- C:\Users\icenhour76\Desktop\Risen 2 - Dark Waters.url
    [2013/09/14 00:03:11 | 000,000,220 | ---- | C] () -- C:\Users\icenhour76\Desktop\Armed and Dangerous.url
    [2013/09/13 18:19:51 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
    [2013/09/13 18:17:30 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk
    [2013/09/13 18:17:30 | 000,002,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
    [2013/09/13 18:17:30 | 000,002,043 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
    [2013/09/13 18:17:19 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
    [2013/09/08 13:52:47 | 000,067,612 | ---- | C] () -- C:\Users\icenhour76\Desktop\DIASYNGrevA.pdf
    [2013/09/07 12:20:58 | 000,066,913 | ---- | C] () -- C:\Users\icenhour76\Desktop\bluescreenview.zip
    [2013/09/06 01:27:28 | 000,000,076 | ---- | C] () -- C:\Windows\SysNative\Partizan.RRI
    [2013/09/06 01:16:06 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
    [2013/09/06 01:16:06 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
    [2013/09/06 01:16:06 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
    [2013/09/05 01:56:26 | 000,753,800 | ---- | C] () -- C:\Users\icenhour76\Desktop\JoyToKey_en.zip
    [2013/08/27 16:06:28 | 000,356,986 | ---- | C] () -- C:\Users\icenhour76\txt dog.jpg
    [2013/08/27 01:17:52 | 000,059,922 | ---- | C] () -- C:\Users\icenhour76\cominfor yabooty.jpg
    [2013/08/26 02:24:22 | 741,808,174 | ---- | C] () -- C:\Users\icenhour76\Desktop\ddlsource.com_Cottage.Country.2013.DVDRip.XviD-F0RFUN.avi
    [2013/08/26 02:12:55 | 857,493,015 | ---- | C] () -- C:\Users\icenhour76\Desktop\SMM2Dx-IGUANA.mkv
    [2013/08/18 13:44:22 | 001,376,768 | ---- | C] () -- C:\Users\icenhour76\7z920-x64.msi
    [2013/08/09 22:30:24 | 000,364,506 | ---- | C] () -- C:\Users\icenhour76\bookmarks_8_9_13.html
    [2013/07/31 07:17:47 | 038,802,013 | ---- | C] () -- C:\Users\icenhour76\vlc-skins.zip
    [2013/07/21 17:39:25 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
    [2013/05/14 16:41:52 | 538,519,584 | ---- | C] () -- C:\Users\icenhour76\The.Avengers.2012.iNTERNAL.BDRip.XviD-EXViDiNT.avi.flv
    [2013/05/02 02:42:22 | 002,959,964 | ---- | C] () -- C:\Users\icenhour76\Suffocation - As Grace Descends.mp3
    [2013/02/02 13:46:12 | 000,109,973 | ---- | C] () -- C:\Users\icenhour76\METALLICA.pdf
    [2013/02/02 13:37:27 | 023,312,607 | ---- | C] () -- C:\Users\icenhour76\Metallica - Metallica (Guitar Tab Song Book).pdf
    [2013/01/30 05:43:33 | 1347,770,276 | ---- | C] () -- C:\Users\icenhour76\Star_Wars_VI_-_Return_of_the_Jedi_-_Rifftrax.avi.mp4
    [2013/01/30 02:28:14 | 515,873,141 | ---- | C] () -- C:\Users\icenhour76\Star Wars III Revenge the Sith Rifftrax avi mp4.mp4
    [2013/01/29 21:56:00 | 1561,879,989 | ---- | C] () -- C:\Users\icenhour76\Star_Wars_II_-_Attack_of_the_Clones_-_Rifftrax.avi.mp4
    [2013/01/29 21:18:16 | 769,862,298 | ---- | C] () -- C:\Users\icenhour76\starwars 1Rifftrax.avi
    [2013/01/29 03:02:15 | 001,267,860 | ---- | C] () -- C:\Users\icenhour76\MeAmBobbo_PodHD_Guide.pdf
    [2013/01/21 23:24:00 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2013/01/03 15:59:23 | 000,391,953 | ---- | C] () -- C:\Users\icenhour76\DSfix201.zip
    [2012/12/13 14:45:39 | 1648,473,131 | ---- | C] () -- C:\Users\icenhour76\Star_Wars_V_-_Empire_Strikes_Back_-_Rifftrax.avi.mp4
    [2012/12/13 09:28:42 | 1431,164,535 | ---- | C] () -- C:\Users\icenhour76\Star_Wars_IV_-_A_New_Hope_-_Rifftrax.avi.mp4
    [2012/12/10 13:03:12 | 005,752,784 | ---- | C] () -- C:\Users\icenhour76\POD HD Advanced Guide v2.10 - English ( Rev A ).pdf
    [2012/11/27 22:54:06 | 003,446,602 | ---- | C] () -- C:\Users\icenhour76\phonemanuel.pdf
    [2012/11/24 17:00:40 | 000,391,465 | ---- | C] () -- C:\Users\icenhour76\DSFix19-19-1-9.zip
    [2012/11/24 05:06:33 | 000,529,633 | ---- | C] () -- C:\Users\icenhour76\cavestory.zip
    [2012/11/24 05:06:16 | 000,921,985 | ---- | C] () -- C:\Users\icenhour76\dou_1006.zip
    [2012/11/19 23:16:34 | 000,242,800 | ---- | C] () -- C:\Users\icenhour76\Cartoon_regular show_299480.jpg
    [2012/11/09 22:15:20 | 002,775,048 | ---- | C] () -- C:\Users\icenhour76\Vmaxh-OwnersManual.pdf
    [2012/11/09 22:15:08 | 002,775,048 | ---- | C] () -- C:\Users\icenhour76\vmaxmanual.pdf
    [2012/11/05 02:46:04 | 007,353,041 | ---- | C] () -- C:\Users\icenhour76\POD HD Model Gallery - English ( Rev D ).pdf
    [2012/10/07 01:20:19 | 000,001,116 | ---- | C] () -- C:\Users\icenhour76\DivX Plus Player.lnk
    [2012/10/03 16:58:01 | 103,709,007 | ---- | C] () -- C:\Users\icenhour76\Squidbillies_album_and_art.zip
    [2012/10/03 16:45:20 | 065,552,200 | ---- | C] () -- C:\Users\icenhour76\metal_swim_mp3s.zip
    [2012/09/25 18:44:48 | 000,086,333 | ---- | C] () -- C:\Users\icenhour76\ez2517.jpg
    [2012/09/24 13:20:42 | 000,197,455 | ---- | C] () -- C:\Users\icenhour76\freegunsbl2.jpg
    [2012/09/03 18:25:46 | 000,005,529 | ---- | C] () -- C:\Users\icenhour76\mepic.jpg
    [2012/08/07 16:38:21 | 017,974,226 | ---- | C] () -- C:\Users\icenhour76\Ghostbusters RPG - Operations Manual.pdf
    [2012/08/07 04:41:02 | 008,210,293 | ---- | C] () -- C:\Users\icenhour76\E7596v1.4.zip
    [2012/08/07 04:26:48 | 006,133,196 | ---- | C] () -- C:\Users\icenhour76\MSI_Software_Guide.zip
    [2012/08/07 04:26:18 | 006,421,240 | ---- | C] () -- C:\Users\icenhour76\AMD_RAID_Manual.zip
    [2012/08/03 06:55:41 | 002,141,683 | ---- | C] () -- C:\Users\icenhour76\DroptuneUpdater1.2.zip
    [2012/07/24 03:45:56 | 005,203,236 | ---- | C] () -- C:\Users\icenhour76\KPA_Catalogue_2011EN.pdf
    [2012/07/24 03:44:12 | 000,412,425 | ---- | C] () -- C:\Users\icenhour76\KPA Manual EN Reference.pdf
    [2012/07/24 03:41:07 | 001,078,588 | ---- | C] () -- C:\Users\icenhour76\KPA Manual EN Basics and Profiling.pdf
    [2012/07/06 21:18:36 | 149,137,042 | ---- | C] () -- C:\Users\icenhour76\TheThanosImperative(2011)(Digital)(Zone-Empire).rar
    [2012/07/02 18:13:11 | 118,148,608 | ---- | C] () -- C:\Users\icenhour76\Lost In Time.zip
    [2012/06/20 07:45:01 | 004,427,342 | ---- | C] () -- C:\Users\icenhour76\Heroes_of_Asgard.pdf
    [2012/06/20 07:40:50 | 000,347,648 | ---- | C] () -- C:\Users\icenhour76\BlackwellProseEdda.pdf
    [2012/06/20 07:37:57 | 001,887,719 | ---- | C] () -- C:\Users\icenhour76\road_to_hel.pdf
    [2012/06/20 07:28:53 | 006,130,385 | ---- | C] () -- C:\Users\icenhour76\AndersonProseEdda1.pdf
    [2012/06/20 07:28:16 | 002,426,289 | ---- | C] () -- C:\Users\icenhour76\ChisholmEdda.pdf
    [2012/06/20 07:28:02 | 001,571,426 | ---- | C] () -- C:\Users\icenhour76\StudentEdda.pdf
    [2012/06/17 12:19:36 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
    [2012/06/01 14:51:30 | 000,929,135 | ---- | C] () -- C:\Users\icenhour76\****yocouch.gif
    [2012/05/26 02:41:21 | 000,002,675 | ---- | C] () -- C:\Users\icenhour76\GPGnet.lnk
    [2012/05/26 02:13:05 | 000,074,181 | ---- | C] () -- C:\Users\icenhour76\AppData\Roaming\icarus-dxdiag.xml
    [2012/05/26 00:01:01 | 024,310,874 | ---- | C] () -- C:\Users\icenhour76\AiseesoftTotalMediaConvPlatinum.zip
    [2012/05/20 15:24:27 | 001,220,440 | ---- | C] () -- C:\Users\icenhour76\Dean Ambrose 2nd FCW Theme [LoudTronix.me].mp3
    [2012/05/20 15:02:57 | 006,098,907 | ---- | C] () -- C:\Users\icenhour76\Extreme Music - Tomb It May Concern (Dean Ambrose).mp3
    [2012/05/10 04:48:36 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2012/05/04 16:37:46 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2012/04/24 03:04:51 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
    [2012/04/11 17:27:31 | 000,295,037 | ---- | C] () -- C:\Users\icenhour76\DP 4A Real World.zip
    [2012/04/10 08:51:55 | 003,967,804 | ---- | C] () -- C:\Users\icenhour76\FPR_manual.zip
    [2012/04/10 08:50:31 | 003,623,896 | ---- | C] () -- C:\Users\icenhour76\fpr_complete_guide.pdf
    [2012/04/06 18:31:36 | 000,000,364 | ---- | C] () -- C:\Windows\GearBox.ini
    [2012/04/06 17:42:02 | 000,264,760 | ---- | C] () -- C:\Users\icenhour76\04-05-12.h5s
    [2012/03/29 22:07:20 | 000,592,369 | ---- | C] () -- C:\Users\icenhour76\bugs homer.jpg
    [2012/03/11 17:33:17 | 000,072,523 | ---- | C] () -- C:\Users\icenhour76\survived.jpg
    [2012/02/14 01:35:04 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
    [2012/02/12 00:23:34 | 001,840,839 | ---- | C] () -- C:\Users\icenhour76\Project64_1.6.exe-645.7z
    [2012/02/03 22:22:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/01/16 20:46:35 | 000,001,014 | ---- | C] () -- C:\Users\icenhour76\Mumble.lnk
    [2011/12/31 19:55:37 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2011/12/30 02:19:09 | 000,000,840 | ---- | C] () -- C:\Users\icenhour76\ComicRack.lnk
    [2011/12/30 02:18:47 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/12/30 02:15:58 | 000,002,182 | ---- | C] () -- C:\Users\icenhour76\Adobe Digital Editions.lnk
    [2011/12/29 23:22:02 | 020,288,672 | ---- | C] () -- C:\Users\icenhour76\David Lynn Golemon.rar
    [2011/12/29 22:52:17 | 000,001,503 | ---- | C] () -- C:\Users\icenhour76\D2MultiResGame - Shortcut.lnk
    [2011/12/29 22:48:31 | 000,001,129 | ---- | C] () -- C:\Users\icenhour76\Diablo II - Lord of Destruction.lnk
    [2011/12/29 22:29:45 | 000,007,668 | ---- | C] () -- C:\Users\icenhour76\AppData\Local\Resmon.ResmonCfg
    [2011/12/29 16:39:51 | 000,000,965 | ---- | C] () -- C:\Users\icenhour76\AVG 2012.lnk
    [2011/12/05 22:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2011/12/05 22:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/01/31 09:29:15 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2013/01/31 09:29:15 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2012/02/22 12:55:42 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\Actual Tools
    [2011/12/29 16:40:57 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\AVG2012
    [2013/07/12 06:10:52 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\Awesomium
    [2012/03/16 00:58:44 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\ChemTable Software
    [2012/02/17 20:09:40 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\cYo
    [2013/08/19 03:28:05 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\DAEMON Tools Lite
    [2013/02/01 22:30:27 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\DefendersQuest
    [2012/10/06 21:27:39 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\Digiarty
    [2012/05/10 22:33:07 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\DMCache
    [2012/10/18 09:54:15 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\E-centives
    [2013/01/05 15:42:22 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\Fatshark
    [2013/07/16 13:46:38 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\GlarySoft
    [2011/12/29 16:58:27 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\Ideazon
    [2012/07/29 11:44:56 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\IDM
    [2011/12/29 16:33:57 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\Leadertech
    [2012/06/13 08:17:19 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\Leawo
    [2012/04/07 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\Line 6
    [2013/01/21 23:24:41 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\MinMaxGames
    [2012/01/17 02:59:33 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\Mumble
    [2013/03/08 11:11:23 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\NeopleLauncherDFO
    [2012/09/23 00:08:59 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\OnLive App
    [2012/06/07 00:41:13 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\Opera
    [2012/11/19 23:39:30 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\Rainmeter
    [2013/08/02 04:50:07 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\Rogue Legacy
    [2012/02/27 08:47:58 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\RotMG.Production
    [2012/11/27 23:05:53 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\Samsung
    [2013/09/02 22:44:19 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\SanDisk SecureAccess
    [2011/12/29 23:26:43 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\Spacejock Software
    [2011/12/29 16:56:02 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\SteelSeries
    [2013/07/29 20:59:44 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\System
    [2012/05/13 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\SystemRequirementsLab
    [2013/07/21 17:44:48 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\TrojanHunter
    [2013/01/21 23:23:39 | 000,000,000 | ---D | M] -- C:\Users\icenhour76\AppData\Roaming\uqmhd
    [2013/07/29 21:19:36 | 000,000,000 | -HSD | M] -- C:\Users\icenhour76\AppData\Roaming\wyUpdate AU

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 1205 bytes -> C:\ProgramData\TEMP:966F7784

    < End of report >
     
  20. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    OTL Extras logfile created on: 9/23/2013 8:22:29 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\icenhour76\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16686)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    16.00 Gb Total Physical Memory | 13.66 Gb Available Physical Memory | 85.39% Memory free
    32.00 Gb Paging File | 29.58 Gb Available in Paging File | 92.43% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 58.67 Gb Free Space | 6.30% Space Free | Partition Type: NTFS
    Drive F: | 7.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive G: | 6.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive I: | 1397.26 Gb Total Space | 382.15 Gb Free Space | 27.35% Space Free | Partition Type: NTFS
    Drive K: | 3.72 Gb Total Space | 0.01 Gb Free Space | 0.16% Space Free | Partition Type: FAT32

    Computer Name: ICENHOUR76-PC | User Name: icenhour76 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-21-3248671020-3738731255-3598294349-1001\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06B7C32C-D52C-47E3-8901-2180DC6E7D12}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{0AEACD35-58F1-4A64-BEF6-009E0C5F00D7}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{107B811E-B553-4FCA-9536-B478010CDCA7}" = rport=138 | protocol=17 | dir=out | app=system |
    "{1DCB3DC0-1B00-4291-A690-4C3A2CA3997A}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{2A111800-0A03-4184-8870-5E18C501CCDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2B3179C0-4536-4731-8B87-D74B010D26DD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{313B4A44-B277-42E3-B957-642BDEF1935A}" = lport=138 | protocol=17 | dir=in | app=system |
    "{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
    "{3AEC513F-B412-40F0-B657-FC725167FBD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{43ED1498-F915-4FB8-8ACF-5084F581D180}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{45E40DFE-8F8F-4DAD-8C05-5E609E15992A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{48143C81-A318-4F86-A4B8-9A6773DF8E45}" = rport=139 | protocol=6 | dir=out | app=system |
    "{4BA8D8FE-6809-4D27-AC0B-1BC5E50FCB2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{502F2583-579F-48BE-9BF5-ABF8136BA5DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{51F66EA3-9EE3-4325-BA7E-82C8FE757DFA}" = rport=137 | protocol=17 | dir=out | app=system |
    "{563DFF56-554F-40B6-B352-7A0F3237F793}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5A92A193-5AD3-4463-8D22-882FBA0AF673}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{604D2B5D-DCE5-4102-9F62-6FAC8C0F7A32}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{6C49B30F-5EAE-4437-9D01-DF85A1B0B97C}" = lport=445 | protocol=6 | dir=in | app=system |
    "{703C4D4D-E540-4351-BEC0-2D765F3957F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{740197B5-9B91-43DC-9448-5F2FAA99E4ED}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
    "{749E4E68-5A9D-4310-B9DB-2C57114EA704}" = rport=139 | protocol=6 | dir=out | app=system |
    "{7AB8A74F-8F07-419F-ACFC-4498ED2E68B8}" = lport=138 | protocol=17 | dir=in | app=system |
    "{8193A909-AA2C-4855-AB2B-590095767258}" = lport=139 | protocol=6 | dir=in | app=system |
    "{8C1C3703-E06E-47A6-9E46-5E64680CA835}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{8C6DD438-7D20-471A-B7F7-F772EBC1BF19}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8D495CD9-8999-47E1-9FD4-E3827DC44934}" = lport=445 | protocol=6 | dir=in | app=system |
    "{8D58B427-80EB-4183-BF5D-4CDA1F08ED5A}" = rport=445 | protocol=6 | dir=out | app=system |
    "{8E72AF3B-ED91-467D-A7C7-4F39BFE195C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{8EE53228-67B7-4914-B14B-3A8E2EDDE914}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{91B46EBF-2E80-47F7-8B62-70DE1D608599}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9237C630-3FBC-4AD5-B697-F317EE20F1B6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{951C7CD3-C294-4E0C-B241-67B0910E9EEE}" = lport=137 | protocol=17 | dir=in | app=system |
    "{99982C45-23E8-4D48-B59B-65083A051144}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9BC9E7EF-8A6A-4880-9589-8EB763E73178}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9D469965-0D3E-49FA-BC43-251DEB81EE88}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A1228081-AAC2-43C5-A1D3-1739F8D592D3}" = rport=138 | protocol=17 | dir=out | app=system |
    "{A85C8925-6F5D-4A82-9422-45EF52EC4172}" = rport=445 | protocol=6 | dir=out | app=system |
    "{B8A744A2-B4A6-46E1-84DE-5301D35FFB30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BB7C5997-775A-4C20-89FE-CD02CD6B3733}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{C331311B-2823-45E6-8185-B230BF69F466}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{C6A148FD-001F-4EE8-B088-C94A852C0BF8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C8A59E0E-8E2D-40C3-9065-A5B852D51944}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{C8D6F875-57A7-4CD2-9FDC-8D14AB1A35EE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{CC1DA146-DF12-4C5C-858F-B49B963EEF13}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{D3A2391B-F76A-4C93-AC4C-280E281C4E14}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{E1D85F95-A94D-4241-9D4E-529F491D7599}" = lport=137 | protocol=17 | dir=in | app=system |
    "{E4805790-1F71-485A-96F3-D22885F490D3}" = lport=139 | protocol=6 | dir=in | app=system |
    "{E492EA7E-7466-46DF-9826-AABE4C548194}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{E7D9CD4E-5B6C-4799-BAA5-19D8824CA721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E84B60CD-94A4-49A4-9956-F5A1C1DDEFC3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F999BC84-123D-41E5-9EAF-2B8213411581}" = lport=2869 | protocol=6 | dir=in | app=system |
     
  21. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00FA02BF-EE02-45FF-A299-3276F34714A7}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\swtor\retailclient\swtor.exe |
    "{020C6AEF-E69F-4302-BFBD-76E470D0F130}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zombie bowl-o-rama\zombie bowl-o-rama.exe |
    "{034B1F43-A1BC-4B47-935A-878B0E16E3FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto\wino\grand theft auto.exe |
    "{03891A16-B876-496C-8816-140E1C2B2833}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys the oath in felghana\ysf_win.exe |
    "{047C571D-F507-4DCD-A9B1-0A4258CF0976}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
    "{04A8DE90-B818-4301-84D9-6A16E764D51B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker clear sky\bin\xrengine.exe |
    "{05291697-C53C-4DD8-96E6-177589777AD5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
    "{05454E61-D6DB-4F50-8A9A-EB43D1821771}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{057A347A-08E3-4442-9949-2599FE7A60B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
    "{0592A218-AE06-4202-B728-A634E91FC069}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beyond_divinity\div.exe |
    "{0660E261-8BAE-4833-8D97-E1144B365C4F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gothic\system\gothic.exe |
    "{07797FB1-027F-4C7E-A63A-F6886A70E958}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\freedom force vs. the 3rd reich\ffvt3r.exe |
    "{085D353A-C071-4FD9-9882-FDCE60E20C94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe |
    "{0933BB59-0336-4CB6-9A95-7BF77C0CC19F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe |
    "{0941ED6B-ED6B-42C8-9CA7-021D5A24672B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space pirates and zombies\spazgame.exe |
    "{09E32587-6F52-4527-A82F-B5DCFB83BB6B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds ii castle defense\tw2cd.exe |
    "{0A405C0B-6896-4AC2-AAD7-04C7D690CCF9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\dungeon siege 2\dungeonsiege2.exe |
    "{0A8ECE8C-A7A5-437E-8B1C-6C141DDED542}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander\bin\supremecommander.exe |
    "{0AB6E948-1D6F-4DBB-9F50-0844975B9666}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space siege\space siege\spacesiege.exe |
    "{0BE6F067-C5B4-420E-98EA-A130C9E7F378}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
    "{0C24C879-D701-4998-8884-44D9D5104F26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
    "{0DC1AADD-70A4-44AE-8934-ED285AC5A5FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
    "{0DE9DC88-64E6-479F-B767-31BE5757500D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\swtor\retailclient\swtor.exe |
    "{0DF98079-8BD4-436E-AA44-4755F8E96B56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
    "{0F8FADB3-9C52-4330-BE08-CD5E24A1A583}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\icenhour76\dark messiah might and magic single player\mm.exe |
    "{100DC9BE-A900-456D-812B-40CB71FEED92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe |
    "{111347A6-E92C-4554-8CA8-0B3651E887FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\silverfall\gamesetup.exe |
    "{120FD58F-E2FC-4537-9902-706DC111EAFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\highborn\highborn.exe |
    "{12B93EA2-B558-40F7-A9B2-D74DC9F21A75}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout tactics\ft tools.exe |
    "{13593518-F19E-4DD7-B72F-D900C1FDE50E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
    "{13B13476-3A9E-433D-B0D0-3631D3A0DE2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jasp.exe |
    "{141C9919-DC30-4FDD-BF00-0FB7E94A7A82}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 2\gta2.exe |
    "{1519F775-8E6B-4B10-88F8-9972B846EDD5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\overlord2.exe |
    "{153C4A12-08C6-4900-B7F4-E5F639C83A2A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
    "{15528728-B6E2-4FC8-90A9-49315EAD92E6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{161A3406-46F1-4ED2-B6C8-206FBD659F2C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{17CFE5BF-6B21-40EE-9914-1877F13C4163}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
    "{183C6A85-B2A6-4A1B-B7DB-0CC5664CDEC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arcania fall of setarrif\arcania addon.exe |
    "{18CEC3A9-1F34-450F-8765-A96BCDB3256B}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
    "{18E19864-E803-43F0-AB8C-8B3082157B96}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ghost master\ghost.exe |
    "{18F5A9E8-C930-4D93-906E-BDBAB9B5657B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
    "{18FFCCC0-5A38-4744-A057-7480075CDA19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
    "{19C6A598-69D9-4018-B103-1BF47BB89D85}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\overlord2.exe |
    "{19D5BBAC-B9A9-46DA-B8D7-312FD5240B89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\evil genius\evilgeniuslauncher.exe |
    "{1A7ADCDA-268D-42B6-88EA-D1858314BCFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\tfd\terror from the deep_patched.exe |
    "{1AFCC961-810D-4A78-8239-C36BE459A0CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
    "{1CBD326D-598C-4A75-B422-B5892517B3C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
    "{1CD06B25-998E-4E42-84F9-19603DC52852}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe |
    "{1D3555BE-8646-41D7-A969-71AF25751409}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\dosbox.exe |
    "{207CABDE-45D6-46BB-9132-84AD0CADB826}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
    "{2146A45A-73D0-4946-8C0E-3252F708DD84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe |
    "{21AE3EDE-A94F-44AF-8F4E-08E0C05199F8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{22A307B5-03DC-431B-99AF-F6B35B618796}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\confrontation\confrontation.exe |
    "{23606062-EA5F-4003-855F-116BDFCAA00E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aztaka\setup.exe |
    "{238DF5FC-4632-40F5-A354-99BF499B964B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divine_divinity\configtool.exe |
    "{24310495-F783-411F-A084-73198978FBE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{24D90667-E6F3-42EB-8F80-5889D53924A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\augmentededitioncontent\launch.bat |
    "{2513B1B0-7AD1-4734-857B-F3A93BED2C07}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys origin\config.exe |
    "{2575CC36-26DD-4DC0-B923-199A843A5656}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vigil blood bitterness\vigil blood bitterness.exe |
    "{27849435-6F12-4C53-AAF2-55B0B8755174}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
    "{279099E3-6295-4DA4-ACF4-F5A6EEE339B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{27E43D2B-7131-4BA3-88B1-DB7FD4A0810C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{29521A0F-2F09-4ECB-8BB6-965F7FE5450D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solar 2\solar2.exe |
    "{296A634C-966F-4949-919D-278EF9B269F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spaceempiresv\se5\se5.exe |
    "{2976F4EA-72FE-4AF3-8F61-143FBE590CA4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe |
    "{29A93D95-C7B3-4257-B8C8-41FA8A80286B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space pirates and zombies\spazgame.exe |
    "{29B90567-60AE-44D8-AC7A-F3C1A80DC6F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
    "{2A526F3A-FE84-4D99-A635-34647C9F1D2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arcania fall of setarrif\arcania addon.exe |
    "{2AAA26DD-0A80-429B-A1F0-D188712B7E4D}" = protocol=6 | dir=out | app=system |
    "{2B6CF319-742E-4A06-929E-D2857AD9E8BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe |
    "{2BCC1784-4F45-4C47-BEF5-EDFE2D63464C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe |
    "{2D244BD1-3B06-4BA9-8B33-309F5035BDAA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rusty hearts\clientlauncher.exe |
    "{2EC91A84-D709-4B58-83D4-4558A361D819}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\time gentlemen, please!\winsetup.exe |
    "{2F9EDFE2-0467-48AF-A712-7EC53A22AB54}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\geminiwars\gw.exe |
    "{2FC0DF87-AB08-48B2-9E71-0F9ECAE035C7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\time gentlemen, please!\winsetup.exe |
    "{3126E95A-936D-451C-A269-95C73EDF6B9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe |
    "{315600B5-0698-4FA9-B6C6-0CDBEFB7C6A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\freedom force\fforce.exe |
    "{32A81586-3C4E-4293-9E66-78FC727E15FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{33CE04C0-ACFB-4D33-B12E-44AEF3D691B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divine_divinity\div.exe |
    "{3453A936-1DE4-4848-95BA-CAAB76F53341}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander forged alliance\bin\supremecommander.exe |
    "{34CA2B66-D224-49C6-861F-6B323CB78119}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{34DD1253-D50C-42CF-8C2D-029AF311293D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\dungeon siege 2\dungeonsiege2.exe |
    "{35BC7147-EBD7-488A-B37E-C0A182518ED5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
    "{35D5EC1B-940E-40C7-8CEC-983F49B2EC80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tower wars\tw.exe |
    "{35FE3911-5096-49BB-A88D-03AD31B2400E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rocksmith\rocksmith.exe |
    "{3735A5FF-EBE0-4C26-BBC1-71E0A54DF4E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cubemen\cubemen.exe |
    "{37EA371C-F862-45FA-BBCB-A76C8CEF0A4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe |
    "{38813752-C7ED-47EC-A6BE-D93537F728D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
    "{39CD4CB1-50E2-405A-A8DA-85B5E40F083A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beyond_divinity\div.exe |
    "{3AE98104-C687-4668-831C-5E10364273FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arcania gothic 4\arcania.exe |
    "{3BF2E464-7049-484C-A69E-2754A28140A0}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{3C020791-F194-4EFB-AED5-DDADCD7A105F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bully scholarship edition\bully.exe |
    "{3D073CDE-AEAD-4BD6-B4B5-C3A5FDBC935C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\xcom\ufo defense_patched.exe |
    "{3D1591DE-51E8-482E-8FC3-1634C7B43831}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
    "{3DAA0B2C-2395-4D15-9CBC-E1B2893D806E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
    "{3DB80484-B371-4467-A61D-4F18C7E3871A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
    "{3E01C00D-065A-43D3-A58F-1C57F21B16BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darwinia\darwinia.exe |
    "{3E96957F-5DEA-4579-BD00-2D2AF5F52394}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom enforcer\system\xcom.exe |
    "{3F3A5258-54EA-4B79-A61B-994EA1F80D47}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "{3F79F271-275D-453E-8922-DE0D8C79C079}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the second encounter\bin\seriouseditor.exe |
    "{40AA18C8-3441-4B59-AE38-F8A3165A774A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
    "{40C51CF4-BBFD-4147-81BF-D77A0B853E6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
    "{4149C4A6-97EF-4C80-913E-4FDD7F93EBF6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
    "{4173B5EB-D871-4C94-91D0-ACD4418A6BD2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
    "{41907C79-BA6E-44A7-AA43-13927D9E788F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alpha prime\alphaprime.exe |
    "{4192BF95-ACDC-42F0-ABB7-53255F4EA136}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
    "{427FA622-E002-4E38-B57E-92B5548EF6E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gothic 3\gothic3.exe |
    "{428EBD5E-D756-49AC-BB71-ED924B55A9DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi outcast\gamedata\jk2mp.exe |
    "{42C2AFCE-D36D-45D7-AABD-0562D228E6CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
    "{4302B2F8-089F-412F-8A58-8472AAA3AAFB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\nmservice.exe |
    "{430912E8-37FB-4CBA-A548-C72116B1E5CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spaceforce rogue universe\system\start.exe |
    "{43499584-2EC0-4566-947E-97619E232ECB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\evil genius\evilgeniuslauncher.exe |
    "{44E19D28-EB6B-4BDB-A9A6-675B9BB97DB1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
    "{4527B813-5DAD-45A4-97A4-3836132AB881}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beyond_divinity\configtool.exe |
    "{453253D9-BD4E-4DC4-BEEF-5AFDC3902896}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
    "{45D701BC-48B6-4009-9D7D-6D82E718E961}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
    "{45E5850B-ADE9-47B5-997A-0A0484110CF5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{46102527-7676-4BAC-9BDF-FD812D0DADCB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zenoclash\zenoclash.exe |
    "{46270392-169F-4BC9-A6C0-D4730B391BD2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\sam2.exe |
    "{4691FB38-7CF1-4A14-8CEF-E5063D8D1307}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
    "{478216BB-B7C6-417C-BD87-9C4AAD3E99C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds - epic edition\twoworlds_radeon.exe |
    "{48454100-CEE7-4F5B-8D4B-98D0012AE97F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jasp.exe |
    "{4846255E-2541-4B33-BDFF-F25744EC464C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 2\fallout2.exe |
    "{4997086C-174F-415D-897B-DF69CE7E67D1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{49AD4FE5-E495-4266-B3EF-40FFB6736291}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4A33CAA6-264D-4881-B9DB-4A3EDD62912F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys origin\yso_win.exe |
    "{4A956E57-47AB-49CF-A288-E599513EC115}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\earth defense force insect armageddon\edf-ia.exe |
    "{4B533A90-24A4-44BF-ACF2-A360576A8B39}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe |
    "{4B55A0F5-B901-4763-8DC3-511EE9644641}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
    "{4B7D1716-9F4E-4A3D-A54B-A2AA7066489D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallen earth f2p\feupdater.exe |
    "{4BFF6B79-8727-4EEE-B44F-232B0ED6F81A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\evoland\evoland.exe |
    "{4D59912F-D64D-4266-8B58-FB7C17C5C5E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aztaka\aztaka.exe |
    "{4E958E78-3BF5-41BA-B27E-2F7F2927A3F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 3\gta3.exe |
    "{4E9EFA67-B205-44CB-A12A-483581B53F06}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
    "{4FE99869-C2A2-4C83-AEA8-7A08ED780426}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
    "{504F4A6F-8606-420D-97A4-993F0BE36D10}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{51BDB620-9B9E-485E-84FA-93701B922B2B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe |
    "{51EB0FD8-AE91-4A36-8A1F-854190531FE4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legendary\binaries\legendary.exe |
    "{524184EE-26CD-4AD7-9E6A-F64C57928CCE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys I\ys1plus.exe |
    "{5260BFDC-33FF-4DD1-A3CA-6DD1226708CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{527106F6-61E8-4363-966A-8EB21F2DBF12}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{539912BB-BDA9-4650-B868-B8CC635807FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darwinia\darwinia.exe |
    "{54737929-037B-473A-84DE-06989981B8DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
    "{549B8C6C-9F0F-4B10-AE5A-9D366C2F8DEC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
    "{54DB7433-2FD9-4287-BFC9-CE41748652C1}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{5576E563-2D43-4BF9-AF64-579F1F8E8DE8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe |
    "{57366D6A-D119-4F62-821E-5A99717341B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\confrontation\confrontation.exe |
    "{5793555C-9DC9-4411-925B-1E4655BD0CEF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spaceforce rogue universe\system\start.exe |
    "{5794C406-9780-4220-8430-F9B576A25D13}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller overdose\bin\overdose.exe |
    "{58607B47-1937-45CA-8340-B095D15AF223}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
    "{59A71AC2-40F8-4A43-BE10-325CAF61C20D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\silverfall\register\register.htm |
    "{5A68C0A6-44FD-4F39-ABFD-4D9BCCC17786}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defendersquest\defendersquest.exe |
    "{5AEE1A83-5F19-4FA3-9435-CCFD665ED59B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dfo\nxsteam.exe |
    "{5BCEF89A-709D-40CA-BF73-3A4E13105EFB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{5C53CD6D-655D-4A5C-9418-20AEED156244}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds ii\twoworlds2.exe |
    "{5D442331-B2D7-4285-B594-8F9E8F965A86}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\swtor\retailclient\swtor.exe |
    "{5DA76E80-5377-4EEF-A395-31FBB08E0231}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout\falloutw.exe |
    "{5EA3E5E6-2786-46AD-8169-6FDA0B26BA83}" = dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\devicesetup.exe |
    "{5EBDFB0A-0C16-4A49-A213-E9EC91CB7D3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prey\prey.exe |
    "{606DA591-CD01-4623-9CD8-38220B40A845}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys the oath in felghana\ysf_win_dx9.exe |
    "{60E5E292-618A-4258-9A4F-2490D83DC60F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\universe sandbox\universe sandbox.exe |
    "{611FE5A9-4707-48A9-84FE-6E24A773A319}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
    "{6139F920-28CF-42C2-88F3-A92660C1E375}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{61484F92-83DC-41AD-B19A-1B5BA1718869}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys the oath in felghana\ysf_win.exe |
    "{618E466A-6230-4891-B008-B950BB93A01E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's pirates!\pirates!.exe |
    "{6247B42C-22E4-472A-8915-F90ECF1FC547}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
    "{6326971D-1BE9-4B20-874D-9298CF5AEAE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe |
    "{632E230B-C95D-40EC-A84C-D6A66AF5B6B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\runme.exe |
    "{63722777-5A39-4A7A-9DC0-700C7D803868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{647F6E53-3C56-4E54-BCCC-F8C8E952EC5A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe |
    "{65E8C842-E024-4EFC-9047-E6F9881526F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{66EC593A-8911-47F8-AA0A-E1035FC783B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6750C51E-3F9A-4438-9088-7CE268F1128E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half minute hero\hmh.exe |
    "{67DC8BEB-9A3B-49BA-B66E-B7CDBECC0E2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys ii\ys2plus.exe |
    "{68D8CB99-BEE7-4ECB-A28A-606B1B698630}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics\grotesquetactics.exe |
    "{690786FA-27AB-4C5B-AA1B-92772E9218DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\seriousmodeler.exe |
    "{6AA01FA4-91BE-467B-A4E8-35D961119CA8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
    "{6B164087-F9B5-4549-B892-DC0E0680CC91}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
    "{6D11A7C6-1841-433A-A334-B32E303FDD1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe |
    "{6D22D2FF-E56E-433F-9148-C488FBD13761}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aztaka\setup.exe |
    "{6E1D600F-6899-4EB2-B2DC-A0E41D145EA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cubemen\cubemen.exe |
    "{6ED272B4-598B-408C-9639-60BAC81E7235}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\multiwinia\multiwinia.exe |
    "{7054DBFC-DD13-4D4F-B40A-B9A1E4672318}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\dosbox.exe |
    "{71261D82-8117-4A57-9E7B-435A882932C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics\grotesquetactics.exe |
    "{719328DD-1D13-4A37-AC32-2FFE32C6621A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
    "{7366F08B-1393-4394-810F-6D2BBB80CA59}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom enforcer\system\xcom.exe |
    "{7389CB92-5BB6-47FC-9B7B-2E7BE958DE2F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe |
    "{73C81354-B7EF-42E2-B6CD-7B9053DC8842}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |
    "{7470FEB8-D0BE-4858-8645-B28DB08E8B4A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\earth defense force insect armageddon\edf-ia.exe |
    "{74BB0B16-2B62-4F5A-B788-E9FA1AD076EA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\runme.exe |
    "{756D50EE-4C1F-4DB3-AF7A-75087D7B382E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
    "{75B3F0BA-7396-4431-9105-745655F67DC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\serioussam.exe |
    "{75D34B82-E9D0-415A-B0D1-52CCDC3F2997}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divinity2_dev_cut\autorun.exe |
    "{76128916-E236-4841-B8A8-5AF54B1F41AA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monaco\monaco.exe |
    "{766583D5-1695-4F3D-96BD-E39CD921CDE1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{76B95367-6D72-4312-BDED-C43BFDA5B5AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uplink\uplink.exe |
    "{7815ACD8-8403-4682-81FE-F0440A95B20F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys I\config.exe |
    "{7902E93B-4D42-488F-BFBB-292ED507EBA7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\icenhour76\dark messiah might and magic single player\mm.exe |
    "{7961DFF7-8B26-4FC9-8DBB-3E389A852F8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds ii\twoworlds2_dx10.exe |
    "{79AF1A69-DE97-424A-9DA9-3F56C6D618BF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{7AF96A63-5EB4-424C-8ADF-58C2A105AD8D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's pirates!\pirates!.exe |
    "{7CC46A96-7761-4B7A-955F-8C72EE48DDF2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
    "{7D0D761A-531A-4987-BC98-FAA1222B13F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys ii\config.exe |
    "{7D57E13A-C6D2-444C-BEF1-0314ED495D8B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe |
    "{7D7A07FA-8A90-4B4C-AE5D-F8959A63BEB3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
    "{7DEA6041-2747-4131-90DC-6A76AB8D5BC3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divine_divinity\configtool.exe |
    "{7E634650-18D7-4174-8546-462777A76863}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\tfd\terror from the deep_patched.exe |
     
  22. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    "{7F0BCBE0-1315-4915-94B9-0043E166D72C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
    "{7FE325B2-5A66-4BA2-B976-5011D5EEFAF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
    "{80082ED3-2251-475D-9A5C-96400E2D8D05}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the second encounter\bin\seriousmodeler.exe |
    "{801DBE9D-8D98-4844-B72B-3BDA734AF2DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{809F1149-9326-464E-805A-271B63D12CE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
    "{82BC3902-3961-4916-9F14-D0B2FF872FA4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\silverfall\silverfall.exe |
    "{83AA877E-D624-42C2-9588-8DED4807A700}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beyond_divinity\configtool.exe |
    "{84E122E9-ACE3-4411-8366-2B8123736ECD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
    "{85711915-31E1-43E2-B039-D7CA2FF7E38F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spaceempiresv\se5\se5.exe |
    "{864B6359-1CD6-42F5-A093-EF9122810DEE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto\wino\grand theft auto.exe |
    "{867F4559-0F94-4C5F-805D-18B5C77CD238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{86B3BE7E-D6F1-4FE6-805C-646AB331FDA9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
    "{86CACB42-58FC-48EF-97A7-A304B1E40FAB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous space battles\gsb.exe |
    "{883E3387-DA4A-4D88-888B-C03BE6D4F766}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
    "{88AEBE77-0C12-47E2-A7E6-60D835CBFC8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys I\ys1plus.exe |
    "{8913ADC5-14CF-42D8-911C-C8A94EB093D7}" = dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\hpnetworkcommunicator.exe |
    "{893C1B5F-DD7E-49D3-A947-0ACBE9974E0B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
    "{8986E4BA-2D58-4CD4-BA2B-BF7A86760A65}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
    "{89EAB2DD-ABB2-46C7-BCEC-67FF20149FE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{8A6C96EB-C4A9-4CCF-970D-20AC9DA4434A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys origin\config.exe |
    "{8AC0CFE3-DBB8-4C41-A9C2-8AED57022D07}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\silverfall\mc_game_link.htm |
    "{8B5E5E7C-E6AC-4F01-BC03-63A2D794413A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
    "{8C364FF6-C22B-439D-B231-CEB5A954CEC0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi outcast\gamedata\jk2mp.exe |
    "{8C95757F-E731-4D0D-95EE-0A92C0E2F2CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the second encounter\bin\seriouseditor.exe |
    "{8C98888A-6440-4A12-8409-1CB24AB708DA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alpha prime\alphaprime.exe |
    "{8CC3246F-18DD-447C-A925-86AF3C811926}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prey\prey.exe |
    "{8CD016ED-DFB5-4250-B817-EF5E73E360F1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
    "{8DA61619-BA75-4B3A-B96D-723F59986CD8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
    "{8DEAC7E5-A9B3-4500-B9D7-03F317C120E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\evoland\evoland.exe |
    "{9008312E-D47C-4622-953C-BC7360F66EA8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen\bin\risen.exe |
    "{9067B55B-1FA3-4198-8F2A-6125AA0E994F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{90C579C6-6327-4F1E-993C-862F92E5298B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\to the moon\to the moon\to the moon.exe |
    "{9161035F-773C-4F56-8BD1-B83697F7209D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
    "{92C2EF7B-0877-4B5B-8D6D-FBCBD6ECC021}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe |
    "{9332F223-3A69-49DB-B966-3E1D94C846F1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom apocalypse\dosbox.exe |
    "{934496F8-EAE4-48E1-BB29-34E9B611AFC6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe |
    "{9364F592-3629-4D40-A05F-7E3C973A42FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divine_divinity\div.exe |
    "{936AEAD5-1FB4-46C5-9401-7F98DCD7D1A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
    "{939630C5-DDD0-4CEB-90AE-0DB917A30572}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker clear sky\bin\xrengine.exe |
    "{93AF9614-3A67-41B5-AE8C-496FCF8A083E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\freedom force vs. the 3rd reich\ffvt3r.exe |
    "{93B62557-9881-471A-829C-6EAFD25AABE2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{9445E835-6016-4016-8510-E2753CA9AE9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe |
    "{94A4ACBA-0552-42C5-9393-138EC18AB914}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\config.exe |
    "{94E6E9C2-E217-42C1-8929-E0D1D6A98545}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys the oath in felghana\ysf_win_dx9.exe |
    "{95076098-ACC2-4FCC-9140-343E243EE737}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
    "{9599BCFF-40EF-4558-BC95-BCE505511F85}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
    "{960ACCDF-2F88-4FB2-A1CF-2349FD1D3339}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "{96487B79-C2DC-4BB8-98AD-B08802A8F08F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable the lost chapters\fable.exe |
    "{96CE36EE-6E4D-46EB-AF7D-18836A058575}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9881C8A5-0077-4142-942A-93EF21A7E1AB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\armed and dangerous\gamedata\game.exe |
    "{98C40E8C-735B-4509-8ED0-3A4110A9A497}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
    "{99054100-2843-4455-9544-90D02D871428}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\time gentlemen, please!\tgp.exe |
    "{993DCA11-6D69-4866-902C-D406A1655667}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\vslauncher.exe |
    "{997A86C9-40C5-4D32-830C-38C9E63CBC31}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
    "{9A24A64B-DA2F-41D4-8255-A45355500572}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gothic 3\gothic3.exe |
    "{9A4433A4-2514-47AE-A99B-43182CE5F9BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds ii castle defense\tw2cd.exe |
    "{9A72F5AA-E727-4355-9745-5E9368D80B43}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defendersquest\defendersquest.exe |
    "{9AE07287-6E87-4D0F-8857-5D130E621E2B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
    "{9C08D32E-B73A-4F1C-BC53-D29E9EA32F28}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vindictus\en-us\nmservice.exe |
    "{9C86E38E-41B1-4C16-83A4-B76A3C50056F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
    "{9D347029-5630-4545-855B-E6732E216E8D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
    "{9D351C07-DBAF-4DD5-A52F-AB348D6B0E8F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\divinity2_dev_cut\autorun.exe |
    "{9E852F4A-E73D-4894-B13B-D7679BAC8E87}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys origin\yso_win.exe |
    "{9EDEB5BC-7AF7-4A6E-83A9-07DAE8AA69B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe |
    "{9F171E44-5063-4A4E-8A1A-99C3CAAEDA7F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
    "{9F4BB68E-3031-4A12-AB5D-3D40D5AD6BF7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\seriousmodeler.exe |
    "{9F9A8712-099C-4760-8418-81D35B5718C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
    "{9FC65B5A-2910-4611-8B59-EC380FB51FEE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller resurrection\bin\resurrection.exe |
    "{9FCA1665-657B-43C6-B149-CB88F02B3CEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rocksmith\rocksmith.exe |
    "{9FF2B6F8-75DB-4A52-A9DE-CAC4B061F2C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
    "{9FFCAAB8-C846-4519-9998-D9289F06B72B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zombie driver\release\zombiedriver.exe |
    "{A0564507-9D09-4F3B-B467-41E0621BDD13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
    "{A1330284-4929-4F41-9C58-2C46206FE580}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
    "{A277DDF2-D786-43C4-AD61-6A351C20D4D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
    "{A29F453B-B894-4BF5-A071-FD746AC28A57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
    "{A2B39AE3-0C9E-4DF9-B125-D0C0914DFBB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
    "{A2B750FC-61F6-4B19-87C9-D45B65E264A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launch.bat |
    "{A312030E-CEE6-47A0-9394-D5AAD8B44F56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous space battles\gsb.exe |
    "{A3263725-9548-4DA1-B0D4-338428F7702A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi academy\gamedata\jamp.exe |
    "{A45F90BA-72A3-4E19-9F31-07001C425A9C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vigil blood bitterness\vigil blood bitterness.exe |
    "{A5D6D020-1FA2-4082-A89D-0E9CCB9B35EE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{A64A3A94-CBA0-4012-B275-2F8470D59687}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A6768D04-9888-4632-8C32-D4239475D70E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout tactics\ft tools.exe |
    "{A8F9A66D-29CC-4CA5-A693-87E6A3D3D591}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\universe sandbox\universe sandbox.exe |
    "{A91E7D21-7C6B-468E-A182-05290C01E805}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wanderlust rebirth\wanderlust.exe |
    "{A9291C07-A481-41D8-9B4D-9E71A989CE46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe |
    "{A9375110-7826-45C3-905C-80C89AEE8566}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\time gentlemen, please!\tgp.exe |
    "{A955DC5C-BA02-49E8-B2A5-DAB9A7CAEFFE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\godmode\bin\godmode.exe |
    "{A972CCA8-053E-4FAD-8EDF-866F6FAFC153}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
    "{AB0CA3ED-25D1-4135-AEBD-A2BF27E26863}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legendary\binaries\legendary.exe |
    "{AB774198-72BB-4801-89DC-959A90B39B42}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds ii\twoworlds2_dx10.exe |
    "{ABEF6071-CC03-4FB8-900E-77D4ACD3E2E0}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "{ABF01636-2F0B-4E94-A56E-7BA576A8633C}" = protocol=6 | dir=out | app=system |
    "{ABFE145F-2625-4FE0-A141-991C8A8A28DA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{ACD65055-6F14-4CF0-8764-91F6F26F4C89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the incredible adventures of van helsing\vanhelsing.exe |
    "{ADA7C8BD-5649-4F14-9954-C94977B88458}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
    "{AE76F8F5-C8CF-4822-94D3-C671E2EE48C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arcania gothic 4\arcania.exe |
    "{AE972006-4AC2-4E38-8799-17D602C46DF6}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
    "{AF4CA024-8B5A-4C37-90CC-60C5C6C6456A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dfo\nxsteam.exe |
    "{AF806BFB-3173-4AD6-A921-3BCC3F31CBAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the second encounter\bin\serioussam.exe |
    "{AFB79C91-DC0C-4C69-91DA-9438C8816D00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rusty hearts\clientlauncher.exe |
    "{AFC44621-C07C-4565-AF2E-2711F0C22ACE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\silverfall\register\register.htm |
    "{B201E931-2AF9-4CB9-873C-C0CF66DDD61E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe |
    "{B27FF543-EAF1-45B6-8986-A51A18550C6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{B2D980DE-511B-4F75-952C-E46330C4FF77}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
    "{B2FE295F-9485-4DAE-88AD-FD7173CFD7CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe |
    "{B379164D-58E8-45C0-B074-4560C16BD3E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 2\fallout2.exe |
    "{B58A5A33-DD8D-41DD-A383-B1FAB4AF9896}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars republic commando\gamedata\system\swrepubliccommando.exe |
    "{B5923E1E-A4DF-42C6-BC11-09CFEC3CB150}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online.exe |
    "{B5E490F9-193C-4D01-B5BC-0D316E4DB944}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom apocalypse\dosbox.exe |
    "{B7A5F45B-5450-4C52-A66D-A1CB070A7D47}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gothic 3 forsaken gods\gothic iii forsaken gods.exe |
    "{B8760049-0919-4FF7-BAD1-26CB4D6EB2FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launch.bat |
    "{B898C53B-71DE-4492-A9BD-BC2CE15796A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B8FA5DDF-04DA-426F-AF7B-3135FFFE1205}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
    "{B9064FD3-4992-4AD2-9980-0499430DE006}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\armed and dangerous\gamedata\game.exe |
    "{B9906F0F-76F0-4C3E-A6A7-364A591C5C3A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aztaka\aztaka.exe |
    "{B99F37C7-825E-4410-9B86-50E09C6145F1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe |
    "{BA199E21-D3AA-4B0A-AEF0-4399F2515EEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
    "{BAA70EA2-6C37-4B82-964C-398D058FC444}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller overdose\bin\overdose.exe |
    "{BB633C99-223B-4408-AEA7-64F96268128A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi outcast\gamedata\jk2sp.exe |
    "{BC794E62-2B7D-4983-846D-8C26F240354D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
    "{BCFB8C16-D7D8-477B-A611-5A946402EFFB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom interceptor\interceptor.exe |
    "{BD727344-D384-418A-9B7C-1E2DF3E301FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable the lost chapters\fable.exe |
    "{BE40D135-80F8-4B7C-8DE2-F4636B08ECB7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
    "{BE485679-B052-4CD3-8FF6-66D94542F8B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bully scholarship edition\bully.exe |
    "{BF03B6AD-5C82-4022-84DE-8AD13CBDB4E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe |
    "{BF1259A9-3B68-440D-AA05-53DF5B1CE4C4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{BF2F0FE7-559C-4A57-BFFC-87D550D065F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
    "{BF86E863-816D-4E2D-8D41-724871D966EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics 2\x86_installer\grotesquetactics.exe |
    "{BFAB0872-BDCD-4F6D-BA5D-6D9CD4AE9B85}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys the oath in felghana\config.exe |
    "{C040BC32-5231-4D01-A259-FFBFB00A326A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\silverfall\gamesetup.exe |
    "{C05059B6-12E3-4732-B058-6F51867A3F8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
    "{C070D1CE-E5BF-4B5B-97B9-3282FF3658A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
    "{C09D8E77-4D30-4E84-A93E-C2BCD8BE2B3F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander forged alliance\bin\supremecommander.exe |
    "{C0EB95A1-5E2A-41F0-8382-AEE2DF6442CE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{C150A3B6-9120-4961-82F3-8AAAD1AC7C27}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\godmode\bin\godmode.exe |
    "{C164701D-DA07-4A92-A534-F3A4B7632269}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\baldur's gate enhanced edition\bgee.exe |
    "{C1CA57F3-2A8C-4C31-B06D-061920B46334}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{C2009350-8797-4AE8-9F4B-D6BE9FFDB5A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds - epic edition\twoworlds_radeon.exe |
    "{C264D24C-F440-478A-BC16-E1ADA2C09510}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solar 2\solar2.exe |
    "{C3E70096-E649-465C-9AAA-9BE7E463C06E}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
    "{C42F0253-C0EC-4051-AEBB-2BCD4EAFAB76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the second encounter\bin\serioussam.exe |
    "{C45B325D-B5BC-4B21-95D4-2947040E47E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe |
    "{C4CD3FD3-FC82-448C-BECD-694DB7DA53AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 2\gta2.exe |
    "{C5A4FDB9-D1FB-4E2F-A986-1394E972411A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex invisible war\system\dx2.exe |
    "{C5D2D2EF-DDBA-4CFD-A6A3-4A74B6A3B231}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serioussamdoubled\ssgame.exe |
    "{C6235B54-CE8B-4857-8D91-8789AF9F7676}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord ii\config.exe |
    "{C6C2A126-BB5F-4BF1-A761-00DDFD7BDF23}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\xcom\ufo defense_patched.exe |
    "{C6C34036-A440-4C43-BCA5-75D754B89F13}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\swtor\retailclient\swtor.exe |
    "{C79ADA73-5879-42C2-91DF-AE4EF5D3A04B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C7BA308E-F175-4D3B-A010-74F30FE13FA1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\morrowind\morrowind launcher.exe |
    "{C83050D5-644B-41EA-91BB-9DA602944AD9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gothic 3 forsaken gods\gothic iii forsaken gods.exe |
    "{C8736737-EC17-4545-8044-E41BE75FB7BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
    "{C882B6DC-6987-44AA-9011-0C06B06225BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout tactics\bos.exe |
    "{C8A00469-003D-4FB7-920C-03A178D9BF6D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe |
    "{C9C9EE90-C0F3-4DA1-8BE9-82D82B0B9FAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\to the moon\to the moon\to the moon.exe |
    "{CA4FBA7B-F959-46B2-ACC2-2C6D06146C56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CA6D1AA3-EE0E-4D60-BB6C-63AB22439D4D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds - epic edition\twoworlds.exe |
    "{CB475E45-1917-4425-BC41-AC33634C29BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
    "{CB83CEF1-BCB9-4FBA-92C7-BC595339D2C2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{CDEA74DE-02A8-4645-BC32-9FD39A28A367}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zenoclash\zenoclash.exe |
    "{CDF0B90F-5E56-41DD-8A62-D0E8663EC58C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe |
    "{CE0A5794-FDEF-449D-82FA-9D47CAB4EC9A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys the oath in felghana\config.exe |
    "{D0B68F63-C214-4AAE-B2C2-600C0E03BC05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 2\bin\sam2.exe |
    "{D0E66F8E-9609-40FF-8F58-6E77C6C4C47D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\space siege\space siege\spacesiege.exe |
    "{D0F2F6B2-9E33-43F5-BA0B-3F5DB7652295}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
    "{D1DE844C-8E02-45D3-8CCB-4BD4144A1958}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds - epic edition\twoworlds.exe |
    "{D216E79E-D895-4D2C-A237-57EDA85E843B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
    "{D254B061-D167-46D8-8C7C-2E9B51D8D9B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe |
    "{D2DED79E-B205-4B00-8DA5-6EE27549EC7D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zombie driver\release\zombiedriver.exe |
    "{D2E8FBDF-6EE3-42D8-ADFF-4DDC66556259}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\augmentededitioncontent\launch.bat | "{D30518AC-9022-4F29-9BA5-E7A4A80FC22D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grotesque tactics 2\x86_installer\grotesquetactics.exe |
    "{D316C663-F341-4163-9777-46EFB2E81B10}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
    "{D3B39CD2-02BA-4383-9F4C-20454F265503}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller black edition\bin\painkiller.exe |
    "{D3C2EB64-B5F1-48F7-994A-FFCE75751DC6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\seriouseditor.exe |
    "{D4442302-B6D6-439C-A89F-DB0ED533BDA6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
    "{D56A2C8E-9A21-4B6D-A5A2-27517C588E71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\morrowind\morrowind launcher.exe |
    "{D57A9CD0-E855-4BD2-A38E-9E8859B63237}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 3\gta3.exe |
    "{D586A2BA-BBA5-4B17-97F0-9C175399AD56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
    "{D5F8795E-E774-4782-8D69-B9E828D7BA9D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\two worlds ii\twoworlds2.exe |
    "{D606BCF0-90F3-4E56-8869-4C6C0687392D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{D635FCE7-8D92-466F-94EC-9A1F972F9CE5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex invisible war\system\dx2.exe |
    "{D72A4B69-ECD8-41CC-BC56-E05A9269AEEC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\armada gold\armada2526.exe |
    "{D8125D66-06CE-44EF-A568-5009A30159F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe |
    "{D83806DD-967F-4BE9-A29F-116DBF0597F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys the oath in felghana\config_dx9.exe |
    "{D8D46E4F-5733-4CD5-896E-F61F9145335D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys ii\config.exe |
    "{D96B1ADD-E225-429D-9FCA-B1BAB0333EF5}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "{D96E735E-6D5D-45A0-B22B-366E0DAD6403}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys ii\ys2plus.exe |
    "{D99C911B-3A0D-4228-90C9-1826B92E7C17}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout tactics\bos.exe |
    "{DA140340-1C3F-42D5-8311-555EF9E43718}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe |
    "{DA14534C-40F5-45E5-9BCD-061A5196970B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tower wars\tw.exe |
    "{DAD2FA96-DC87-4A09-8439-72D113D04FFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{DB03E212-A2DB-4C31-83E1-61FD145426B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\highborn\highborn.exe |
    "{DB0C126C-B69F-4B19-A5FF-7B7BDF7A714E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
    "{DB840F80-9E31-40A8-8454-A911EB4DDDA3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\geminiwars\gw.exe |
    "{DB908748-627E-48CA-A0AB-24C2D71C8247}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jedi outcast\gamedata\jk2sp.exe |
    "{DC1C5C56-474A-47B7-BCCC-A217C8E1AB36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serioussamdoubled\ssgame.exe |
    "{DCE9D8E1-1726-40F5-94BB-579601CB11AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gothic ii\system\gothic2.exe |
    "{DEA86431-C106-4237-9CD5-6413B195F097}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe |
    "{E18EDB4F-6602-4AFD-884E-AD5949D4AACF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
    "{E197CB09-A1A8-4574-805A-1F1E0CF0174A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half minute hero\hmh.exe |
    "{E1AA3874-2DBA-4D36-8A1E-5705D05CBACD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller black edition\bin\painkiller.exe |
    "{E2BAD879-7FD0-452A-9620-CE99A850F3C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
    "{E2D46C56-052F-4F05-B286-EACEED8243B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{E32B91FE-4CAF-48CB-9900-D5280934AED5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys the oath in felghana\config_dx9.exe |
    "{E376D16E-AD6C-40AA-8CDA-60F5E72DC8D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the second encounter\bin\seriousmodeler.exe |
    "{E38AA7B9-1FB2-421B-B3C5-BE3B8006D953}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
    "{E3EC229F-682F-4A6A-B79E-1C7D34B93CE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
    "{E40B8C8D-E8BC-4D83-831B-D8B40718AEE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gothic ii\system\gothic2.exe |
    "{E4E1CB1D-E4DE-437E-9153-83419BDA5E09}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars republic commando\gamedata\system\swrepubliccommando.exe |
    "{E582B390-C1DB-4E33-9621-74399447C880}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen\bin\risen.exe |
    "{E6381494-3DFF-4D26-83E4-E1DD58F03A38}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
    "{E63CE703-2CAB-45FA-921B-894E929A6F8E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe |
    "{E6FEC36F-D950-481C-933F-801F26ED458D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zombie bowl-o-rama\zombie bowl-o-rama.exe |
    "{E95897BE-0783-423B-8BA6-2A80D16CD7E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E9AE8920-EEBE-4CCA-8D71-9783A5846F40}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\serioussam.exe |
    "{E9C2F399-1073-4DC3-ADA1-558BBAF4A51F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{E9E46DAB-41CC-4D97-8026-138C0907DD9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout\falloutw.exe |
    "{EAB1E9A0-E366-47BF-9F1D-D03929728ABD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\silverfall\silverfall.exe |
    "{EB3E4861-50C8-4265-8B50-0438572305D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
    "{EB42A81A-84C8-48AD-9A9A-8794E38A6284}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys I\config.exe |
    "{EE954DA4-FE67-4253-B43E-D53EC72279BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\baldur's gate enhanced edition\bgee.exe |
    "{EEA677F1-C048-45A7-BEA7-FEA8AC885BCC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{EECDAC22-96F0-4E74-A23C-88A08812B8CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe |
    "{F00826F9-8D37-458F-A8AC-5D2660298391}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{F05C1340-5100-42B2-908C-D22DA2C255DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monaco\monaco.exe |
    "{F071F379-FD37-4280-B9BB-7C9498078F32}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe |
    "{F10F74AA-0DF1-4194-B732-0B7ACB5FB7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F29BA3B2-036A-43A2-9662-388331360DE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller resurrection\bin\resurrection.exe |
    "{F2F207AB-69A1-42DA-8A93-4D009CAEFC28}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
    "{F3B37426-275E-40B4-8899-ED45E7EF765C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom interceptor\interceptor.exe |
    "{F4611910-A70D-4B74-9362-C84DF7B4B7FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{F54A078A-F626-4E46-9363-4216A22C52B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
    "{F6BB4A1F-EF07-4694-A94B-D1249C9D01DA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
    "{F729D466-C447-471E-A5F9-9953FD365FBD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\freedom force\fforce.exe |
    "{F7445034-3D80-47F5-AEB8-850C522FE697}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wanderlust rebirth\wanderlust.exe |
    "{F7EF2086-04D6-409D-BEFB-A5B106745149}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |
    "{F870DF9B-DED2-4B7F-8AD8-5AEF481C2510}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F8AA672D-3183-481C-933F-6952000CAE2F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander\bin\supremecommander.exe |
    "{F8F76D49-1050-404E-AB88-F7FB44EC5152}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\seriouseditor.exe |
    "{F936AA1A-019D-4E9D-B31F-4BB48EE6C739}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F93BD3E3-96D9-4845-A924-2F210FF16BEB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\silverfall\mc_game_link.htm |
    "{F984F28D-D7F3-4D2F-ABE7-72C675BB52D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
    "{F9C4A554-34AF-4E96-BCAC-84BDC04C9BAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe |
    "{F9E2DEB6-E7B4-4569-9579-48FCDA70C749}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{FAA74699-1D33-4078-9154-B54B08B39148}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
    "{FB5FA3AB-6FBA-4A9C-98EE-642A7F98B37B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gothic\system\gothic.exe |
    "{FCDFFD1B-FADD-4832-ACB6-95107C2E2D40}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\armada gold\armada2526.exe |
    "{FD357FC9-6B4E-48DF-A2B1-F3367409CBC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\knights of the old republic ii\swkotor2.exe |
    "{FDBB4350-2BB7-467A-B35C-BA2AC1D3B43D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online.exe |
    "{FF68C105-545B-4376-95E9-1CF2B4998DC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
    "{FF88D4E9-60EB-4E4B-B3F4-10A1EA701B74}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ghost master\ghost.exe |
    "{FFA7831B-B8CB-4C7A-9C2E-CCDD4FBAA5D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uplink\uplink.exe |
    "TCP Query User{03CA2781-45A4-4AC3-A75B-4345C7021E5F}C:\program files (x86)\gog.com\xiii\system\xiii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\xiii\system\xiii.exe |
    "TCP Query User{1D2491C9-CA49-41E3-8432-BE2CCFB938DD}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe |
    "TCP Query User{43D2BF5E-CDB1-4850-82A8-0977763FB6E1}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
    "TCP Query User{7BD32096-3BC8-4E32-9B12-10FEA18A1186}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
    "TCP Query User{A5DC87F4-9C1D-4A5A-8DA9-C8FCEF9E06CC}C:\program files (x86)\steam\steamapps\common\dfo\dfo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dfo\dfo.exe |
    "TCP Query User{B5890FAB-AE44-42DE-9C16-9559B369A7F4}C:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe |
    "TCP Query User{EF952AD9-CC29-4737-ADB0-2127BF2DA9EC}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "UDP Query User{47FFF789-75B7-4839-8C5B-182CE9627A0B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "UDP Query User{62AB32BA-C4EC-45E0-909A-1A1B2A14AF5A}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
    "UDP Query User{7B18B990-604B-4D20-A12A-9C1FA46C1FDC}C:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe |
    "UDP Query User{A0D80F5A-D95C-425F-97CF-039F4966C2F6}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe |
    "UDP Query User{A0F195D6-94DF-4147-B5B9-DC2552EC21AA}C:\program files (x86)\gog.com\xiii\system\xiii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\xiii\system\xiii.exe |
    "UDP Query User{E642FF52-F8A5-45D3-BB0B-D1C80FBCC6C9}C:\program files (x86)\steam\steamapps\common\dfo\dfo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dfo\dfo.exe |
    "UDP Query User{FF501A26-1EF6-4713-96BA-F72D55121FC2}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |
     
  23. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
    "{10C407FA-12AF-49C6-97EA-4E468204B813}" = AVG 2012
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6D41B4C4-FCD7-4F9B-99B9-A01F63F71F0F}" = Smart Technology Programming Software 7.0.2.7
    "{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
    "{7EC37923-61DD-4C31-A602-8A9F0C5CF2A1}" = HP Photosmart 6510 series Product Improvement Study
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8f376ce2-c213-4a6c-a329-0b2a7eb2bad8}.sdb" = GOG.com Planescape Torment
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A0BABADE-E154-4F08-97A1-2903CD110E88}" = COMODO Firewall
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DTV" = NVIDIA 3DTV Play Activation Utility
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 320.49
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.49
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.49
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6.1
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 320.49
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 8.3.14
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.24.2
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.5
    "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
    "{DD562794-C098-A1E5-66ED-10E8BD1C84C5}" = AMD Catalyst Install Manager
    "{DFE4E6BB-70F0-4292-B7EB-7A3AD48EBB5C}" = AVG 2012
    "{EB0D4D8B-A604-42D3-84D8-CCAFA75F753E}" = HP Photosmart 6510 series Basic Device Software
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "AVG" = AVG 2012
    "CCleaner" = CCleaner
    "ComicRack" = ComicRack v0.9.155
    "Defraggler" = Defraggler
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
    "NVIDIA Drivers" = NVIDIA Drivers
    "sp6" = Logitech SetPoint 6.32
    "Speccy" = Speccy
    "VLC media player" = VLC media player 2.0.7
    "WinRAR archiver" = WinRAR 4.20 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0B5A201C-A9D3-4596-AAE6-9FD71ED7A5FD}" = STP
    "{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.7
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{240E8FDB-BF8B-4bc3-963B-B28B7528BEBD}_is1" = Aiseesoft Total Media Converter Platinum 6.3.8
    "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
    "{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
    "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
    "{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.5.8
    "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
    "{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}" = Z Engine
    "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
    "{6BC7C82F-6360-4CC3-93A3-6C8C51A605E3}" = Path of Exile
    "{6D217AEE-2D67-4486-A73D-106C726BCDF1}_is1" = Leawo Video Accelerator Version: 4.1.0.1
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BB5E925-A3DD-48C2-9A82-017AF5982FFE}" = Facebook Messenger 2.1.4590.0
    "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{9243354A-3075-C91E-6E12-403D932B38E5}" = Catalyst Control Center InstallProxy
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}" = Dungeon Siege 2 Broken World
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
    "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
    "{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
    "{CEDE7338-C0F1-4A55-9173-5650EC82921F}" = GeekBuddy
    "{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
    "{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
    "{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}" = MechWarrior Online
    "{FC274982-5AAD-4C20-848D-4424A5043009}_is1" = WinUtilities 10.53 Professional Edition
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Actual Multiple Monitors_is1" = Actual Multiple Monitors 3.4.2
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AnVir Task Manager" = AnVir Task Manager
    "BitRaider Web Client" = BitRaider Web Client
    "Comodo Dragon" = Comodo Dragon
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DFO" = DFOLauncher
    "Diablo II" = Diablo II
    "Diablo III" = Diablo III
    "Digital Editions" = Adobe Digital Editions
    "DivX Setup" = DivX Setup
    "DungeonSiege2" = Dungeon Siege 2
    "EnhanceMP3" = Enhance/MP3 (remove only)
    "ESET Online Scanner" = ESET Online Scanner v3
    "FBReader for Windows" = FBReader for Windows
    "ffdshow_is1" = ffdshow v1.1.3800 [2011-03-28]
    "FileHippo.com" = FileHippo.com Update Checker
    "Glary Utilities 3" = Glary Utilities 3 (v3.6.0.125)
    "Glary Utilities_is1" = Glary Utilities 2.56.0.1822
    "GOGPACKBLADEOFDARKNESS_is1" = Blade of Darkness
    "GOGPACKPLANESCAPETORMENT_is1" = Planescape Torment
    "GOGPACKZAFEHOUSEDIARIES_is1" = Zafehouse Diaries
    "Google Chrome" = Google Chrome
    "Guild Wars 2" = Guild Wars 2
    "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
    "InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "Line 6 Uninstaller" = Line 6 Uninstaller
    "Magic DVD Copier_is1" = Magic DVD Copier V7.1.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
    "Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OnLive" = OnLive
    "OpenAL" = OpenAL
    "Opera 12.16.1860" = Opera 12.16
    "PS3 Media Server" = PS3 Media Server
    "Rainmeter" = Rainmeter
    "Realizer 1.1 for Winamp" = Realizer 1.1 for Winamp
    "RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    "Steam App 102600" = Orcs Must Die!
    "Steam App 10530" = Space Siege
    "Steam App 105600" = Terraria
    "Steam App 107100" = Bastion
    "Steam App 107200" = Space Pirates and Zombies
    "Steam App 111600" = Serious Sam Double D
    "Steam App 113020" = Monaco
    "Steam App 113420" = Fallen Earth
    "Steam App 11450" = Overlord
    "Steam App 12200" = Bully: Scholarship Edition
    "Steam App 12710" = Overlord: Raising Hell
    "Steam App 12810" = Overlord II
    "Steam App 12900" = Audiosurf
    "Steam App 1500" = Darwinia
    "Steam App 1510" = Uplink
    "Steam App 1520" = DEFCON
    "Steam App 1523" = DEFCON Beta Demo
    "Steam App 1530" = Multiwinia
    "Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
    "Steam App 1610" = Space Empires IV Deluxe
    "Steam App 16730" = Legendary
    "Steam App 1690" = Space Empires V
    "Steam App 17460" = Mass Effect
    "Steam App 18500" = Defense Grid: The Awakening
    "Steam App 1930" = Two Worlds: Epic Edition
    "Steam App 200210" = Realm of the Mad God
    "Steam App 200710" = Torchlight II
    "Steam App 200900" = Cave Story+
    "Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
    "Steam App 201480" = Serious Sam: The Random Encounter
    "Steam App 201790" = Orcs Must Die! 2
    "Steam App 204030" = Fable - The Lost Chapters
    "Steam App 204340" = Serious Sam 2
    "Steam App 20510" = S.T.A.L.K.E.R.: Clear Sky
    "Steam App 205190" = Rocksmith
    "Steam App 20570" = Warhammer® 40,000™: Dawn of War® II - Chaos Rising™
    "Steam App 206440" = To the Moon
    "Steam App 207170" = Legend of Grimrock
    "Steam App 207250" = Cubemen
    "Steam App 207320" = Ys: The Oath in Felghana
    "Steam App 207350" = Ys Origin
    "Steam App 208580" = Star Wars: Knights of the Old Republic II
    "Steam App 20900" = The Witcher: Enhanced Edition
    "Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
    "Steam App 20930" = The Witcher 2: Bonus Content
    "Steam App 209850" = Highborn
    "Steam App 2100" = Dark Messiah Might and Magic Single Player
    "Steam App 211420" = Dark Souls: Prepare to Die Edition
    "Steam App 211580" = Wanderlust: Rebirth
    "Steam App 212160" = Vindictus
    "Steam App 212220" = Dungeon Fighter Online
    "Steam App 212680" = FTL: Faster Than Light
    "Steam App 214170" = Divine Divinity
    "Steam App 214360" = Tower Wars
    "Steam App 214830" = Half Minute Hero: Super Mega Neo Climax Ultimate Boy
    "Steam App 215530" = The Incredible Adventures of Van Helsing
    "Steam App 216130" = Gemini Wars
    "Steam App 218230" = PlanetSide 2
    "Steam App 218410" = Defender's Quest: Valley of the Forgotten
    "Steam App 218680" = Scribblenauts Unlimited
    "Steam App 219150" = Hotline Miami
    "Steam App 219340" = The Banner Saga: Factions
    "Steam App 219740" = Don't Starve
    "Steam App 219760" = Beyond Divinity
    "Steam App 219780" = Divinity II: Developer's Cut
    "Steam App 22200" = Zeno Clash
    "Steam App 22300" = Fallout 3
    "Steam App 22320" = The Elder Scrolls III: Morrowind
    "Steam App 22330" = The Elder Scrolls IV: Oblivion
    "Steam App 22380" = Fallout: New Vegas
    "Steam App 223810" = Ys I
    "Steam App 223870" = Ys II
    "Steam App 226320" = Marvel Heroes
    "Steam App 227480" = God Mode
    "Steam App 228280" = Baldur's Gate: Enhanced Edition
    "Steam App 229970" = Armada 2526 Gold Edition
    "Steam App 233470" = Evoland
    "Steam App 23530" = Earth Defense Force: Insect Armageddon
    "Steam App 241600" = Rogue Legacy
    "Steam App 24980" = Mass Effect 2
    "Steam App 2570" = Vigil: Blood Bitterness
    "Steam App 2590" = Alpha Prime
    "Steam App 28050" = Deus Ex: Human Revolution
    "Steam App 28110" = Deus Ex Human Revolution Augmented Edition Bonus Content
    "Steam App 31410" = Zombie Driver
    "Steam App 32160" = Zombie Bowl-O-Rama
    "Steam App 3220" = SpaceForce: Rogue Universe
    "Steam App 32370" = Star Wars: Knights of the Old Republic
    "Steam App 3270" = Painkiller Overdose
    "Steam App 3590" = Plants vs. Zombies: Game of the Year
    "Steam App 36630" = Rusty Hearts
    "Steam App 37100" = Aztaka
    "Steam App 3720" = Evil Genius
    "Steam App 37400" = Time Gentlemen, Please!
    "Steam App 38400" = Fallout
    "Steam App 38410" = Fallout 2
    "Steam App 38420" = Fallout Tactics
    "Steam App 3920" = Sid Meier's Pirates!
    "Steam App 39500" = Gothic 3
    "Steam App 39510" = Gothic II: Gold Edition
    "Steam App 39530" = Painkiller: Black Edition
    "Steam App 39560" = Painkiller: Resurrection
    "Steam App 39690" = ArcaniA – Gothic 4
    "Steam App 3970" = Prey
    "Steam App 40300" = Risen
    "Steam App 40390" = Risen 2 - Dark Waters
    "Steam App 41000" = Serious Sam HD: The First Encounter
    "Steam App 41010" = Serious Sam HD: The Second Encounter
    "Steam App 41050" = Serious Sam Classic: The First Encounter
    "Steam App 41060" = Serious Sam Classic: The Second Encounter
    "Steam App 41070" = Serious Sam 3: BFE
    "Steam App 41500" = Torchlight
    "Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
    "Steam App 41800" = Gratuitous Space Battles
    "Steam App 42170" = Krater
    "Steam App 43110" = Metro 2033
    "Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
    "Steam App 4560" = Company of Heroes
    "Steam App 46450" = Grotesque Tactics: Evil Heroes
    "Steam App 46570" = Grotesque Tactics 2 - Dungeons and Donuts
    "Steam App 49520" = Borderlands 2
    "Steam App 55100" = Homefront
    "Steam App 55150" = Warhammer 40,000 Space Marine
    "Steam App 56400" = Warhammer® 40,000™: Dawn of War® II – Retribution™
    "Steam App 570" = Dota 2
    "Steam App 6000" = Star Wars Republic Commando
    "Steam App 6020" = Star Wars Jedi Knight: Jedi Academy
    "Steam App 6030" = Star Wars - Jedi Knight II: Jedi Outcast
    "Steam App 6060" = Star Wars - Battlefront II
    "Steam App 6090" = Armed and Dangerous
    "Steam App 6200" = Ghost Master
    "Steam App 65540" = Gothic
    "Steam App 65600" = Gothic 3 Forsaken Gods Enhanced Edition
    "Steam App 65610" = Arcania: Fall of Setarrif
    "Steam App 6910" = Deus Ex: Game of the Year Edition
    "Steam App 6920" = Deus Ex: Invisible War
    "Steam App 72200" = Universe Sandbox
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "Steam App 7520" = Two Worlds II
    "Steam App 7530" = Two Worlds II Castle Defense
    "Steam App 7650" = X-COM: Terror from the Deep
    "Steam App 7660" = X-COM: Apocalypse
    "Steam App 7730" = X-COM: Interceptor
    "Steam App 7760" = X-COM: UFO Defense
    "Steam App 7770" = X-COM: Enforcer
    "Steam App 8880" = Freedom Force
    "Steam App 8890" = Freedom Force vs. the 3rd Reich
    "Steam App 8930" = Sid Meier's Civilization V
    "Steam App 8980" = Borderlands
    "Steam App 9350" = Supreme Commander
    "Steam App 9420" = Supreme Commander: Forged Alliance
    "Steam App 97000" = Solar 2
    "Steam App 98200" = Frozen Synapse
    "Steam App 98800" = Dungeons of Dredmor
    "Steam App 99900" = Spiral Knights
    "The Secret World_is1" = The Secret World
    "Veetle TV" = Veetle TV
    "VirtualCloneDrive" = VirtualCloneDrive
    "Winamp" = Winamp
    "WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.9.2
    "XIII_is1" = XIII
    "Yahoo! Messenger" = Yahoo! Messenger
    "yBook2_is1" = yBook2

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3248671020-3738731255-3598294349-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online
    "Hawken" = Hawken

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3248671020-3738731255-3598294349-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/23/2013 6:31:11 PM | Computer Name = icenhour76-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/23/2013 6:33:43 PM | Computer Name = icenhour76-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\system32\L6DriverControlPanel.cpl".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 9/23/2013 6:36:21 PM | Computer Name = icenhour76-PC | Source = VSS | ID = 18
    Description =

    Error - 9/23/2013 6:36:21 PM | Computer Name = icenhour76-PC | Source = VSS | ID = 8193
    Description =

    Error - 9/23/2013 6:36:21 PM | Computer Name = icenhour76-PC | Source = System Restore | ID = 8193
    Description =

    Error - 9/23/2013 6:50:04 PM | Computer Name = icenhour76-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Users\icenhour76\Desktop\esetsmartinstaller_enu.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 9/23/2013 6:53:06 PM | Computer Name = icenhour76-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/23/2013 6:55:00 PM | Computer Name = icenhour76-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Users\icenhour76\Desktop\esetsmartinstaller_enu.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 9/23/2013 7:58:50 PM | Computer Name = icenhour76-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/23/2013 8:10:03 PM | Computer Name = icenhour76-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 9/23/2013 6:49:29 PM | Computer Name = icenhour76-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 9/23/2013 6:49:32 PM | Computer Name = icenhour76-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 9/23/2013 6:49:32 PM | Computer Name = icenhour76-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 9/23/2013 6:49:32 PM | Computer Name = icenhour76-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 9/23/2013 6:49:32 PM | Computer Name = icenhour76-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 9/23/2013 6:49:32 PM | Computer Name = icenhour76-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 9/23/2013 6:49:32 PM | Computer Name = icenhour76-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 9/23/2013 7:58:45 PM | Computer Name = icenhour76-PC | Source = DCOM | ID = 10016
    Description =

    Error - 9/23/2013 8:07:55 PM | Computer Name = icenhour76-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 8:04:00 PM on ?9/?23/?2013 was unexpected.

    Error - 9/23/2013 8:09:10 PM | Computer Name = icenhour76-PC | Source = DCOM | ID = 10016
    Description =


    < End of report >
     
  24. Broni

    Broni Malware Annihilator Posts: 47,075   +257

    OTL log is clean.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  25. Randy icenhour

    Randy icenhour TS Rookie Topic Starter Posts: 95

    The error is 7-zip sfx archive error
    error during execution ""c\users\ICENHO~1\appdata\local\temp\jrt\get.bat"" acess is denied
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.