1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

MBAM cannot install. Access is denied

By Elijah Catbagan · 54 replies
Feb 15, 2014
  1. Elijah Catbagan

    Elijah Catbagan TS Member Topic Starter Posts: 33

    system-log

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 8.0.7601.17514

    Java version: 1.6.0_32

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.294000 GHz
    Memory total: 17071808512, free: 13315313664

    Downloaded database version: v2014.02.15.01
    Downloaded database version: v2014.02.15.02
    Downloaded database version: v2014.02.15.03
    Downloaded database version: v2014.02.15.04
    Downloaded database version: v2014.02.15.05
    Downloaded database version: v2014.02.15.06
    Downloaded database version: v2014.02.15.07
    Downloaded database version: v2014.02.15.08
    Downloaded database version: v2014.02.15.09
    Downloaded database version: v2014.02.16.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    02/16/2014 12:24:30
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\DRIVERS\iusb3hcs.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\iaStorA.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\SysWOW64\speedfan.sys
    \SystemRoot\System32\Drivers\SmartDefragDriver.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\system32\DRIVERS\nvpciflt.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\system32\DRIVERS\iaStorF.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\System32\Drivers\aswSnx.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\Drivers\aswTdi.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\Drivers\aswrdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\System32\Drivers\SCDEmu.SYS
    \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\System32\Drivers\aswSP.SYS
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\system32\DRIVERS\iusb3xhc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\RtsPStor.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\DRIVERS\Netwsw00.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbfiltr.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\ETD.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\AMPPAL.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\drivers\nvvad64v.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\ew_jubusenum.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\iusb3hub.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\MBfilt64.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_iaStorA.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\system32\DRIVERS\iBtFltCoex.sys
    \SystemRoot\system32\DRIVERS\btmhsf.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\system32\DRIVERS\BthEnum.sys
    \SystemRoot\system32\DRIVERS\bthpan.sys
    \SystemRoot\system32\DRIVERS\bthmodem.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\drivers\btmaud.sys
    \SystemRoot\system32\DRIVERS\btmaux.sys
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\aswMonFlt.sys
    \SystemRoot\System32\Drivers\aswFsBlk.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\aksdf.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \??\C:\Windows\system32\drivers\hardlock.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Users\ElijahMC\AppData\Local\Temp\ALSysIO64.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\msvcrt.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\lpk.dll
    \Windows\System32\user32.dll
    \Windows\System32\msctf.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\sechost.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\wininet.dll
    \Windows\System32\psapi.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\devobj.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800db7b790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000082\
    Lower Device Object: 0xfffffa800d960480
    Lower Device Driver Name: \Driver\iaStorA\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800db7b790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800db7b2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800db7b790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800da92c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
    DevicePointer: 0xfffffa800d960480, DeviceName: \Device\00000082\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: ADB1D01C

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 511795200

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 512002048 Numsec = 953141248

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 750156374016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  2. Broni

    Broni Malware Annihilator Posts: 55,035   +448

    Go ahead with my previous reply.
     
  3. Elijah Catbagan

    Elijah Catbagan TS Member Topic Starter Posts: 33

    log

    ComboFix 14-02-14.01 - ElijahMC 02/16/2014 13:19:01.3.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16281.13005 [GMT 8:00]
    Running from: c:\users\ElijahMC\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-01-16 to 2014-02-16 )))))))))))))))))))))))))))))))
    .
    .
    2014-02-16 05:26 . 2014-02-16 05:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-02-16 04:24 . 2014-02-16 04:24 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-02-16 04:24 . 2014-02-16 04:24 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-02-16 03:40 . 2014-02-16 04:11 -------- d-----w- C:\FRST
    2014-02-16 03:06 . 2014-02-16 03:21 -------- d-----w- c:\program files\Unlocker
    2014-02-16 01:55 . 2014-02-16 01:55 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-02-15 10:47 . 2014-02-15 10:47 -------- d-----w- c:\program files (x86)\ERUNT
    2014-02-15 10:42 . 2014-02-15 10:42 -------- d-----w- c:\users\ElijahMC\AppData\Roaming\Malwarebytes
    2014-02-14 13:20 . 2014-02-15 10:43 -------- d-----w- c:\users\ElijahMC\AppData\Local\CrashDumps
    2014-02-14 03:21 . 2014-02-14 03:21 119000 ----a-w- c:\windows\system32\drivers\48230029.sys
    2014-02-13 19:47 . 2014-02-13 19:47 -------- d-----w- C:\UsbFix
    2014-02-13 10:55 . 2014-02-16 05:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-02-13 10:49 . 2014-02-15 11:15 -------- d-----w- C:\AdwCleaner
    2014-02-13 10:38 . 2014-02-13 10:38 -------- d-----w- c:\windows\ERUNT
    2014-02-13 06:45 . 2014-02-13 06:45 -------- d-----w- C:\SUPERDelete
    2014-02-13 06:31 . 2014-02-13 06:31 -------- d-----w- c:\users\ElijahMC\AppData\Roaming\SUPERAntiSpyware.com
    2014-02-13 06:30 . 2014-02-13 06:31 -------- d-----w- c:\program files\SUPERAntiSpyware
    2014-02-13 06:30 . 2014-02-13 06:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2014-02-13 05:36 . 2014-02-13 05:36 -------- d-----w- c:\users\ElijahMC\AppData\Local\28050
    2014-02-13 05:12 . 2014-02-15 21:18 -------- d-----w- c:\users\ElijahMC\AppData\Local\Adobe
    2014-02-10 15:00 . 2014-02-10 15:00 -------- d-----w- c:\programdata\ALM
    2014-02-10 02:13 . 2014-02-10 02:13 -------- d-----w- c:\users\ElijahMC\AppData\Roaming\Process Hacker 2
    2014-02-10 02:12 . 2014-02-10 18:42 -------- d-----w- c:\program files\Process Hacker 2
    2014-02-10 02:11 . 2014-02-13 18:58 -------- d-----w- c:\program files\CCleaner
    2014-02-08 13:13 . 2014-02-08 13:13 -------- d-----w- c:\programdata\Nexon
    2014-02-06 14:44 . 2014-02-06 14:44 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2014-02-05 14:05 . 2014-02-11 14:05 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2014-02-05 14:04 . 2014-02-11 14:04 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2014-02-05 14:03 . 2014-02-11 14:02 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2014-01-29 01:43 . 2014-01-29 05:23 -------- d-----w- c:\users\ElijahMC\AppData\Roaming\BatteryBar
    2014-01-29 01:43 . 2014-01-29 01:43 -------- d-----w- c:\program files\BatteryBar
    2014-01-23 17:19 . 2013-12-27 18:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
    2014-01-23 17:19 . 2013-12-27 18:42 33056 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
    2014-01-19 04:25 . 2014-01-19 04:25 -------- d-----w- c:\program files (x86)\HD Tune
    2014-01-17 19:05 . 2014-01-18 21:04 -------- d-----w- C:\Nexon
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-02-06 14:56 . 2014-01-09 16:09 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2014-02-06 14:55 . 2014-01-09 16:08 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2014-02-06 14:44 . 2014-01-09 15:58 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2014-02-05 14:58 . 2013-02-07 13:56 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-05 14:58 . 2013-02-07 13:56 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-01-21 02:53 . 2013-12-27 09:55 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2014-01-21 02:53 . 2013-12-27 09:55 1179576 ----a-w- c:\windows\system32\nvspcap64.dll
    2014-01-17 01:54 . 2014-01-17 01:54 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-01-09 15:58 . 2014-01-09 15:58 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2013-12-27 18:42 . 2013-12-27 09:49 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
    2013-12-19 20:33 . 2014-01-09 00:49 18310112 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2013-12-19 20:33 . 2014-01-09 00:49 15877216 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2013-12-19 20:33 . 2014-01-09 00:49 9657464 ----a-w- c:\windows\SysWow64\nvopencl.dll
    2013-12-19 20:33 . 2014-01-09 00:49 32544 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
    2013-12-19 20:33 . 2014-01-09 00:49 317472 ----a-w- c:\windows\system32\nvoglshim64.dll
    2013-12-19 20:33 . 2014-01-09 00:49 30372640 ----a-w- c:\windows\system32\nvoglv64.dll
    2013-12-19 20:33 . 2014-01-09 00:49 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
    2013-12-19 20:33 . 2014-01-09 00:49 22960416 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2013-12-19 20:33 . 2014-01-09 00:49 12645664 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2013-12-19 20:33 . 2014-01-09 00:49 11554264 ----a-w- c:\windows\system32\nvopencl.dll
    2013-12-19 20:33 . 2014-01-09 00:49 9700224 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2013-12-19 20:33 . 2014-01-09 00:49 882464 ----a-w- c:\windows\system32\NvIFR64.dll
    2013-12-19 20:33 . 2014-01-09 00:49 879392 ----a-w- c:\windows\system32\NvFBC64.dll
    2013-12-19 20:33 . 2014-01-09 00:49 852768 ----a-w- c:\windows\SysWow64\NvIFR.dll
    2013-12-19 20:33 . 2014-01-09 00:49 847648 ----a-w- c:\windows\SysWow64\NvFBC.dll
    2013-12-19 20:33 . 2014-01-09 00:49 479520 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
    2013-12-19 20:33 . 2014-01-09 00:49 405280 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
    2013-12-19 20:33 . 2014-01-09 00:49 357152 ----a-w- c:\windows\system32\NvIFROpenGL.dll
    2013-12-19 20:33 . 2014-01-09 00:49 314656 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
    2013-12-19 20:33 . 2014-01-09 00:49 3132704 ----a-w- c:\windows\system32\nvcuvid.dll
    2013-12-19 20:33 . 2014-01-09 00:49 3125024 ----a-w- c:\windows\system32\nvcuvenc.dll
    2013-12-19 20:33 . 2014-01-09 00:49 2947872 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2013-12-19 20:33 . 2014-01-09 00:49 2747680 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2013-12-19 20:33 . 2014-01-09 00:49 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll
    2013-12-19 20:33 . 2014-01-09 00:49 18222008 ----a-w- c:\windows\system32\nvd3dumx.dll
    2013-12-19 20:33 . 2014-01-09 00:49 15230352 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2013-12-19 20:33 . 2014-01-09 00:49 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll
    2013-12-19 20:33 . 2014-01-09 00:49 11605752 ----a-w- c:\windows\system32\nvcuda.dll
    2013-12-19 20:33 . 2014-01-09 00:49 25257248 ----a-w- c:\windows\system32\nvcompiler.dll
    2013-12-19 20:33 . 2014-01-09 00:49 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2013-12-19 20:33 . 2013-12-27 09:49 1242400 ----a-w- c:\windows\SysWow64\nvumdshim.dll
    2013-12-19 20:33 . 2013-12-27 09:49 2698272 ----a-w- c:\windows\SysWow64\nvapi.dll
    2013-12-19 20:33 . 2013-02-02 10:26 168616 ----a-w- c:\windows\system32\nvinitx.dll
    2013-12-19 20:33 . 2013-02-02 10:26 1436528 ----a-w- c:\windows\system32\nvumdshimx.dll
    2013-12-19 20:33 . 2013-02-02 10:26 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
    2013-12-19 20:33 . 2013-02-02 10:25 3071656 ----a-w- c:\windows\system32\nvapi64.dll
    2013-12-19 18:53 . 2013-02-02 10:26 6671648 ----a-w- c:\windows\system32\nvcpl.dll
    2013-12-19 18:53 . 2013-02-02 10:26 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
    2013-12-19 18:53 . 2013-02-02 10:26 922912 ----a-w- c:\windows\system32\nvvsvc.exe
    2013-12-19 18:53 . 2013-02-02 10:26 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll
    2013-12-19 18:53 . 2013-02-02 10:26 63776 ----a-w- c:\windows\system32\nvshext.dll
    2013-12-19 18:53 . 2013-02-02 10:26 386336 ----a-w- c:\windows\system32\nvmctray.dll
    2013-12-19 18:53 . 2013-02-02 10:26 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
    2013-12-19 18:53 . 2013-02-02 10:26 1065248 ----a-w- c:\windows\system32\nv3dappshext.dll
    2013-12-19 05:01 . 2013-02-02 10:26 3539040 ----a-w- c:\windows\system32\nvcoproc.bin
    2013-12-01 09:38 . 2013-12-01 09:38 98304 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
    2013-12-01 09:38 . 2013-12-01 09:38 87040 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
    2013-12-01 09:38 . 2013-12-01 09:38 72192 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
    2013-12-01 09:38 . 2013-12-01 09:38 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
    2013-12-01 09:38 . 2013-12-01 09:38 223744 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
    2013-12-01 09:38 . 2013-12-01 09:38 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
    2013-12-01 09:38 . 2013-12-01 09:38 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
    2013-12-01 09:38 . 2013-12-01 09:38 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
    2013-12-01 09:38 . 2013-12-01 09:38 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
    2013-12-01 09:38 . 2013-12-01 09:38 421888 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
    2013-12-01 09:38 . 2013-12-01 09:38 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
    2013-12-01 09:38 . 2013-12-01 09:38 223232 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
    2013-12-01 09:38 . 2013-12-01 09:38 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
    2013-12-01 09:38 . 2013-12-01 09:38 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
    2013-03-05 03:27 . 2013-03-05 03:07 4126720 ----a-w- c:\program files (x86)\GUTA2B5.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2013-04-01 1500440]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\users\ElijahMC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\users\ElijahMC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\users\ElijahMC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "GarenaPlus"="d:\applications\GarenaLoLPH\GameData\GarenaMessenger.exe" [2014-02-06 9890608]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 6595928]
    "Akamai NetSession Interface"="c:\users\ElijahMC\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
    "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-04 1081224]
    "ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2013-04-11 89600]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-06 6563608]
    "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-01-21 6087448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-12-09 336992]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-04 1081224]
    .
    c:\users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\ElijahMC\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
    ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-2-10 36024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoAutorun"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
    @="FSFilter System Recovery"
    .
    R0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;c:\program files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe;c:\program files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe [x]
    R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
    R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
    R3 cpuz136;cpuz136;c:\users\ElijahMC\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\ElijahMC\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
    R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
    R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
    R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
    R3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\DRIVERS\MSILiveVirtualCamera.sys;c:\windows\SYSNATIVE\DRIVERS\MSILiveVirtualCamera.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R4 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys;c:\windows\SYSNATIVE\Drivers\RAMDiskVE.sys [x]
    S0 aswRvrt;aswRvrt; [x]
    S0 aswVmm;aswVmm; [x]
    S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
    S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys;c:\windows\SYSNATIVE\DRIVERS\aksdf.sys [x]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
    S2 DraftSight API Service;DraftSight API Service;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [x]
    S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
    S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
    S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe;c:\program files (x86)\S-Bar\MSIService.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
    S3 ALSysIO;ALSysIO;c:\users\ElijahMC\AppData\Local\Temp\ALSysIO64.sys;c:\users\ElijahMC\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
    S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
    S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
    S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
    S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-02-04 00:55 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-07 14:58]
    .
    2014-02-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000Core.job
    - c:\users\ElijahMC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-03 14:56]
    .
    2014-02-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000UA.job
    - c:\users\ElijahMC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-03 14:56]
    .
    2014-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-02 10:53]
    .
    2014-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-02 10:53]
    .
    2014-02-16 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 05:41]
    .
    2014-02-12 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 05:41]
    .
    2014-02-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ecc2c5ef-5784-4d02-bb63-91292ea9aa2b.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
    .
    2014-02-15 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f9043a35-9b89-4ada-ad8b-5cdab3964008.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
    "BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-15 391152]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-15 771056]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-15 770032]
    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-20 472992]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.bing.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Trusted Zone: eset.com\www
    TCP: DhcpNameServer = 210.4.2.61 202.78.97.41
    FF - ProfilePath -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-dmboot.sys
    SafeBoot-dmio.sys
    SafeBoot-dmload.sys
    SafeBoot-sglfb.sys
    SafeBoot-tga.sys
    SafeBoot-dmadmin
    SafeBoot-dmserver
    SafeBoot-SRService
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID]
    @DACL=(02 0000)
    .
    [HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}]
    @DACL=(02 0000)
    @="Dropbox Autoplay COM Server"
    .
    [HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{083C82AE-568E-45dd-A92C-01422CA45760}]
    @DACL=(02 0000)
    @="Revit API Border Sentinel Class"
    "AppID"="{6015BDD6-F9CD-45BB-B85F-3891957CA67B}"
    .
    [HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{5E4405B0-5374-11CE-8E71-0020AF04B1D7}]
    @DACL=(02 0000)
    "AutoTreatAs"="{6A221957-2D85-42A7-8E19-BE33950D1DEB}"
    "TreatAs"="{6A221957-2D85-42A7-8E19-BE33950D1DEB}"
    .
    [HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}]
    @DACL=(02 0000)
    @="AutoCAD Drawing"
    .
    [HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}]
    @DACL=(02 0000)
    .
    [HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}]
    @DACL=(02 0000)
    @="AutoCAD Application"
    .
    [HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}]
    @DACL=(02 0000)
    @="AutoCAD Icon Shell Extension"
    .
    [HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    @DACL=(02 0000)
    @="DropboxExt"
    .
    [HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    @DACL=(02 0000)
    @="DropboxExt"
    .
    [HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    @DACL=(02 0000)
    @="DropboxExt"
    .
    [HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    @DACL=(02 0000)
    @="DropboxExt"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-02-16 13:28:33
    ComboFix-quarantined-files.txt 2014-02-16 05:28
    .
    Pre-Run: 42,105,057,280 bytes free
    Post-Run: 44,259,164,160 bytes free
    .
    - - End Of File - - D65E83D0C615BA2BC1DF5658DD0B80F7
     
  4. Broni

    Broni Malware Annihilator Posts: 55,035   +448

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  5. Elijah Catbagan

    Elijah Catbagan TS Member Topic Starter Posts: 33

    adwcleaner

    # AdwCleaner v3.018 - Report created 16/02/2014 at 14:07:19
    # Updated 28/01/2014 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : ElijahMC - ELIJAHMC-PC
    # Running from : C:\Users\ElijahMC\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.7601.17514


    -\\ Mozilla Firefox v26.0 (en-US)

    -\\ Google Chrome v32.0.1700.107

    [ File : C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [262 octets] - [13/02/2014 18:49:47]
    AdwCleaner[R1].txt - [7053 octets] - [14/02/2014 04:28:29]
    AdwCleaner[R2].txt - [977 octets] - [15/02/2014 19:14:46]
    AdwCleaner[R3].txt - [1104 octets] - [16/02/2014 14:06:44]
    AdwCleaner[S0].txt - [6994 octets] - [14/02/2014 04:29:33]
    AdwCleaner[S1].txt - [1037 octets] - [15/02/2014 19:15:35]
    AdwCleaner[S2].txt - [1026 octets] - [16/02/2014 14:07:19]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1086 octets] ##########
     
  6. Elijah Catbagan

    Elijah Catbagan TS Member Topic Starter Posts: 33

    JRT

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.1 (02.04.2014:1)
    OS: Windows 7 Ultimate x64
    Ran by ElijahMC on Sun 02/16/2014 at 14:19:35.99
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values




    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 02/16/2014 at 14:22:42.57
    Computer was rebooted
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  7. Elijah Catbagan

    Elijah Catbagan TS Member Topic Starter Posts: 33

    OTL 1 of 2

    OTL logfile created on: 2/16/2014 2:24:12 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ElijahMC\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.90 Gb Total Physical Memory | 12.64 Gb Available Physical Memory | 79.50% Memory free
    31.80 Gb Paging File | 28.34 Gb Available in Paging File | 89.14% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 244.04 Gb Total Space | 41.20 Gb Free Space | 16.88% Space Free | Partition Type: NTFS
    Drive D: | 454.49 Gb Total Space | 62.80 Gb Free Space | 13.82% Space Free | Partition Type: NTFS

    Computer Name: ELIJAHMC-PC | User Name: ElijahMC | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/02/16 14:05:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ElijahMC\Desktop\OTL.exe
    PRC - [2014/02/13 00:57:16 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
    PRC - [2014/02/06 19:36:13 | 009,890,608 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\GarenaMessenger.exe
    PRC - [2014/01/21 10:56:25 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    PRC - [2014/01/21 10:55:50 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    PRC - [2014/01/03 08:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\ElijahMC\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2013/12/01 17:38:24 | 000,655,712 | ---- | M] () -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
    PRC - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\ggdllhost.exe
    PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\ElijahMC\AppData\Local\Akamai\netsession_win.exe
    PRC - [2013/03/07 07:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/03/07 07:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/12/09 17:51:30 | 000,336,992 | ---- | M] (Power Software Ltd) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    PRC - [2012/09/01 18:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2012/09/01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2012/04/27 14:27:10 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\S-Bar\MSIService.exe
    PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    PRC - [2012/03/27 08:02:04 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    PRC - [2012/03/27 08:02:02 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    PRC - [2012/03/27 08:01:56 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    PRC - [2012/03/27 08:01:56 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
    PRC - [2012/03/15 12:48:22 | 000,362,840 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2012/03/15 12:48:20 | 000,276,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2012/03/15 12:48:14 | 000,127,320 | R--- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    PRC - [2012/03/15 12:48:06 | 000,162,648 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2012/02/27 03:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    PRC - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    PRC - [2011/09/15 06:19:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
    PRC - [2011/03/14 23:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
    PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/02/11 19:36:34 | 000,027,952 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\VersionModule.dll
    MOD - [2014/02/06 19:37:04 | 000,957,232 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\XLL.dll
    MOD - [2014/02/06 19:36:13 | 009,890,608 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\GarenaMessenger.exe
    MOD - [2014/01/20 16:50:34 | 000,891,184 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\Plugins\ggplugin.dll
    MOD - [2014/01/03 08:45:04 | 003,558,400 | ---- | M] () -- C:\Users\ElijahMC\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
    MOD - [2013/10/19 07:55:02 | 025,100,288 | ---- | M] () -- C:\Users\ElijahMC\AppData\Roaming\Dropbox\bin\libcef.dll
    MOD - [2013/09/20 19:12:15 | 000,956,208 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\delay_load\GaFileTransfer.dll
    MOD - [2013/08/23 17:10:18 | 000,553,776 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\ggspawn.dll
    MOD - [2013/07/15 22:29:36 | 001,545,520 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\delay_load\FileSender.dll
    MOD - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\ggdllhost.exe
    MOD - [2013/04/10 17:23:12 | 000,170,800 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\fs\YYFileSystem.dll
    MOD - [2013/04/10 17:22:55 | 000,155,440 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\libmpg123.dll
    MOD - [2013/04/09 18:22:36 | 000,027,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgrSvcInt#\ac975f5d18f8ed858c03d4b75a8cf2c2\IAStorDataMgrSvcInterfaces.ni.dll
    MOD - [2013/04/09 18:22:36 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\3edb98ea7aee0ec596d4df165bacecd0\IAStorCommon.ni.dll
    MOD - [2013/04/09 18:22:35 | 000,361,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\fd0a907c3a5c780609c363e0d7ffa401\IAStorUtil.ni.dll
    MOD - [2013/03/13 18:05:59 | 000,374,064 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\Http.dll
    MOD - [2013/03/07 10:10:42 | 000,106,288 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\UILayout.dll
    MOD - [2013/03/07 10:10:39 | 000,224,560 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\Plugins\StatsPlugin.dll
    MOD - [2013/03/07 10:10:22 | 000,487,216 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\CxImage.dll
    MOD - [2013/02/07 17:11:25 | 000,025,392 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\PluginModule.dll
    MOD - [2013/02/07 17:11:24 | 000,087,344 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\PluginKernel.dll
    MOD - [2013/02/07 17:11:22 | 000,192,816 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\ImageModule.dll
    MOD - [2013/02/07 17:11:17 | 000,051,504 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\FileLoader.dll
    MOD - [2013/02/07 17:11:15 | 000,033,584 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\DibModule.dll
    MOD - [2013/02/03 12:02:41 | 001,222,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\63f1339786fa9b84e97073f9859f8c51\System.WorkflowServices.ni.dll
    MOD - [2013/02/03 12:01:52 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\56f330e897ee2b713d49400e592ab592\System.ServiceModel.Routing.ni.dll
    MOD - [2013/02/03 12:01:51 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\449cb8fbbaf8ae2456b7ef4a1f06bd45\System.ServiceModel.Discovery.ni.dll
    MOD - [2013/02/03 12:01:49 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e3dc87f1531b61606b24be7c88c28464\System.ServiceModel.Channels.ni.dll
    MOD - [2013/02/03 12:01:26 | 001,392,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b58c47b19c9590780cadddf930f6bd2a\System.ServiceModel.Activities.ni.dll
    MOD - [2013/02/03 12:01:21 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\8a46112332f7dce3042642c03d2734ba\System.IdentityModel.ni.dll
    MOD - [2013/02/03 12:01:19 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a283fadbb6dcc293c05dee07024f3b64\System.ServiceModel.ni.dll
    MOD - [2013/02/03 12:00:53 | 001,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\51b881a42d54d3042b901c7ba7708f95\System.ServiceModel.Web.ni.dll
    MOD - [2013/02/03 09:53:16 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f2b32d7477ee2c1220bf4173743425ea\System.Runtime.DurableInstancing.ni.dll
    MOD - [2013/02/03 09:53:15 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\4fde6b1690bd0bc5b57536efbde46ddb\System.Runtime.Serialization.ni.dll
    MOD - [2013/02/03 09:53:15 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\b8e891c1c9ccf87e5f74aef0d2f171ff\SMDiagnostics.ni.dll
    MOD - [2013/02/03 09:16:22 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5a4de0d567696567ddd0ad7ddf4a9e0d\System.Xaml.ni.dll
    MOD - [2013/02/02 23:46:10 | 013,102,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\adeb9af3c309921ae1b7fb8a621ee243\System.Windows.Forms.ni.dll
    MOD - [2013/02/02 23:46:08 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\e09bc975f73e4bc24ab3eb7f6373288e\System.Core.ni.dll
    MOD - [2013/02/02 23:46:05 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\717c6a68a2ad575e93bccc52a11f7c52\System.Xml.ni.dll
    MOD - [2013/02/02 23:46:03 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5c5b46515e207b2025a474340de7ae15\System.Drawing.ni.dll
    MOD - [2013/02/02 23:46:03 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\276f7b53f15e66e518278753c57b78b2\System.Configuration.ni.dll
    MOD - [2013/02/02 23:46:00 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\68131da3061b5a1c048abf73c5bae11d\System.ni.dll
    MOD - [2013/02/02 23:45:51 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ac9bfacce80c52220e4b4b3a814aaa3d\mscorlib.ni.dll
    MOD - [2013/02/01 13:42:29 | 000,153,088 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\libzmq.dll
    MOD - [2013/01/30 16:26:41 | 002,941,232 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\ggdownloader.dll
    MOD - [2013/01/30 16:26:38 | 000,104,752 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\CommonLib.dll
    MOD - [2013/01/14 19:57:46 | 000,219,952 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\TaskManagerLib.dll
    MOD - [2012/09/13 14:19:20 | 000,048,640 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\XmlUIModule.dll
    MOD - [2012/07/27 14:59:44 | 000,010,240 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\delay_load\ClientTcp.dll
    MOD - [2012/07/27 14:59:30 | 000,061,952 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\delay_load\UdtLib.dll
    MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
    MOD - [2012/04/24 09:19:16 | 000,238,592 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\delay_load\MediaEngine.dll
    MOD - [2012/04/13 11:12:18 | 000,059,392 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\delay_load\AudioMixerLib.dll
    MOD - [2012/04/13 11:12:18 | 000,019,968 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\ServerMemAlloc.dll
    MOD - [2012/03/08 16:56:40 | 000,510,464 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\delay_load\RSALib.dll
    MOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lame_enc.dll
    MOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\sqlite3.dll
    MOD - [2012/02/22 16:52:16 | 000,178,176 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\MP3Module.dll
    MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
    MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/01/21 10:55:35 | 016,939,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
    SRV:64bit: - [2013/10/11 06:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2013/10/08 12:35:10 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2013/06/28 09:28:26 | 000,123,392 | ---- | M] (Dassault Systèmes) [Auto | Running] -- C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service)
    SRV:64bit: - [2013/03/07 07:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2012/03/29 07:57:36 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
    SRV:64bit: - [2012/03/29 07:57:24 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2012/03/29 07:57:14 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2012/03/29 07:57:10 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2012/02/21 07:01:02 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
    SRV:64bit: - [2012/02/02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV:64bit: - [2012/01/17 16:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
    SRV:64bit: - [2012/01/09 12:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
    SRV:64bit: - [2011/09/15 06:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe -- (mi-raysat_3dsmax2013_64)
    SRV:64bit: - [2009/09/14 05:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
    SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2014/02/05 22:58:57 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/01/21 10:55:50 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
    SRV - [2014/01/03 22:24:39 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
    SRV - [2013/12/01 17:38:24 | 000,655,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe -- (Globe Tattoo Broadband. RunOuc)
    SRV - [2013/11/15 13:49:58 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2013/05/16 22:13:25 | 000,089,600 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\WindowBlinds\WBSrv.exe -- (WindowBlinds)
    SRV - [2013/02/03 01:16:28 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/12/06 05:13:00 | 005,150,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
    SRV - [2012/09/01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2012/04/27 14:27:10 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\S-Bar\MSIService.exe -- (Micro Star SCM)
    SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
    SRV - [2012/03/27 08:02:04 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
    SRV - [2012/03/27 08:02:02 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
    SRV - [2012/03/27 08:01:56 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
    SRV - [2012/03/15 12:48:22 | 000,362,840 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2012/03/15 12:48:20 | 000,276,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2012/03/15 12:48:14 | 000,127,320 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
    SRV - [2012/03/15 12:48:06 | 000,162,648 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
    SRV - [2011/12/07 15:38:10 | 002,429,544 | R--- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2011/03/14 23:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
    SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/12/28 02:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
    DRV:64bit: - [2013/12/20 04:33:31 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2013/12/01 17:38:25 | 000,223,744 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
    DRV:64bit: - [2013/12/01 17:38:25 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
    DRV:64bit: - [2013/12/01 17:38:25 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV:64bit: - [2013/12/01 17:38:25 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
    DRV:64bit: - [2013/12/01 17:38:25 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
    DRV:64bit: - [2013/12/01 17:38:24 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV:64bit: - [2013/10/28 14:13:24 | 000,449,496 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2013/10/28 14:06:26 | 004,195,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2013/05/22 18:49:32 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV:64bit: - [2013/04/09 15:36:06 | 000,849,408 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
    DRV:64bit: - [2013/04/09 15:36:06 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
    DRV:64bit: - [2013/04/09 15:35:27 | 000,080,896 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
    DRV:64bit: - [2013/04/09 15:34:52 | 000,111,104 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
    DRV:64bit: - [2013/04/09 15:34:45 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2013/04/09 15:34:33 | 011,523,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
    DRV:64bit: - [2013/04/09 15:34:22 | 000,792,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
    DRV:64bit: - [2013/04/09 15:34:18 | 000,358,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
    DRV:64bit: - [2013/04/09 15:34:05 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
    DRV:64bit: - [2013/04/09 15:33:42 | 000,838,216 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2013/03/07 07:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2013/03/07 07:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2013/03/07 07:33:21 | 000,178,624 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
    DRV:64bit: - [2013/03/07 07:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2013/03/07 07:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2013/03/07 07:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
    DRV:64bit: - [2013/03/07 07:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2013/03/07 07:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/12/19 14:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
    DRV:64bit: - [2012/12/09 17:51:20 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV:64bit: - [2012/09/01 18:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
    DRV:64bit: - [2012/09/01 18:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
    DRV:64bit: - [2012/02/29 18:31:16 | 000,143,144 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2012/02/01 16:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
    DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
    DRV:64bit: - [2012/01/03 11:21:44 | 000,340,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2011/11/10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2011/07/23 00:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/13 05:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2010/11/21 11:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/21 11:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010/11/21 11:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2010/11/21 11:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/21 11:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2010/11/21 11:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/21 11:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/21 11:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
    DRV:64bit: - [2009/11/18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
    DRV:64bit: - [2009/09/21 01:43:52 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm)
    DRV:64bit: - [2009/09/21 01:43:52 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus)
    DRV:64bit: - [2009/09/21 01:43:52 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl)
    DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 09:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 08:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2007/01/29 07:40:58 | 000,456,192 | ---- | M] (MSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MSILiveVirtualCamera.sys -- (MSILiveVirtualCamera)
    DRV:64bit: - [2006/12/13 18:14:14 | 000,065,024 | ---- | M] (Aladdin Knowledge Systems Ltd.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
    DRV:64bit: - [2006/12/04 10:44:14 | 000,314,368 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
    DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
    IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 80 3D 23 B6 01 CE 01 [binary data]
    IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
    IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
    IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@graphisoft.com/GDL Web Plug-in: C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: D:\Applications\GarenaLoLPH\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ElijahMC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\ElijahMC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\ElijahMC\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
    FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/19 10:02:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/10/17 05:07:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/01/03 22:24:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/01/03 22:24:34 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2013/02/03 20:04:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ElijahMC\AppData\Roaming\Mozilla\Extensions
    [2013/04/24 13:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ElijahMC\AppData\Roaming\Mozilla\Firefox\Profilesluwmcrsj.default\extensions
    [2013/04/24 13:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ElijahMC\AppData\Roaming\Mozilla\Firefox\Profilesluwmcrsj.default\extensions\staged
    [2014/01/03 22:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
    [2014/01/03 22:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/01/03 22:24:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========
     
  8. Elijah Catbagan

    Elijah Catbagan TS Member Topic Starter Posts: 33

    OTL 2 of 2


    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
    CHR - plugin: Advanced SystemCare 6 (Enabled) = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc\1.0.0_0\Plugin/ASCPlugin_Protect.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    CHR - plugin: ArchiCAD (Enabled) = C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\ElijahMC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Facebook Desktop (Enabled) = C:\Users\ElijahMC\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\ElijahMC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
    CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Garena Talk Plugin (Enabled) = D:\Applications\GarenaLoLPH\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
    CHR - Extension: Tank Hero: Laser Wars (Web) = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkkneogpiampdcpgceflcjjmghppmmn\1.0.8_0\
    CHR - Extension: RuneScape = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajjblpfpopipimofkhbglcoeknpnfijj\1.1_0\
    CHR - Extension: Beautiful landscape = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig\1_0\
    CHR - Extension: Google Docs = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: American Racing 2 3D = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfpfdjclhabpjncikdngdoldjjjegnbe\2.1.2_0\
    CHR - Extension: Dragon Age Legends: Remix 01 = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkiinhllammkfejicmjmhnanlbifccfj\3_0\
    CHR - Extension: YouTube = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: BeGone: Last Stand HD = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmekbplkjhgmljmbblmhmcnocafhaink\1.8.2.17_0\
    CHR - Extension: Smartsheet Project Management = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cindmhdfkimaeggbebfjkmkdfiohldbm\2.5.0_0\
    CHR - Extension: Kingdom Rush = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.1.0.1_0\
    CHR - Extension: Google Search = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Facebook Customizer (by Adblock Plus) = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm\0.1_0\
    CHR - Extension: No name found = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopfmbpfhhfnklgmjpoehcjaajhpbhbl\1.0.0.16_0\
    CHR - Extension: Picditor Photo Editor = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggdplhaiiohpkafnlhlfikiomnboacoi\3.5_0\
    CHR - Extension: Planner 5D = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc\1.2.0.5_0\
    CHR - Extension: Ads Removal = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\
    CHR - Extension: Arcane Legends = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido\1.0.2.2_0\
    CHR - Extension: avast! WebRep = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
    CHR - Extension: theHunter = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jangaedeekciafhlanphhnalogmhefmo\10_0\
    CHR - Extension: Online PDF Tools = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfpnmfhodaljeelokfceepbeapgbdn\2.0.0.1_0\
    CHR - Extension: Traffic Slam 3 = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfjmailnmofkkffoemgmdbemmohldhe\1.1_0\
    CHR - Extension: Autodesk Homestyler = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.6_0\
    CHR - Extension: Verdun Game = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\khdppkcpilejlgahecofelpoidcnjbdg\1.1_0\
    CHR - Extension: No name found = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclbocehhgmkm\1.0.9_0\
    CHR - Extension: Save as PDF = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc\1.7_0\
    CHR - Extension: Drakensang Online = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgloifppaepihckkhiocnodicehjdoof\4.0.8_0\
    CHR - Extension: Fishing Joy = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlonhgnjdlnjgalpdigmbpfpielpadmc\1.0.8.0_0\
    CHR - Extension: Google Wallet = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
    CHR - Extension: Battlefield Play4Free = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
    CHR - Extension: Bastion = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid\0.0.0.4_0\
    CHR - Extension: Bitdefender QuickScan = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0\
    CHR - Extension: Gmail = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2014/02/15 19:20:34 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    O4 - HKU\.DEFAULT..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
    O4 - HKU\S-1-5-18..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
    O4 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000..\Run: [Akamai NetSession Interface] C:\Users\ElijahMC\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
    O4 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
    O4 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000..\Run: [GarenaPlus] D:\Applications\GarenaLoLPH\GameData\GarenaMessenger.exe ()
    O4 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
    O4 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
    O4 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
    O4 - Startup: C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ElijahMC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
    O7 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\..Trusted Domains: eset.com ([www] https in Trusted sites)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.51.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.51.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 210.4.2.61 202.78.97.41
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B4E458E-F37C-4A10-918F-7C41369D8C99}: DhcpNameServer = 210.4.2.61 202.78.97.41
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/10/08 15:39:21 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2013/11/30 20:17:30 | 000,669,668 | ---- | M] () - D:\AutoSave_AutoSave_Untitled.skb -- [ NTFS ]
    O32 - AutoRun File - [2013/12/02 12:22:25 | 000,670,239 | ---- | M] () - D:\AutoSave_AutoSave_Untitled.skp -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/02/16 13:28:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/02/16 13:17:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/02/16 13:17:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/02/16 13:17:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/02/16 13:17:40 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/02/16 13:10:46 | 005,183,211 | R--- | C] (Swearware) -- C:\Users\ElijahMC\Desktop\ComboFix.exe
    [2014/02/16 12:24:28 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/02/16 12:24:01 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/02/16 11:40:31 | 000,000,000 | ---D | C] -- C:\FRST
    [2014/02/16 11:39:10 | 002,152,960 | ---- | C] (Farbar) -- C:\Users\ElijahMC\Desktop\FRST64.exe
    [2014/02/16 11:32:55 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\ElijahMC\Desktop\rkill.exe
    [2014/02/16 11:06:55 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
    [2014/02/16 11:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
    [2014/02/16 11:02:47 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\Desktop\Take_Ownership
    [2014/02/16 09:59:53 | 001,037,530 | ---- | C] (Thisisu) -- C:\Users\ElijahMC\Desktop\JRT.exe
    [2014/02/16 09:55:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2014/02/15 19:32:24 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ElijahMC\Desktop\tdsskiller.exe
    [2014/02/15 19:18:51 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\Desktop\RK_Quarantine
    [2014/02/15 18:55:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ElijahMC\Desktop\OTL.exe
    [2014/02/15 18:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2014/02/15 18:47:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2014/02/15 18:42:52 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\AppData\Roaming\Malwarebytes
    [2014/02/15 13:31:20 | 000,353,352 | ---- | C] (Malwarebytes Corporation) -- C:\Users\ElijahMC\Desktop\mbam-check-2.0.0.1000.exe
    [2014/02/14 21:20:13 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\AppData\Local\CrashDumps
    [2014/02/14 11:21:38 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\48230029.sys
    [2014/02/14 03:47:10 | 000,000,000 | ---D | C] -- C:\UsbFix
    [2014/02/13 18:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2014/02/13 18:53:44 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\Desktop\mbar
    [2014/02/13 18:49:44 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/02/13 18:38:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/02/13 14:45:32 | 000,000,000 | ---D | C] -- C:\SUPERDelete
    [2014/02/13 14:34:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/02/13 14:31:16 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\AppData\Roaming\SUPERAntiSpyware.com
    [2014/02/13 14:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2014/02/13 14:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2014/02/13 14:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2014/02/13 13:36:23 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\AppData\Local\28050
    [2014/02/13 13:12:16 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\AppData\Local\Adobe
    [2014/02/10 23:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
    [2014/02/10 10:13:05 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\AppData\Roaming\Process Hacker 2
    [2014/02/10 10:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
    [2014/02/10 10:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
    [2014/02/10 10:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2014/02/10 10:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2014/02/08 21:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
    [2014/02/06 17:44:14 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\Documents\AutoCAD Sheet Sets
    [2014/01/29 09:43:02 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\AppData\Roaming\BatteryBar
    [2014/01/29 09:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\BatteryBar
    [2014/01/24 03:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\V-Ray for SketchUp
    [2014/01/19 21:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2014/01/19 12:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
    [2014/01/19 12:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune
    [2014/01/19 05:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
    [2014/01/18 03:05:11 | 000,000,000 | ---D | C] -- C:\Nexon
    [2014/01/18 03:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
    [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/02/16 14:26:09 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/02/16 14:26:09 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/02/16 14:23:09 | 000,779,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/02/16 14:23:09 | 000,660,856 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/02/16 14:23:09 | 000,121,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/02/16 14:18:25 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    [2014/02/16 14:18:21 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/02/16 14:17:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/02/16 14:17:27 | 4213,919,742 | -HS- | M] () -- C:\hiberfil.sys
    [2014/02/16 14:05:52 | 001,166,132 | ---- | M] () -- C:\Users\ElijahMC\Desktop\adwcleaner.exe
    [2014/02/16 14:05:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ElijahMC\Desktop\OTL.exe
    [2014/02/16 14:05:40 | 001,037,530 | ---- | M] (Thisisu) -- C:\Users\ElijahMC\Desktop\JRT.exe
    [2014/02/16 14:02:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/02/16 14:01:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000UA.job
    [2014/02/16 13:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/02/16 13:15:47 | 005,183,211 | R--- | M] (Swearware) -- C:\Users\ElijahMC\Desktop\ComboFix.exe
    [2014/02/16 12:24:28 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/02/16 12:24:01 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/02/16 12:16:28 | 003,813,376 | ---- | M] () -- C:\Users\ElijahMC\Desktop\RogueKiller.exe
    [2014/02/16 11:40:20 | 002,152,960 | ---- | M] (Farbar) -- C:\Users\ElijahMC\Desktop\FRST64.exe
    [2014/02/16 11:33:04 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\ElijahMC\Desktop\rkill.exe
    [2014/02/16 11:04:07 | 000,000,051 | ---- | M] () -- C:\Users\ElijahMC\AppData\Roaming\mbam.context.scan
    [2014/02/16 10:13:45 | 000,080,384 | ---- | M] () -- C:\Users\ElijahMC\Desktop\MBRCheck.exe
    [2014/02/16 06:31:01 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f9043a35-9b89-4ada-ad8b-5cdab3964008.job
    [2014/02/15 19:20:34 | 000,000,741 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2014/02/15 18:47:26 | 000,001,108 | ---- | M] () -- C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2014/02/15 18:47:22 | 000,000,928 | ---- | M] () -- C:\Users\ElijahMC\Desktop\NTREGOPT.lnk
    [2014/02/15 18:47:22 | 000,000,909 | ---- | M] () -- C:\Users\ElijahMC\Desktop\ERUNT.lnk
    [2014/02/15 13:39:58 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ElijahMC\Desktop\tdsskiller.exe
    [2014/02/15 13:31:21 | 000,353,352 | ---- | M] (Malwarebytes Corporation) -- C:\Users\ElijahMC\Desktop\mbam-check-2.0.0.1000.exe
    [2014/02/15 02:00:00 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ecc2c5ef-5784-4d02-bb63-91292ea9aa2b.job
    [2014/02/14 23:01:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000Core.job
    [2014/02/14 12:27:18 | 000,001,448 | ---- | M] () -- C:\Users\ElijahMC\Desktop\UsbFix.lnk
    [2014/02/14 11:21:38 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\48230029.sys
    [2014/02/14 05:46:28 | 000,001,033 | ---- | M] () -- C:\Users\ElijahMC\Desktop\Take_Ownership.zip
    [2014/02/14 03:01:47 | 000,125,896 | ---- | M] () -- C:\Users\ElijahMC\Documents\cc_20140214_030132.reg
    [2014/02/14 02:58:18 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/02/13 18:29:32 | 000,000,874 | ---- | M] () -- C:\Users\ElijahMC\Desktop\Lumion 3.0.1.lnk
    [2014/02/13 14:30:34 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    [2014/02/13 12:36:01 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
    [2014/02/12 18:08:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    [2014/02/11 16:50:43 | 001,535,069 | ---- | M] () -- C:\Users\ElijahMC\Documents\Print.skp
    [2014/02/11 08:30:14 | 005,204,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/02/10 22:50:00 | 000,001,522 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
    [2014/02/10 16:34:33 | 000,777,877 | ---- | M] () -- C:\Users\ElijahMC\Documents\Grid.skp
    [2014/02/10 10:52:31 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/02/10 10:52:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2014/02/08 10:02:19 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
    [2014/02/06 17:56:43 | 001,753,419 | ---- | M] () -- C:\Users\ElijahMC\Documents\ARCH33_CATBAGAN_121813.pdf
    [2014/01/20 23:43:20 | 007,593,516 | ---- | M] () -- C:\Users\ElijahMC\Documents\Quezon Hall.skp
    [2014/01/20 23:42:45 | 007,608,665 | ---- | M] () -- C:\Users\ElijahMC\Documents\Quezon Hall.skb
    [2014/01/19 05:08:49 | 000,000,192 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url
    [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/02/16 14:04:54 | 001,166,132 | ---- | C] () -- C:\Users\ElijahMC\Desktop\adwcleaner.exe
    [2014/02/16 13:17:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/02/16 13:17:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/02/16 13:17:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/02/16 13:17:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/02/16 13:17:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/02/16 12:15:28 | 003,813,376 | ---- | C] () -- C:\Users\ElijahMC\Desktop\RogueKiller.exe
    [2014/02/16 10:14:06 | 000,080,384 | ---- | C] () -- C:\Users\ElijahMC\Desktop\MBRCheck.exe
    [2014/02/15 18:47:26 | 000,001,108 | ---- | C] () -- C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2014/02/15 18:47:22 | 000,000,928 | ---- | C] () -- C:\Users\ElijahMC\Desktop\NTREGOPT.lnk
    [2014/02/15 18:47:22 | 000,000,909 | ---- | C] () -- C:\Users\ElijahMC\Desktop\ERUNT.lnk
    [2014/02/14 05:46:50 | 000,001,777 | ---- | C] () -- C:\Users\ElijahMC\Desktop\Add_Take_Ownership.reg
    [2014/02/14 05:46:50 | 000,001,108 | ---- | C] () -- C:\Users\ElijahMC\Desktop\Remove_Take_Ownership.reg
    [2014/02/14 05:46:27 | 000,001,033 | ---- | C] () -- C:\Users\ElijahMC\Desktop\Take_Ownership.zip
    [2014/02/14 03:47:13 | 000,001,448 | ---- | C] () -- C:\Users\ElijahMC\Desktop\UsbFix.lnk
    [2014/02/14 03:01:36 | 000,125,896 | ---- | C] () -- C:\Users\ElijahMC\Documents\cc_20140214_030132.reg
    [2014/02/14 02:58:18 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/02/13 14:31:29 | 000,000,516 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f9043a35-9b89-4ada-ad8b-5cdab3964008.job
    [2014/02/13 14:31:27 | 000,000,516 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ecc2c5ef-5784-4d02-bb63-91292ea9aa2b.job
    [2014/02/13 14:30:34 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    [2014/02/13 12:32:14 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
    [2014/02/11 16:50:43 | 001,535,069 | ---- | C] () -- C:\Users\ElijahMC\Documents\Print.skp
    [2014/02/10 22:46:49 | 000,087,040 | ---- | C] () -- C:\Users\ElijahMC\Desktop\xf-mccs6-keygen.exe
    [2014/02/10 21:36:13 | 000,001,534 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
    [2014/02/10 21:36:13 | 000,001,522 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
    [2014/02/10 16:34:32 | 000,777,877 | ---- | C] () -- C:\Users\ElijahMC\Documents\Grid.skp
    [2014/02/10 10:52:31 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/02/10 10:46:42 | 000,000,051 | ---- | C] () -- C:\Users\ElijahMC\AppData\Roaming\mbam.context.scan
    [2014/02/08 10:02:19 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
    [2014/02/06 17:56:05 | 001,753,419 | ---- | C] () -- C:\Users\ElijahMC\Documents\ARCH33_CATBAGAN_121813.pdf
    [2014/01/20 22:54:22 | 007,608,665 | ---- | C] () -- C:\Users\ElijahMC\Documents\Quezon Hall.skb
    [2014/01/20 22:41:25 | 007,593,516 | ---- | C] () -- C:\Users\ElijahMC\Documents\Quezon Hall.skp
    [2014/01/19 23:11:40 | 000,002,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Update Management Tool.lnk
    [2014/01/19 23:09:11 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk
    [2014/01/19 23:07:41 | 000,001,204 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk
    [2014/01/19 05:08:48 | 000,000,192 | ---- | C] () -- C:\Users\Public\Desktop\MapleStory.url
    [2014/01/14 15:12:40 | 000,007,604 | ---- | C] () -- C:\Users\ElijahMC\AppData\Local\Resmon.ResmonCfg
    [2014/01/09 08:49:53 | 000,314,656 | ---- | C] () -- C:\Windows\SysWow64\NvIFROpenGL.dll
    [2013/12/02 12:22:25 | 000,669,668 | ---- | C] () -- C:\Users\ElijahMC\AutoSave_AutoSave_Untitled.skb
    [2013/11/30 20:17:29 | 000,670,239 | ---- | C] () -- C:\Users\ElijahMC\AutoSave_AutoSave_Untitled.skp
    [2013/11/13 00:11:04 | 000,075,880 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll
    [2013/11/06 19:55:37 | 000,234,220 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2013/10/28 14:02:00 | 000,317,440 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
    [2013/10/28 14:01:40 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2013/10/28 14:01:34 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
    [2013/10/23 17:50:02 | 000,230,400 | ---- | C] () -- C:\ProgramData\tempraw
    [2013/08/22 15:08:22 | 000,002,952 | ---- | C] () -- C:\Users\ElijahMC\AppData\Local\cgqicccg.ini
    [2013/05/18 22:29:48 | 000,000,884 | RHS- | C] () -- C:\Users\ElijahMC\ntuser.pol
    [2013/04/02 01:37:43 | 000,236,678 | ---- | C] () -- C:\Users\ElijahMC\AppData\Local\Metadata.xml
    [2013/03/15 21:03:26 | 000,037,984 | ---- | C] () -- C:\Users\ElijahMC\TitleBlock.dwg
    [2013/03/06 08:31:02 | 000,000,023 | -HS- | C] () -- C:\Windows\SysWow64\ecdaf_g.dll
    [2013/02/24 22:55:42 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2013/02/24 22:55:41 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2013/02/24 18:58:21 | 000,001,456 | ---- | C] () -- C:\Users\ElijahMC\AppData\Local\Adobe Save for Web 13.0 Prefs
    [2013/02/24 16:39:41 | 000,000,132 | ---- | C] () -- C:\Users\ElijahMC\AppData\Roaming\Adobe PNG Format CS6 Prefs
    [2013/02/24 16:34:24 | 000,000,132 | ---- | C] () -- C:\Users\ElijahMC\AppData\Roaming\Adobe BMP Format CS6 Prefs
    [2013/02/24 01:36:02 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
    [2013/02/05 02:07:25 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
    [2013/02/04 14:00:58 | 000,000,100 | ---- | C] () -- C:\ProgramData\CameraRecorder.ini
    [2013/02/04 01:56:58 | 000,109,696 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
    [2013/02/03 22:27:00 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
    [2013/02/02 23:41:31 | 000,795,368 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/02/02 18:25:04 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
    [2013/02/02 18:25:04 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
    [2012/02/27 23:07:46 | 000,057,344 | R--- | C] () -- C:\Windows\SysWow64\XSIChooser.exe

    ========== ZeroAccess Check ==========

    [2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2010/11/21 11:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 11:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/03/06 21:03:57 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\AnvSoft
    [2013/11/15 22:41:02 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Autodesk
    [2013/10/12 13:28:35 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Backup Tickets
    [2014/01/29 13:23:47 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\BatteryBar
    [2013/08/03 13:54:18 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\BoL
    [2013/08/22 15:08:14 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\BuildEdge
    [2013/07/01 00:54:37 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\CasaPortale.de
    [2013/08/03 23:14:35 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\cobra
    [2013/10/12 13:28:35 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Configuration
    [2013/07/10 23:11:20 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\DraftSight
    [2014/02/16 14:20:08 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Dropbox
    [2013/02/20 00:34:35 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\EPSON
    [2013/08/28 11:04:32 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\EQATEC Analytics
    [2013/05/03 22:07:15 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Garena
    [2014/02/16 14:23:42 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\GarenaPlus
    [2013/04/08 19:24:53 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\GDL Technology
    [2013/02/04 14:39:17 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Graphisoft
    [2013/02/03 10:32:47 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\HoolappForAndroid
    [2013/11/06 23:12:21 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Hothead Games
    [2014/01/09 10:07:50 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Install.GS
    [2014/02/13 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\IObit
    [2013/03/27 12:10:09 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\LockAP
    [2013/04/30 14:19:27 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\LolClient
    [2013/08/03 11:54:28 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\LoLPlus
    [2014/01/02 10:46:31 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Origin
    [2013/10/13 13:38:41 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\PACE Anti-Piracy
    [2014/01/04 01:12:07 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\PDAppFlex
    [2013/02/02 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\PowerISO
    [2014/02/13 00:19:50 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\PrimoPDF
    [2014/02/10 10:13:05 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Process Hacker 2
    [2013/02/02 23:35:10 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\ProgeCAD
    [2013/11/14 14:15:49 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\ProxySwitcher
    [2013/03/08 04:29:26 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Publish Providers
    [2013/12/15 21:23:07 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Quest3D
    [2014/02/15 19:26:11 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\QuickScan
    [2014/02/11 02:43:04 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Rainmeter
    [2013/10/26 14:32:26 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Red Alert 3
    [2013/08/12 17:34:17 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\SketchUp
    [2013/10/26 04:10:30 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Softros Messenger
    [2013/12/27 10:16:34 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Sony
    [2013/02/16 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2013/12/27 20:26:12 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Stardock
    [2014/01/17 09:23:20 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\SystemRequirementsLab
    [2013/08/22 15:08:17 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Temp
    [2013/11/17 01:30:37 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Ubisoft
    [2013/02/03 01:26:11 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Unity
    [2014/02/16 10:27:49 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\uTorrent
    [2013/11/20 15:08:54 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Wargaming.net
    [2013/02/24 22:56:24 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\WebCam Recorder

    ========== Purity Check ==========



    < End of report >
     
  9. Elijah Catbagan

    Elijah Catbagan TS Member Topic Starter Posts: 33

    Extras 1 of 2

    OTL Extras logfile created on: 2/15/2014 6:55:56 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ElijahMC\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.90 Gb Total Physical Memory | 14.20 Gb Available Physical Memory | 89.33% Memory free
    31.80 Gb Paging File | 30.09 Gb Available in Paging File | 94.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 244.04 Gb Total Space | 42.21 Gb Free Space | 17.30% Space Free | Partition Type: NTFS
    Drive D: | 454.49 Gb Total Space | 70.85 Gb Free Space | 15.59% Space Free | Partition Type: NTFS
    Drive H: | 15.10 Gb Total Space | 12.77 Gb Free Space | 84.58% Space Free | Partition Type: FAT32

    Computer Name: ELIJAHMC-PC | User Name: ElijahMC | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0318961F-8C90-4A8B-ADE7-40D1E6664388}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{0632BE34-DB29-4C0E-AEFC-4175064410CD}" = lport=6990 | protocol=17 | dir=in | name=league of legends launcher |
    "{0AA3AABB-C443-4A51-B59E-CA2CB2283105}" = lport=6958 | protocol=17 | dir=in | name=league of legends launcher |
    "{0D2A4D33-8B3D-4205-B4D4-4F3E8F83EB1C}" = lport=6881 | protocol=6 | dir=in | name=league of legends launcher |
    "{100D39E7-745F-4AF7-9BDB-878FAD7B97DC}" = lport=6965 | protocol=6 | dir=in | name=league of legends launcher |
    "{14DDE1CF-8813-43CF-A87A-253FDE952230}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
    "{1E657C50-99FE-4DFA-A38E-ED69C6E51FE1}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
    "{216BB45C-96F5-48B7-BF6A-9F3635775EE6}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher |
    "{265694A5-DE57-4ACC-B768-C3D7A4E18330}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher |
    "{279D8447-63D2-4753-BF70-22C20BA7C2AA}" = lport=6980 | protocol=17 | dir=in | name=league of legends launcher |
    "{2C3679EF-F74E-4916-BA92-4CDD479432C4}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service |
    "{2F43796C-FD64-4CD2-AD1D-4781E0FEB654}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
    "{2FAE6F8A-6936-4B20-9D6A-9941A848CB9A}" = lport=139 | protocol=6 | dir=in | app=system |
    "{352EBCF7-7EF2-4C68-B47F-6755DA252436}" = lport=6924 | protocol=6 | dir=in | name=league of legends launcher |
    "{37FFC6A0-C77C-414A-8779-BDAFF1A13E1C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{38781D9C-F012-4C23-BE01-3784C0DA1504}" = lport=6993 | protocol=17 | dir=in | name=league of legends launcher |
    "{3FE7061A-6269-46DD-BC23-93EA90B58B6C}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher |
    "{4BBDFEB6-38DD-44E5-986D-A84D3A00FCA0}" = lport=6993 | protocol=6 | dir=in | name=league of legends launcher |
    "{4C8CAC78-5C5B-4980-BFA7-ECE1E9724753}" = lport=6988 | protocol=6 | dir=in | name=league of legends launcher |
    "{516CB103-D7E2-4CEC-ABB8-E2B2FB42B416}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{5423AFEF-E87D-4463-8510-FA543F633E64}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |
    "{56BFB8F8-244C-4927-B696-E34ADD26900A}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{5905B6EC-393A-472A-B798-7A790299C1E5}" = lport=6946 | protocol=6 | dir=in | name=league of legends launcher |
    "{5C0300D5-4269-4F6D-A28C-BA7695925D57}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
    "{5DF65562-7094-4BE4-8759-74EB9F17751A}" = lport=6965 | protocol=17 | dir=in | name=league of legends launcher |
    "{5F0F003D-20AE-42D4-A840-EDE702882FDD}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{61A34F3D-C2B8-4ECD-838B-2A28CD2806EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{6A00C93A-B1BF-4D0D-A2C0-EED791918764}" = lport=6881 | protocol=17 | dir=in | name=league of legends launcher |
    "{6A27D5A3-BCFB-4389-A14C-B270839FBB58}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{7173A5B5-3A56-4E9E-93E6-6AC47ECF8F8B}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{7360D91A-AE3A-4D00-9BAD-1C4C1F209F52}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{776D1A72-BC35-4177-9534-8BD3BA3EEA22}" = lport=6920 | protocol=17 | dir=in | name=league of legends launcher |
    "{822F217A-E729-4720-82D9-430F8DABB71E}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher |
    "{82A82E33-042C-48A0-8DF2-8B09BEA116FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{89088F98-15CD-4B09-8E4D-D9C0EA8E39E6}" = lport=6920 | protocol=6 | dir=in | name=league of legends launcher |
    "{902B805B-B776-4401-A9C8-C8E560B04DCD}" = lport=137 | protocol=17 | dir=in | app=system |
    "{903751F6-A7BD-48B0-A6D6-293DFF216285}" = lport=6992 | protocol=6 | dir=in | name=league of legends launcher |
    "{95BF1FD6-E77F-48D1-9CDA-4C9678037C74}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
    "{96019F7B-77ED-418D-BC89-41B93FDDA1FB}" = lport=138 | protocol=17 | dir=in | app=system |
    "{96D9EA74-FC3C-43A4-9CBC-33A2A4ADC2F2}" = lport=6988 | protocol=17 | dir=in | name=league of legends launcher |
    "{9724D2E0-A713-4C80-BEAA-EA23A5EAA3F5}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{99533461-9460-4DDB-97B5-7090D6ACE6A2}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{9BC4B8E3-8618-484D-A9BA-45FF4B0A3CAF}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{9FEF1D22-E7AE-4C57-8714-8903D53BD0CA}" = rport=138 | protocol=17 | dir=out | app=system |
    "{A3884583-8406-4602-A1D4-515E258D24CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A728D0AD-F7F9-4D49-BC15-49BE4E25DE57}" = lport=6990 | protocol=6 | dir=in | name=league of legends launcher |
    "{A8E02888-4A77-4E95-B516-CFA2EF314113}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{AEE71DC1-F07B-4419-8B58-213F577514C8}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher |
    "{B0196997-FCCE-445B-8BE5-0700D46AC68A}" = lport=445 | protocol=6 | dir=in | app=system |
    "{B129698C-A55E-431C-BEBE-A3C452F64CAE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B23EE7EC-F4FE-46FC-858B-889047E7D311}" = rport=137 | protocol=17 | dir=out | app=system |
    "{BA3D788C-9674-40E9-976E-D58158B9E358}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{BC5ED88F-661E-4DCD-8526-8781EFC31B4D}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{BDEF621E-BBA0-4A9F-8CCF-98F21A47A2C8}" = lport=6915 | protocol=6 | dir=in | name=league of legends launcher |
    "{C0B4A15A-5592-491E-84A1-E5180EE8F37A}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
    "{C5BA9DEA-4279-4072-856A-81FA79260898}" = rport=139 | protocol=6 | dir=out | app=system |
    "{C92A12F0-C3ED-47B9-AAA2-2B53CB08E99B}" = lport=6958 | protocol=6 | dir=in | name=league of legends launcher |
    "{CC4F6CA4-FE36-4C52-B167-B4A528B6FC42}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{CC61D3E3-EAAA-43C6-B1C5-36424A7985A5}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{CF468633-4D0C-426F-8E66-1E9D80F65746}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher |
    "{D6D130E0-09AC-4C8E-91C4-E5D55F5E3F03}" = lport=6992 | protocol=17 | dir=in | name=league of legends launcher |
    "{D725FA92-462B-4AE8-ACE4-084DEA52233E}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
    "{DD1C9450-EC9E-4D2C-B642-D223861B2BB6}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
    "{E022A2B0-DA1A-41C0-8C1F-6EEF9A1696E8}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{E029270A-0D72-48D9-919F-71FB6B1EF371}" = lport=6915 | protocol=17 | dir=in | name=league of legends launcher |
    "{E1F3CB83-C44B-429E-BEDD-923C110C9BED}" = lport=6980 | protocol=6 | dir=in | name=league of legends launcher |
    "{EA23A6D9-3D62-4732-A1FD-6784A695BAFE}" = rport=445 | protocol=6 | dir=out | app=system |
    "{EBAD27EE-BB61-459C-9FE8-C4AE0647B12E}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
    "{EE3D13E5-7444-4769-A2A8-255DF761E7C7}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
    "{F77F6C7F-68C2-4239-A30E-FA4C27F8CD64}" = lport=6946 | protocol=17 | dir=in | name=league of legends launcher |
    "{F831C729-41D8-4D0D-AD91-D6BB075991AE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{F93BE740-EC63-49D8-85FE-5CC010144889}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{FE55C985-24D3-4FAA-9A4B-98BC58677A59}" = lport=6924 | protocol=17 | dir=in | name=league of legends launcher |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00031362-7B54-420A-9C65-8651FA1168A2}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
    "{06569BBB-FDB7-4DD4-9475-48ED193831E0}" = protocol=6 | dir=in | app=c:\users\elijahmc\appdata\roaming\utorrent\utorrent.exe |
    "{070723A6-AD45-433B-9D7D-33A6A71160B7}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{0FDEA805-97C7-40F5-817F-A20AD7BAFAAD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{11EE7D7F-B7C6-461F-B998-3C0E62416869}" = dir=out | app=%programfiles%\sony\vegas pro 12.0\vegas120.exe |
    "{12A463D1-DB3E-4B97-9765-BF0C57BB6C2E}" = protocol=6 | dir=in | app=d:\applications\garenalolph\gamedata\bbtalk\bbtalk.exe |
    "{1B91F4C4-C8B9-44E6-AA33-D0CA960A4259}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
    "{1BBE8366-9A0E-4259-AF37-8710C43DBA6C}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64.exe |
    "{1BC7DC01-0E1F-4AA2-9716-D7695D8FD1D8}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{1EE8EFCA-ADDB-4129-B4AB-BF44E89F714D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
    "{23B43BD5-A8A0-4C20-8DD3-5C45AAFF4772}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{261D5086-92A7-4FBF-AE7B-F0DE414F639F}" = protocol=17 | dir=in | app=d:\applications\garenalolph\gamedata\apps\lolph\game\league of legends.exe |
    "{2685364F-A197-4750-874B-6A1DB205D048}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{2A20E8C4-8791-4617-8576-A14F679CD63B}" = protocol=17 | dir=in | app=d:\applications\garenalolph\gamedata\apps\lolph\game\league of legends.exe |
    "{3135150E-02B6-4CA3-B69B-744C51B697F9}" = protocol=17 | dir=in | app=c:\users\elijahmc\appdata\roaming\utorrent\utorrent.exe |
    "{3248C7BC-2AC8-4795-B37C-4BB92C660D1C}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
    "{3331CE24-A834-4FB2-BAAF-BD1AD664158C}" = protocol=6 | dir=in | app=d:\applications\wot\world of tanks\wotlauncher.exe |
    "{39FD5D21-3453-498A-A816-2E1A965CE83B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{3F32034C-0957-4830-95A2-D4181EB89EA2}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2013\3dsmax.exe |
    "{43F147A2-2DDE-49FA-9DA4-AD0BFCECD149}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
    "{4A21194E-DA8C-4610-BB4F-576EF60889E1}" = protocol=17 | dir=in | app=d:\applications\garenalolph\gamedata\apps\lolph\air\lolclient.exe |
    "{504EDF16-F78A-4C26-AA96-F483AEAB3F94}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{50E1DDE3-51A3-437C-B06D-DDBD8BB7C784}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{546771F6-8088-40AF-BCA2-4EB6AC771C76}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{577BE7D3-9F44-4CFF-B790-644C6AAE430B}" = protocol=6 | dir=in | app=c:\program files\autodesk\softimage 2013\application\bin\xsi.exe |
    "{586EBEC8-D72C-429C-8C87-DB2867DB940C}" = dir=in | app=c:\users\elijahmc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{60D64C2C-7D6F-4A7F-BCAC-29D11A6DF85F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{62545D3A-987F-4CE2-9C3F-A7E83955E25E}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
    "{643F978B-B254-4C2A-8AAA-B5517920DE78}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
    "{7453862A-C7C7-4D94-BEBF-E85B48915D69}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
    "{77A0FCA5-EFD1-4773-934C-612F3FC8BB12}" = protocol=17 | dir=in | app=d:\applications\garenalolph\gamedata\apps\lolph\air\lolclient.exe |
    "{7B8296F1-B50C-40F6-A036-F15EC182ACF6}" = protocol=17 | dir=in | app=c:\program files\autodesk\softimage 2013\application\bin\xsi.exe |
    "{7CFFCDCE-323F-4373-B60D-E1F2E4021FFD}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{839BCC3C-CAF4-411A-AF21-9102AA9846E6}" = protocol=17 | dir=in | app=d:\applications\wot\world of tanks\wotlauncher.exe |
    "{861BAB7B-5CFF-4530-8FFC-98594A16A042}" = protocol=6 | dir=in | app=d:\applications\garenalolph\gamedata\apps\lolph\air\lolclient.exe |
    "{88281858-C839-4A34-AA47-B585F6A9AEDF}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64.exe |
    "{8C2A3714-3386-4AD6-BB80-F428ABF75A75}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{928527E3-D731-4E33-A172-587072F09655}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{928702FB-1AD7-4684-91C9-405E4F5FD646}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
    "{946CE608-CD93-44CC-B9D7-03AAC4A40A3A}" = protocol=6 | dir=in | app=d:\applications\garenalolph\gamedata\apps\lolph\game\league of legends.exe |
    "{9D4F2A03-304E-4CC4-B117-EF49C509FE78}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2013\3dsmax.exe |
    "{9DBFC54C-3341-4421-A6AE-A63DDF980BCA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
    "{A2A9A361-3761-45EA-A94F-B29F817538B9}" = protocol=6 | dir=in | app=d:\applications\garenalolph\gamedata\apps\lolph\air\lolclient.exe |
    "{A71815CD-175C-470E-A8EE-F6F5C1F5C42A}" = protocol=17 | dir=in | app=c:\users\elijahmc\appdata\roaming\dropbox\bin\dropbox.exe |
    "{ABC2F1A8-4465-47C1-9D0A-FDE6780334F4}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
    "{AED9465D-F7C6-4C0E-BDB9-2412BFBD3497}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{B0ABAD00-46AD-43D1-9020-838F1077EADC}" = protocol=6 | dir=in | app=d:\applications\garenalolph\gamedata\garenamessenger.exe |
    "{B2AFD65F-D6C0-4912-97FD-2E852B557432}" = protocol=6 | dir=in | app=c:\users\elijahmc\appdata\roaming\dropbox\bin\dropbox.exe |
    "{B9324279-925B-4FFF-901D-B90BAFC9EC47}" = protocol=6 | dir=in | app=c:\program files\autodesk\softimage 2013\application\bin\xsi.exe |
    "{BC0A7F2B-E578-48C0-9B68-F5AC6A77D6D2}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
    "{C430B55F-6BE7-43E8-9AD1-E5B678041E8E}" = protocol=6 | dir=in | app=d:\applications\garenalolph\gamedata\apps\lolph\game\league of legends.exe |
    "{CB275CCE-4C54-40EB-AC18-175C6B23369B}" = protocol=17 | dir=in | app=c:\program files\autodesk\maya2013\bin\maya.exe |
    "{CDD75469-74EF-4EDA-AD16-35C4539638BB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{D1FDE521-5067-46DA-994A-439B1E04EFB4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
    "{DD4D7AE3-CB6E-4D51-B907-9225AB6B2D1A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
    "{DE3AFCFE-E5B4-482F-AFA8-0D3C64D9C554}" = protocol=17 | dir=in | app=d:\applications\garenalolph\gamedata\bbtalk\bbtalk.exe |
    "{DFFBBFEE-80C6-4886-9226-5A1FC1B55EA0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{E343FFAF-49C9-4D8A-BDCB-136C57074743}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{EB324E38-2403-40D1-857C-8E9CFC98EE1A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
    "{EB7EDF9E-FE17-4DDD-A31C-39189EBD27CD}" = protocol=6 | dir=in | app=c:\program files\autodesk\maya2013\bin\maya.exe |
    "{F3A9D018-43BD-4EDC-99FB-0911E9AA83DC}" = dir=in | app=d:\applications\garenalolph\gamedata\ggdllhost.exe |
    "{F79C0400-2172-4073-863C-B27EACF3A39A}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
    "{F8D866A6-A011-4D2C-B93D-E99E19653129}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64server.exe |
    "{FA36399B-02DC-4476-8658-3C4E561FD450}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64server.exe |
    "{FCBC585B-89A7-4395-BF62-4F31BD3FB893}" = protocol=17 | dir=in | app=c:\program files\autodesk\softimage 2013\application\bin\xsi.exe |
    "{FCC57363-F121-4769-9F71-87C6F237379B}" = protocol=17 | dir=in | app=d:\applications\garenalolph\gamedata\garenamessenger.exe |
    "TCP Query User{0223760C-5F2D-498A-AFCF-1F55B3958F0E}C:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{09EE47A2-0621-4557-905A-64933ED21A7F}C:\program files (x86)\google\google sketchup 8\sketchup.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google sketchup 8\sketchup.exe |
    "TCP Query User{0A78C81C-7353-41C4-8372-99DD2F77F424}C:\program files\graphisoft\archicad 16\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 16\archicad.exe |
    "TCP Query User{0E71D3EA-1074-4AE6-9A9C-104082D5F754}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
    "TCP Query User{15CFBE96-AA3F-4DF4-BAE9-077D9432C7DF}C:\program files (x86)\google\google sketchup 8\sketchup.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google sketchup 8\sketchup.exe |
    "TCP Query User{165D38A4-E886-4812-A916-2127E58577EF}D:\applications\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=d:\applications\left 4 dead 2\left4dead2.exe |
    "TCP Query User{272654EB-BC2E-420E-8D1A-C44DFFAFD674}C:\Program Files (x86)\SketchUp\sketchup 2013\LayOut\LayOut.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe |
    "TCP Query User{2C01075D-A717-4AD9-83B0-43E6F3A371AB}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
    "TCP Query User{357F4944-C0D0-4562-8557-BA98BB70E3D3}D:\applications\wot\world of tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\applications\wot\world of tanks\worldoftanks.exe |
    "TCP Query User{4328B485-BE4F-413F-878F-35D5D8687332}C:\users\elijahmc\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\elijahmc\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{63843229-2706-4A55-AD41-495099C920C5}D:\applications\garenalolph\gamedata\bbtalk\bbtalk.exe" = protocol=6 | dir=in | app=d:\applications\garenalolph\gamedata\bbtalk\bbtalk.exe |
    "TCP Query User{758D5A1A-03E0-48A1-8738-685AEEE0C039}D:\applications\wot\world of tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\applications\wot\world of tanks\worldoftanks.exe |
    "TCP Query User{79D8E99D-8CC8-4AAA-926A-8CFC0DE72C1B}C:\users\elijahmc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\elijahmc\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{85BB50B4-1B6F-4E63-A190-54855326CBCF}D:\applications\garenalolph\gamedata\updatemanager.exe" = protocol=6 | dir=in | app=d:\applications\garenalolph\gamedata\updatemanager.exe |
    "TCP Query User{8FD53AD6-247A-4849-96A3-B3B3D5961213}C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sketchup\sketchup 2013\sketchup.exe |
    "TCP Query User{98609624-9BAE-49E0-9853-FD7D93DFA02D}H:\google sketchup 8\sketchup.exe" = protocol=6 | dir=in | app=h:\google sketchup 8\sketchup.exe |
    "TCP Query User{9F57B4CF-9C10-4CD3-A7D3-BAB2B4846773}C:\program files\graphisoft\archicad 16\gsquicktimeserver\gsqtserver.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 16\gsquicktimeserver\gsqtserver.exe |
    "TCP Query User{A21E9CA6-ED46-42F9-B298-F9E317898B39}C:\Program Files (x86)\SketchUp\sketchup 2013\SketchUp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sketchup\sketchup 2013\sketchup.exe |
    "TCP Query User{A8B0B623-AC70-4D25-9998-DC09F1F60D9B}D:\applications\garenalolph\gamedata\garenamessenger.exe" = protocol=6 | dir=in | app=d:\applications\garenalolph\gamedata\garenamessenger.exe |
    "TCP Query User{AED623DB-1E0C-43AE-ABDA-9760EB9B62DA}C:\program files (x86)\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
    "TCP Query User{C07A2368-65A0-4469-B544-D8DB5797BC96}H:\google sketchup 8\sketchup.exe" = protocol=6 | dir=in | app=h:\google sketchup 8\sketchup.exe |
    "TCP Query User{C1A2A224-1B39-40AC-9A09-960AAFE2C18D}C:\program files\autodesk\maya2013\bin\maya.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\maya2013\bin\maya.exe |
    "TCP Query User{D056E747-F39A-4473-A380-F74C28F26430}C:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe |
    "TCP Query User{D449D85B-8772-4741-B7BB-482FCE3058EE}I:\downloads\software\microsoft office 2010 professional plus with sp1 vl edition+crack.waqarr\microsoft office 2010 professional plus with sp1 vl edition+crack\keygen.exe" = protocol=6 | dir=in | app=I:\downloads\software\microsoft office 2010 professional plus with sp1 vl edition+crack.waqarr\microsoft office 2010 professional plus with sp1 vl edition+crack\keygen.exe |
    "TCP Query User{E77D89D1-7E32-4F72-9C28-C0EBD5442CF0}D:\applications\wot\world of tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\applications\wot\world of tanks\wotlauncher.exe |
    "TCP Query User{EC1E6BF2-B90C-461B-AC39-077E19524E15}C:\users\elijahmc\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\elijahmc\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{F07B70C6-44AD-414A-BE50-8A6AB77FEAB7}C:\program files (x86)\Ubisoft\Assassin's Creed II\assassinscreediigame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
    "UDP Query User{13C6A185-8A0C-492F-8647-323406EA8355}C:\Program Files (x86)\SketchUp\sketchup 2013\SketchUp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sketchup\sketchup 2013\sketchup.exe |
    "UDP Query User{1588AB4D-7458-405A-A103-1B8BD46B364C}C:\program files\autodesk\maya2013\bin\maya.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\maya2013\bin\maya.exe |
    "UDP Query User{18209147-5A1A-4304-9577-4E89D43B651B}D:\applications\garenalolph\gamedata\updatemanager.exe" = protocol=17 | dir=in | app=d:\applications\garenalolph\gamedata\updatemanager.exe |
    "UDP Query User{1B6DC9ED-9613-4295-9378-468B5F4DB716}C:\program files (x86)\google\google sketchup 8\sketchup.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google sketchup 8\sketchup.exe |
    "UDP Query User{1CDE0096-E2EA-4FDE-9A89-D9B2F418B916}C:\program files\graphisoft\archicad 16\gsquicktimeserver\gsqtserver.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 16\gsquicktimeserver\gsqtserver.exe |
    "UDP Query User{1F001041-4BFB-4928-AE2D-0FD6A62D0F14}C:\program files (x86)\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
    "UDP Query User{1FDF43A6-C14C-4DE1-8B29-9FBA0F657977}C:\Program Files (x86)\SketchUp\sketchup 2013\LayOut\LayOut.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe |
    "UDP Query User{24B5F705-7954-4D30-8A84-7AEF6478546C}D:\applications\garenalolph\gamedata\bbtalk\bbtalk.exe" = protocol=17 | dir=in | app=d:\applications\garenalolph\gamedata\bbtalk\bbtalk.exe |
    "UDP Query User{34FD8CA6-29F7-44D2-975A-9A301E36A374}C:\users\elijahmc\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\elijahmc\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{5DC8FEBC-F034-4378-9F12-F66CDBC48DFC}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
    "UDP Query User{717C3321-C21F-4D47-B812-B4E435723635}D:\applications\garenalolph\gamedata\garenamessenger.exe" = protocol=17 | dir=in | app=d:\applications\garenalolph\gamedata\garenamessenger.exe |
    "UDP Query User{7C4BD67C-4955-4C36-8D6B-66BF6B7AB2D0}C:\users\elijahmc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\elijahmc\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{8D442CFC-B9EF-4544-AE93-1E3D5CA5E469}C:\program files (x86)\Ubisoft\Assassin's Creed II\assassinscreediigame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
    "UDP Query User{8F18FDC7-4642-433F-9E5C-6A218499401C}H:\google sketchup 8\sketchup.exe" = protocol=17 | dir=in | app=h:\google sketchup 8\sketchup.exe |
    "UDP Query User{9A292902-72BC-4661-9DA4-64CE422B4CC1}C:\program files (x86)\google\google sketchup 8\sketchup.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google sketchup 8\sketchup.exe |
    "UDP Query User{ACE32BA5-071C-4091-A8C4-F48B7352A305}D:\applications\wot\world of tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\applications\wot\world of tanks\worldoftanks.exe |
    "UDP Query User{AEE53D00-72EC-4AA4-8F41-F2D90FFD6CA9}C:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe |
    "UDP Query User{B336ED3C-3267-4AEC-9F85-098A3B00D0E1}D:\applications\wot\world of tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\applications\wot\world of tanks\wotlauncher.exe |
    "UDP Query User{BC8108DF-5CEE-4F82-927E-A91343C3E6D4}C:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{BD570859-764B-441A-BCF5-B53BAFB9A52C}D:\applications\wot\world of tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\applications\wot\world of tanks\worldoftanks.exe |
    "UDP Query User{BD5D1DF9-391D-43D9-8610-A7644CC80387}I:\downloads\software\microsoft office 2010 professional plus with sp1 vl edition+crack.waqarr\microsoft office 2010 professional plus with sp1 vl edition+crack\keygen.exe" = protocol=17 | dir=in | app=I:\downloads\software\microsoft office 2010 professional plus with sp1 vl edition+crack.waqarr\microsoft office 2010 professional plus with sp1 vl edition+crack\keygen.exe |
    "UDP Query User{C35EF2F4-83BC-45E4-AB97-BFD7325570C9}C:\users\elijahmc\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\elijahmc\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{C5ADB75C-9246-4854-AE18-ABD848FA8743}D:\applications\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=d:\applications\left 4 dead 2\left4dead2.exe |
    "UDP Query User{D526DCBB-A8B7-4F4D-B063-6F42AAF979CD}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
    "UDP Query User{D96874B8-AD10-4377-B956-E49E7716E4CA}H:\google sketchup 8\sketchup.exe" = protocol=17 | dir=in | app=h:\google sketchup 8\sketchup.exe |
    "UDP Query User{E259E744-949F-46E4-BF12-26FF62746A68}C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sketchup\sketchup 2013\sketchup.exe |
    "UDP Query User{E9214E7E-0D38-4BEC-BCBE-B8BA0C523B3C}C:\program files\graphisoft\archicad 16\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 16\archicad.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
  10. Elijah Catbagan

    Elijah Catbagan TS Member Topic Starter Posts: 33

    Extras 2 of 2


    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{06E18300-BB64-1664-8E6A-2593FC67BB74}" = Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC4
    "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
    "{0C821839-EA2A-48C2-BBD5-2B3D28159BC0}" = Autodesk Mudbox 2013 64-bit
    "{0F30B978-3536-0409-BC9C-0A2FB4C35EFC}" = Autodesk 3ds Max 2013 64-bit
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
    "{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
    "{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    "{31ABA3F2-0000-1033-0102-111D43815377}" = Autodesk ReCap
    "{31ABA3F2-0010-1033-0102-111D43815377}" = Autodesk ReCap Language Pack-English
    "{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
    "{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
    "{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
    "{3CB60177-D3D2-4E9C-BE4D-8372B34B4C7F}" = Autodesk SketchBook Designer 2013
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}" = Autodesk 360
    "{54EB8041-1115-4406-AA4B-44D236E84B3B}" = Intel® PROSet/Wireless WiFi Software
    "{5783F2D7-B001-0000-0102-0060B0CE6BBA}" = AutoCAD 2013 - English
    "{5783F2D7-B001-0409-1102-0060B0CE6BBA}" = AutoCAD 2013 Language Pack - English
    "{5783F2D7-B001-0409-2102-0060B0CE6BBA}" = AutoCAD 2013 - English
    "{5783F2D7-D004-0000-0102-0060B0CE6BBA}" = AutoCAD Architecture 2014 - English
    "{5783F2D7-D004-0409-1102-0060B0CE6BBA}" = AutoCAD Architecture 2014 Language Pack - English
    "{5783F2D7-D004-0409-2102-0060B0CE6BBA}" = AutoCAD Architecture 2014 - English
    "{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
    "{5B77A046-DAD6-4F19-A8B9-4E5B3EAD2C24}" = Autodesk MatchMover 2013 64-bit
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.5
    "{696BB53C-28E6-1664-974E-D42FFF5B8E04}" = Autodesk Inventor Server Engine for 3ds Max 2013 64-bit
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{7346B4A0-1300-0110-0409-705C0D862004}" = Revit Architecture 2013
    "{7346B4A0-1300-0111-0409-705C0D862004}" = Revit Architecture 2013 Language Pack - English
    "{7963F870-6575-11E2-A4D9-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
    "{7E708ADE-6575-11E2-8713-F04DA23A5C58}" = MSVCRT Redists
    "{7EDE5B68-1FB0-405D-88F0-A34236002DA8}" = Autodesk Essential Skills Movies for 3ds Max 2013 64-bit
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{9F5DDF76-5889-40E9-8459-E6FC6DC9C6BF}" = Autodesk MotionBuilder 2013 64-bit
    "{A7EE5537-8511-4911-8E89-E0CFE40561A9}" = Suite Exclusives Premium 2013 64-bit
    "{A7EE5537-8511-4911-8E89-E0CFE40561B0}" = Turtle for Maya Premium 2013 64-bit
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AF827870-C827-4B04-A365-1C9EC5B4FD6A}" = Autodesk Softimage 2013 64-bit
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 332.21
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 332.21
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.2
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 11.10.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 11.10.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 11.10.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20
    "{B7C76170-A86D-4AD2-B2A8-46BB42E4B667}" = DraftSight x64
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FC7084CE-5090-4770-8B5B-CA3125526F0D}" = Autodesk Maya 2013 64-bit
    "{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013
    "{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
    "001FFF2FFF16FF00FF0701F01F02F000-R1" = ArchiCAD 16 INT
    "AutoCAD 2013 - English" = AutoCAD 2013 - English
    "AutoCAD Architecture 2014 - English" = Autodesk AutoCAD Architecture 2014 - English
    "Autodesk 3ds Max 2013 64-bit" = Autodesk 3ds Max 2013 64-bit
    "Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
    "Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit
    "Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit
    "Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
    "Autodesk Inventor Fusion plug-in for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
    "Autodesk Maya 2013 64-bit" = Autodesk Maya 2013 64-bit
    "Autodesk MotionBuilder 2013 64-bit" = Autodesk MotionBuilder 2013 64-bit
    "Autodesk Mudbox 2013 64-bit" = Autodesk Mudbox 2013 64-bit
    "Autodesk ReCap" = Autodesk ReCap
    "Autodesk Revit Architecture 2013" = Autodesk Revit Architecture 2013
    "Autodesk SketchBook Designer 2013" = Autodesk SketchBook Designer 2013
    "Autodesk Softimage 2013 64-bit" = Autodesk Softimage 2013 64-bit
    "BatteryBar" = BatteryBar (remove only)
    "CCleaner" = CCleaner
    "CrystalDiskMark_is1" = CrystalDiskMark 3.0.2f Shizuku Edition
    "Elantech" = ETDWare PS/2-X64 8.0.5.7_WHQL
    "EPSON ME 320 Series" = EPSON ME 320 Series Printer Uninstall
    "EPSON ME 340 Series" = EPSON ME 340 Series Printer Uninstall
    "EPSON T13 T22E Series" = EPSON T13 T22E Series Printer Uninstall
    "Lumion 3.0.1_is1" = Lumion 3.0.1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "ProInst" = Intel PROSet Wireless

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{0642A70A-F852-4939-8228-27ED4E3B0892}" = IObit Apps Toolbar v8.6
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
    "{118F84A7-53AA-4BDB-AC4E-723B7B0D8A4B}" = S-Bar
    "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
    "{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
    "{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{173F2B02-2AAA-414F-A2D8-44870BB98F7A}" = Shaun White Skateboarding
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
    "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.0
    "{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}" = System Requirements Lab for Intel
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
    "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
    "{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
    "{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
    "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
    "{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
    "{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}" = Adobe Photoshop CC
    "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}" = Camera Recorder
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
    "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
    "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
    "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
    "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
    "{4L7IG77L-T4D4-75B1-98C3-11CD6E4334A3}_is1" = Deus ex Human Revolution version 1.0
    "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
    "{51BF3210-B825-4092-8E0D-66D689916E02}" = Autodesk Material Library Base Resolution Image Library 2014
    "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
    "{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1" = Adobe Update Management Tool
    "{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
    "{5CDFBF03-D1B2-466B-AA19-B10FDA43E2BB}" = YTD Toolbar v8.6
    "{5FB827D0-DABC-11DF-6784-014F400218BE}" = progeCAD 2011 Professional
    "{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
    "{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{644E9589-F73A-49A4-AC61-A953B9DE5669}" = SketchUp Import for AutoCAD 2014
    "{644F9B19-A462-499C-BF4D-300ABC2A28B1}" = Autodesk Material Library 2014
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{69B77D45-F5AD-4AB9-933D-352703324469}_is1" = RAR Password Unlocker
    "{6DA2B636-698A-3294-BF4A-B5E11B238CDD}" = Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729
    "{6E8BFE9E-F05C-4F4F-ABA4-FB82F9AF2F98}" = SketchUp Pro 8
    "{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
    "{722CEEBA-22BB-4448-9903-4B89F53B74DB}" = ONIMUSHA3 PC
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72B622C9-AA10-47D7-A10C-377CF9BC8502}" = SketchUp 2013
    "{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
    "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{82BF2C5E-79A7-4A13-B508-D5E64A5B141E}" = Uninstall Helper
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{8A470330-70B2-49AD-86AF-79885EF9898A}" = FARO LS 1.1.501.0 (64bit)
    "{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}" = Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729
    "{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
    "{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.5.0
    "{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.4.0
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91221AAC-F2A0-4028-8016-C7DAF63CB6CC}" = FARO LS 1.1.408.2
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
    "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
    "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
    "{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
    "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
    "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
    "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
    "{B25F30C5-5FC5-41F5-BDE6-00C5DFD11404}" = Onigiri_US
    "{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BD85CEE1-BFBA-4FDB-A0FB-F8FE4938CCB0}" = Proxy Switcher
    "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
    "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C070121A-C8C5-4D52-9A7D-D240631BD433}" = Autodesk App Manager
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}" = Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{D004B255-9786-44EC-B8BF-233168CADA22}" = RAMDisk
    "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
    "{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}" = Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729
    "{F732FEDA-7713-4428-934B-EF83B8DD65D0}" = Autodesk Featured Apps
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "075FFFFFFF14FF00FF0701F00F02F000-R1" = Profiler 14 INT
    "075FFFFFFF16FF00FF0701F00F02F000-R1" = Profiler 16 INT
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
    "Any Video Converter 5_is1" = Any Video Converter 5 5.0.3
    "Autodesk Content Service" = Autodesk Content Service
    "Autodesk Design Review 2013" = Autodesk Design Review 2013
    "avast" = avast! Free Antivirus
    "Belarc Advisor" = Belarc Advisor 8.3
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
    "Cheat Engine 6.2_is1" = Cheat Engine 6.2
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.WidgetBrowser" = Adobe Widget Browser
    "Company of Heroes" = Company of Heroes
    "Debut" = Debut Video Capture Software
    "Dishonored_is1" = Dishonored
    "EPSON Scanner" = EPSON Scan
    "ERUNT_is1" = ERUNT 1.1j
    "ESET Online Scanner" = ESET Online Scanner v3
    "FARO LS_is1" = FARO LS 4.8.2.25521
    "Globe Tattoo Broadband" = Globe Tattoo Broadband
    "Google Chrome" = Google Chrome
    "GraphCalc v4.0.1_is1" = GraphCalc v4.0.1
    "HD Tune_is1" = HD Tune 2.55
    "IObit Surfing Protection_is1" = Surfing Protection
    "IObitUninstall" = IObit Uninstaller
    "MapleStory" = MapleStory
    "Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "PosteRazor_is1" = PosteRazor
    "PowerISO" = PowerISO
    "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
    "progeCAD Architecture_is1" = progeCAD Architecture
    "Rainmeter" = Rainmeter
    "RegSupreme_is1" = RegSupreme
    "RocketDock_is1" = RocketDock 1.3.5
    "SevenZip" = SevenZip
    "Smart Bro" = Smart Bro
    "Smart Defrag 2_is1" = Smart Defrag 2
    "SpeedFan" = SpeedFan (remove only)
    "Stardock WindowBlinds" = Stardock WindowBlinds
    "Uninstall Helper 2.0.1.0" = Uninstall Helper
    "Usbfix" = UsbFix
    "uTorrent" = µTorrent
    "VideoPad" = VideoPad Video Editor
    "VLC media player" = VLC media player 2.0.5
    "V-Ray for SketchUp 1.49.02" = V-Ray for SketchUp
    "WebCam Recorder_is1" = WebCam Recorder
    "WinRAR archiver" = WinRAR 4.20 (32-bit)
    "Xvid_is1" = Xvid 1.2.2 final uninstall
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Dropbox" = Dropbox
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/15/2014 1:28:34 AM | Computer Name = ElijahMC-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mbam.exe, version: 1.75.0.1, time stamp:
    0x511f8eb2 Faulting module name: OLEAUT32.dll, version: 6.1.7601.17514, time stamp:
    0x4ce7b972 Exception code: 0xc0000005 Fault offset: 0x0001604c Faulting process id:
    0xf14 Faulting application start time: 0x01cf2a0ec4216d16 Faulting application path:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
    C:\Windows\syswow64\OLEAUT32.dll Report Id: 02dd7fc9-9602-11e3-9ba4-01226e000000

    Error - 2/15/2014 1:28:50 AM | Computer Name = ElijahMC-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mbam.exe, version: 1.75.0.1, time stamp:
    0x511f8eb2 Faulting module name: OLEAUT32.dll, version: 6.1.7601.17514, time stamp:
    0x4ce7b972 Exception code: 0xc0000005 Fault offset: 0x0001604c Faulting process id:
    0x934 Faulting application start time: 0x01cf2a0ecba9f133 Faulting application path:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
    C:\Windows\syswow64\OLEAUT32.dll Report Id: 0c6361fb-9602-11e3-9ba4-01226e000000

    Error - 2/15/2014 1:35:56 AM | Computer Name = ElijahMC-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mbam.exe, version: 1.75.0.1, time stamp:
    0x511f8eb2 Faulting module name: OLEAUT32.dll, version: 6.1.7601.17514, time stamp:
    0x4ce7b972 Exception code: 0xc0000005 Fault offset: 0x0001604c Faulting process id:
    0x1e30 Faulting application start time: 0x01cf2a0fba805af8 Faulting application path:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
    C:\Windows\syswow64\OLEAUT32.dll Report Id: 0a35c50b-9603-11e3-9ba4-01226e000000

    Error - 2/15/2014 6:35:17 AM | Computer Name = ElijahMC-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/15/2014 6:37:44 AM | Computer Name = ElijahMC-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mbam.exe, version: 1.75.0.1, time stamp:
    0x511f8eb2 Faulting module name: OLEAUT32.dll, version: 6.1.7601.17514, time stamp:
    0x4ce7b972 Exception code: 0xc0000005 Fault offset: 0x0001604c Faulting process id:
    0x1e8c Faulting application start time: 0x01cf2a39f2b2d67a Faulting application path:
    H:\Malwarebytes' Anti-Malware\mbam.exe Faulting module path: C:\Windows\syswow64\OLEAUT32.dll
    Report
    Id: 33c760e8-962d-11e3-aaa8-01226e000000

    Error - 2/15/2014 6:39:37 AM | Computer Name = ElijahMC-PC | Source = MBAMService | ID = 131073
    Description =

    Error - 2/15/2014 6:40:08 AM | Computer Name = ElijahMC-PC | Source = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe | ID = 131073
    Description =

    Error - 2/15/2014 6:42:47 AM | Computer Name = ElijahMC-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2/15/2014 6:43:12 AM | Computer Name = ElijahMC-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mbam.exe, version: 1.75.0.1, time stamp:
    0x511f8eb2 Faulting module name: OLEAUT32.dll, version: 6.1.7601.17514, time stamp:
    0x4ce7b972 Exception code: 0xc0000005 Fault offset: 0x0001604c Faulting process id:
    0x5bc Faulting application start time: 0x01cf2a3aad02ef33 Faulting application path:
    H:\Malwarebytes' Anti-Malware\mbam.exe Faulting module path: C:\Windows\syswow64\OLEAUT32.dll
    Report
    Id: f6fa553d-962d-11e3-9751-8c89a501f2b5

    Error - 2/15/2014 6:50:15 AM | Computer Name = ElijahMC-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "D:\Troubleshooting\esetsmartinstaller_enu.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    [ Media Center Events ]
    Error - 2/14/2014 12:46:35 AM | Computer Name = ElijahMC-PC | Source = MCUpdate | ID = 0
    Description = 12:46:23 PM - Error connecting to the internet. 12:46:23 PM - Unable
    to contact server..

    [ System Events ]
    Error - 2/15/2014 6:57:09 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/15/2014 6:57:57 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/15/2014 6:57:57 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/15/2014 6:57:57 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/15/2014 7:02:23 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/15/2014 7:02:23 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/15/2014 7:02:23 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/15/2014 7:02:57 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/15/2014 7:02:57 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/15/2014 7:02:57 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068
     
  11. Elijah Catbagan

    Elijah Catbagan TS Member Topic Starter Posts: 33

    I'm sorry I must have copied the wrong half so I edited Extras 1 of 2.
     
  12. Broni

    Broni Malware Annihilator Posts: 55,035   +448

    [​IMG]
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
    O15 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\..Trusted Domains: eset.com ([www] https in Trusted sites)
    [2014/02/16 12:24:28 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/02/16 12:24:01 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/02/15 13:31:20 | 000,353,352 | ---- | C] (Malwarebytes Corporation) -- C:\Users\ElijahMC\Desktop\mbam-check-2.0.0.1000.exe
    [2014/02/14 11:21:38 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\48230029.sys
    
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    c:\programdata\Malwarebytes' Anti-Malware (portable)
    c:\users\ElijahMC\AppData\Roaming\Malwarebytes
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. Broni

    Broni Malware Annihilator Posts: 55,035   +448

  14. Elijah Catbagan

    Elijah Catbagan TS Member Topic Starter Posts: 33

    OTL


    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\eset.com\www\ deleted successfully.
    C:\Windows\SysNative\drivers\MBAMSwissArmy.sys moved successfully.
    C:\Windows\SysNative\drivers\mbamchameleon.sys moved successfully.
    C:\Users\ElijahMC\Desktop\mbam-check-2.0.0.1000.exe moved successfully.
    C:\Windows\SysNative\drivers\48230029.sys moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives\Users\00000002 folder moved successfully.
    C:\FRST\Hives\Users\00000001 folder moved successfully.
    C:\FRST\Hives\Users folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    c:\programdata\Malwarebytes' Anti-Malware (portable) folder moved successfully.
    c:\users\ElijahMC\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder moved successfully.
    c:\users\ElijahMC\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
    c:\users\ElijahMC\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
    c:\users\ElijahMC\AppData\Roaming\Malwarebytes folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: ElijahMC
    ->Temp folder emptied: 4649026 bytes
    ->Temporary Internet Files folder emptied: 10271455 bytes
    ->Java cache emptied: 398375 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 184078772 bytes
    ->Flash cache emptied: 669 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 8405015 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 2805774 bytes

    Total Files Cleaned = 201.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: ElijahMC
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: ElijahMC
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02162014_222008

    Files\Folders moved on Reboot...
    C:\Users\ElijahMC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  15. Elijah Catbagan

    Elijah Catbagan TS Member Topic Starter Posts: 33

    Security Check


    Results of screen317's Security Check version 0.99.79
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    RegSupreme
    Java(TM) 6 Update 32
    Java 7 Update 51
    Adobe Flash Player 11.9.900.170
    Adobe Reader 10.1.1 Adobe Reader out of Date!
    Mozilla Firefox (26.0)
    Google Chrome 32.0.1700.102
    Google Chrome 32.0.1700.107
    ````````Process Check: objlist.exe by Laurent````````
    Globe Tattoo Broadband OnlineUpdate ouc.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  16. Elijah Catbagan

    Elijah Catbagan TS Member Topic Starter Posts: 33

    FSS

    Farbar Service Scanner Version: 02-02-2014
    Ran by ElijahMC (administrator) on 16-02-2014 at 22:35:18
    Running from "C:\Users\ElijahMC\Desktop"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2010-11-21 11:24] - [2010-11-21 11:24] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2010-11-21 11:24] - [2010-11-21 11:24] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D

    C:\Windows\System32\dnsrslvr.dll
    [2010-11-21 11:24] - [2010-11-21 11:24] - 0183296 ____A (Microsoft Corporation) CD55F5355D8F55D44C9F4ED875705BD6

    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  17. Elijah Catbagan

    Elijah Catbagan TS Member Topic Starter Posts: 33

    ESET Online scanner won't work. It prompts "Cannot get updates. Is proxy confgured?" -> I am pretty sure I do not have any proxy configured...
     
  18. Broni

    Broni Malware Annihilator Posts: 55,035   +448

    Try different browser.
     
  19. Elijah Catbagan

    Elijah Catbagan TS Member Topic Starter Posts: 33

    Slept during ESET scan, there were no questions about logs. Took ownership of the said folder, tried installing, but still the same error
     
  20. Broni

    Broni Malware Annihilator Posts: 55,035   +448

    Can you post EXACT error you're getting?
     
  21. Elijah Catbagan

    Elijah Catbagan TS Member Topic Starter Posts: 33

  22. Broni

    Broni Malware Annihilator Posts: 55,035   +448

    Right click on ProgramData folder click "Properties" and UN-check "Read only".
    Click OK.
    Try to install MBAM again.
     
  23. Elijah Catbagan

    Elijah Catbagan TS Member Topic Starter Posts: 33

    It's still the same... The error pops halfway through the installation. Also, when I applied the properties some folders were skipped.
     
  24. Broni

    Broni Malware Annihilator Posts: 55,035   +448

    OK. At this point your computer is clean.
    Follow steps listed below and then go to MBAM forum and post your issue there: https://forums.malwarebytes.org/
    I'm out of ideas here.

    Your computer is clean

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    13. Please, let me know, how your computer is doing.
     
  25. Elijah Catbagan

    Elijah Catbagan TS Member Topic Starter Posts: 33

    Thank you very much for your assistance. I truly appreciate your help as I have been dealing with this for about 3 days straight now. I will update on the performance when possible. Cheers!
     

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...