Solved MBAM cannot install. Access is denied

system-log

Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

Java version: 1.6.0_32

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 17071808512, free: 13315313664

Downloaded database version: v2014.02.15.01
Downloaded database version: v2014.02.15.02
Downloaded database version: v2014.02.15.03
Downloaded database version: v2014.02.15.04
Downloaded database version: v2014.02.15.05
Downloaded database version: v2014.02.15.06
Downloaded database version: v2014.02.15.07
Downloaded database version: v2014.02.15.08
Downloaded database version: v2014.02.15.09
Downloaded database version: v2014.02.16.01
=======================================
Initializing...
------------ Kernel report ------------
02/16/2014 12:24:30
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStorA.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\Netwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\bthmodem.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\btmaud.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\aksdf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\hardlock.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Users\ElijahMC\AppData\Local\Temp\ALSysIO64.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msvcrt.dll
\Windows\System32\iertutil.dll
\Windows\System32\lpk.dll
\Windows\System32\user32.dll
\Windows\System32\msctf.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ole32.dll
\Windows\System32\usp10.dll
\Windows\System32\sechost.dll
\Windows\System32\difxapi.dll
\Windows\System32\wininet.dll
\Windows\System32\psapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\normaliz.dll
\Windows\System32\kernel32.dll
\Windows\System32\shell32.dll
\Windows\System32\nsi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\setupapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\urlmon.dll
\Windows\System32\gdi32.dll
\Windows\System32\imm32.dll
\Windows\System32\advapi32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800db7b790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000082\
Lower Device Object: 0xfffffa800d960480
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800db7b790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800db7b2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800db7b790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800da92c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800d960480, DeviceName: \Device\00000082\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: ADB1D01C

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 511795200

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 512002048 Numsec = 953141248

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
log

ComboFix 14-02-14.01 - ElijahMC 02/16/2014 13:19:01.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16281.13005 [GMT 8:00]
Running from: c:\users\ElijahMC\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-01-16 to 2014-02-16 )))))))))))))))))))))))))))))))
.
.
2014-02-16 05:26 . 2014-02-16 05:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-16 04:24 . 2014-02-16 04:24 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-16 04:24 . 2014-02-16 04:24 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-16 03:40 . 2014-02-16 04:11 -------- d-----w- C:\FRST
2014-02-16 03:06 . 2014-02-16 03:21 -------- d-----w- c:\program files\Unlocker
2014-02-16 01:55 . 2014-02-16 01:55 -------- d-----w- C:\TDSSKiller_Quarantine
2014-02-15 10:47 . 2014-02-15 10:47 -------- d-----w- c:\program files (x86)\ERUNT
2014-02-15 10:42 . 2014-02-15 10:42 -------- d-----w- c:\users\ElijahMC\AppData\Roaming\Malwarebytes
2014-02-14 13:20 . 2014-02-15 10:43 -------- d-----w- c:\users\ElijahMC\AppData\Local\CrashDumps
2014-02-14 03:21 . 2014-02-14 03:21 119000 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-02-13 19:47 . 2014-02-13 19:47 -------- d-----w- C:\UsbFix
2014-02-13 10:55 . 2014-02-16 05:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-13 10:49 . 2014-02-15 11:15 -------- d-----w- C:\AdwCleaner
2014-02-13 10:38 . 2014-02-13 10:38 -------- d-----w- c:\windows\ERUNT
2014-02-13 06:45 . 2014-02-13 06:45 -------- d-----w- C:\SUPERDelete
2014-02-13 06:31 . 2014-02-13 06:31 -------- d-----w- c:\users\ElijahMC\AppData\Roaming\SUPERAntiSpyware.com
2014-02-13 06:30 . 2014-02-13 06:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-02-13 06:30 . 2014-02-13 06:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-02-13 05:36 . 2014-02-13 05:36 -------- d-----w- c:\users\ElijahMC\AppData\Local\28050
2014-02-13 05:12 . 2014-02-15 21:18 -------- d-----w- c:\users\ElijahMC\AppData\Local\Adobe
2014-02-10 15:00 . 2014-02-10 15:00 -------- d-----w- c:\programdata\ALM
2014-02-10 02:13 . 2014-02-10 02:13 -------- d-----w- c:\users\ElijahMC\AppData\Roaming\Process Hacker 2
2014-02-10 02:12 . 2014-02-10 18:42 -------- d-----w- c:\program files\Process Hacker 2
2014-02-10 02:11 . 2014-02-13 18:58 -------- d-----w- c:\program files\CCleaner
2014-02-08 13:13 . 2014-02-08 13:13 -------- d-----w- c:\programdata\Nexon
2014-02-06 14:44 . 2014-02-06 14:44 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-02-05 14:05 . 2014-02-11 14:05 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-02-05 14:04 . 2014-02-11 14:04 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-02-05 14:03 . 2014-02-11 14:02 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-01-29 01:43 . 2014-01-29 05:23 -------- d-----w- c:\users\ElijahMC\AppData\Roaming\BatteryBar
2014-01-29 01:43 . 2014-01-29 01:43 -------- d-----w- c:\program files\BatteryBar
2014-01-23 17:19 . 2013-12-27 18:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-01-23 17:19 . 2013-12-27 18:42 33056 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-01-19 04:25 . 2014-01-19 04:25 -------- d-----w- c:\program files (x86)\HD Tune
2014-01-17 19:05 . 2014-01-18 21:04 -------- d-----w- C:\Nexon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-06 14:56 . 2014-01-09 16:09 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-02-06 14:55 . 2014-01-09 16:08 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-02-06 14:44 . 2014-01-09 15:58 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-02-05 14:58 . 2013-02-07 13:56 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 14:58 . 2013-02-07 13:56 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-21 02:53 . 2013-12-27 09:55 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-01-21 02:53 . 2013-12-27 09:55 1179576 ----a-w- c:\windows\system32\nvspcap64.dll
2014-01-17 01:54 . 2014-01-17 01:54 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-09 15:58 . 2014-01-09 15:58 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-12-27 18:42 . 2013-12-27 09:49 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-12-19 20:33 . 2014-01-09 00:49 18310112 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-12-19 20:33 . 2014-01-09 00:49 15877216 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-12-19 20:33 . 2014-01-09 00:49 9657464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-12-19 20:33 . 2014-01-09 00:49 32544 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2013-12-19 20:33 . 2014-01-09 00:49 317472 ----a-w- c:\windows\system32\nvoglshim64.dll
2013-12-19 20:33 . 2014-01-09 00:49 30372640 ----a-w- c:\windows\system32\nvoglv64.dll
2013-12-19 20:33 . 2014-01-09 00:49 266984 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2013-12-19 20:33 . 2014-01-09 00:49 22960416 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-12-19 20:33 . 2014-01-09 00:49 12645664 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-12-19 20:33 . 2014-01-09 00:49 11554264 ----a-w- c:\windows\system32\nvopencl.dll
2013-12-19 20:33 . 2014-01-09 00:49 9700224 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-12-19 20:33 . 2014-01-09 00:49 882464 ----a-w- c:\windows\system32\NvIFR64.dll
2013-12-19 20:33 . 2014-01-09 00:49 879392 ----a-w- c:\windows\system32\NvFBC64.dll
2013-12-19 20:33 . 2014-01-09 00:49 852768 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-12-19 20:33 . 2014-01-09 00:49 847648 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-12-19 20:33 . 2014-01-09 00:49 479520 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2013-12-19 20:33 . 2014-01-09 00:49 405280 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2013-12-19 20:33 . 2014-01-09 00:49 357152 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2013-12-19 20:33 . 2014-01-09 00:49 314656 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2013-12-19 20:33 . 2014-01-09 00:49 3132704 ----a-w- c:\windows\system32\nvcuvid.dll
2013-12-19 20:33 . 2014-01-09 00:49 3125024 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-12-19 20:33 . 2014-01-09 00:49 2947872 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-12-19 20:33 . 2014-01-09 00:49 2747680 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-12-19 20:33 . 2014-01-09 00:49 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll
2013-12-19 20:33 . 2014-01-09 00:49 18222008 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-12-19 20:33 . 2014-01-09 00:49 15230352 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-12-19 20:33 . 2014-01-09 00:49 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll
2013-12-19 20:33 . 2014-01-09 00:49 11605752 ----a-w- c:\windows\system32\nvcuda.dll
2013-12-19 20:33 . 2014-01-09 00:49 25257248 ----a-w- c:\windows\system32\nvcompiler.dll
2013-12-19 20:33 . 2014-01-09 00:49 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-12-19 20:33 . 2013-12-27 09:49 1242400 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-12-19 20:33 . 2013-12-27 09:49 2698272 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-12-19 20:33 . 2013-02-02 10:26 168616 ----a-w- c:\windows\system32\nvinitx.dll
2013-12-19 20:33 . 2013-02-02 10:26 1436528 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-12-19 20:33 . 2013-02-02 10:26 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-12-19 20:33 . 2013-02-02 10:25 3071656 ----a-w- c:\windows\system32\nvapi64.dll
2013-12-19 18:53 . 2013-02-02 10:26 6671648 ----a-w- c:\windows\system32\nvcpl.dll
2013-12-19 18:53 . 2013-02-02 10:26 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2013-12-19 18:53 . 2013-02-02 10:26 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-12-19 18:53 . 2013-02-02 10:26 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-12-19 18:53 . 2013-02-02 10:26 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-12-19 18:53 . 2013-02-02 10:26 386336 ----a-w- c:\windows\system32\nvmctray.dll
2013-12-19 18:53 . 2013-02-02 10:26 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-12-19 18:53 . 2013-02-02 10:26 1065248 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-12-19 05:01 . 2013-02-02 10:26 3539040 ----a-w- c:\windows\system32\nvcoproc.bin
2013-12-01 09:38 . 2013-12-01 09:38 98304 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2013-12-01 09:38 . 2013-12-01 09:38 87040 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2013-12-01 09:38 . 2013-12-01 09:38 72192 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2013-12-01 09:38 . 2013-12-01 09:38 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2013-12-01 09:38 . 2013-12-01 09:38 223744 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2013-12-01 09:38 . 2013-12-01 09:38 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2013-12-01 09:38 . 2013-12-01 09:38 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-12-01 09:38 . 2013-12-01 09:38 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2013-12-01 09:38 . 2013-12-01 09:38 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2013-12-01 09:38 . 2013-12-01 09:38 421888 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2013-12-01 09:38 . 2013-12-01 09:38 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2013-12-01 09:38 . 2013-12-01 09:38 223232 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2013-12-01 09:38 . 2013-12-01 09:38 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-12-01 09:38 . 2013-12-01 09:38 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-03-05 03:27 . 2013-03-05 03:07 4126720 ----a-w- c:\program files (x86)\GUTA2B5.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2013-04-01 1500440]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\ElijahMC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\ElijahMC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\ElijahMC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"GarenaPlus"="d:\applications\GarenaLoLPH\GameData\GarenaMessenger.exe" [2014-02-06 9890608]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 6595928]
"Akamai NetSession Interface"="c:\users\ElijahMC\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-04 1081224]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2013-04-11 89600]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-06 6563608]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-01-21 6087448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-12-09 336992]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-04 1081224]
.
c:\users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ElijahMC\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-2-10 36024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
R0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;c:\program files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe;c:\program files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 cpuz136;cpuz136;c:\users\ElijahMC\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\ElijahMC\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\DRIVERS\MSILiveVirtualCamera.sys;c:\windows\SYSNATIVE\DRIVERS\MSILiveVirtualCamera.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys;c:\windows\SYSNATIVE\Drivers\RAMDiskVE.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys;c:\windows\SYSNATIVE\DRIVERS\aksdf.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DraftSight API Service;DraftSight API Service;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe;c:\program files (x86)\S-Bar\MSIService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 ALSysIO;ALSysIO;c:\users\ElijahMC\AppData\Local\Temp\ALSysIO64.sys;c:\users\ElijahMC\AppData\Local\Temp\ALSysIO64.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 00:55 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-07 14:58]
.
2014-02-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000Core.job
- c:\users\ElijahMC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-03 14:56]
.
2014-02-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000UA.job
- c:\users\ElijahMC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-03 14:56]
.
2014-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-02 10:53]
.
2014-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-02 10:53]
.
2014-02-16 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 05:41]
.
2014-02-12 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 05:41]
.
2014-02-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ecc2c5ef-5784-4d02-bb63-91292ea9aa2b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-02-15 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f9043a35-9b89-4ada-ad8b-5cdab3964008.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-15 391152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-15 771056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-15 770032]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-20 472992]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: eset.com\www
TCP: DhcpNameServer = 210.4.2.61 202.78.97.41
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-sglfb.sys
SafeBoot-tga.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}]
@DACL=(02 0000)
@="Dropbox Autoplay COM Server"
.
[HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{083C82AE-568E-45dd-A92C-01422CA45760}]
@DACL=(02 0000)
@="Revit API Border Sentinel Class"
"AppID"="{6015BDD6-F9CD-45BB-B85F-3891957CA67B}"
.
[HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{5E4405B0-5374-11CE-8E71-0020AF04B1D7}]
@DACL=(02 0000)
"AutoTreatAs"="{6A221957-2D85-42A7-8E19-BE33950D1DEB}"
"TreatAs"="{6A221957-2D85-42A7-8E19-BE33950D1DEB}"
.
[HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}]
@DACL=(02 0000)
@="AutoCAD Drawing"
.
[HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}]
@DACL=(02 0000)
@="AutoCAD Application"
.
[HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}]
@DACL=(02 0000)
@="AutoCAD Icon Shell Extension"
.
[HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-16 13:28:33
ComboFix-quarantined-files.txt 2014-02-16 05:28
.
Pre-Run: 42,105,057,280 bytes free
Post-Run: 44,259,164,160 bytes free
.
- - End Of File - - D65E83D0C615BA2BC1DF5658DD0B80F7
 
Looks good.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
adwcleaner

# AdwCleaner v3.018 - Report created 16/02/2014 at 14:07:19
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : ElijahMC - ELIJAHMC-PC
# Running from : C:\Users\ElijahMC\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v26.0 (en-US)

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [262 octets] - [13/02/2014 18:49:47]
AdwCleaner[R1].txt - [7053 octets] - [14/02/2014 04:28:29]
AdwCleaner[R2].txt - [977 octets] - [15/02/2014 19:14:46]
AdwCleaner[R3].txt - [1104 octets] - [16/02/2014 14:06:44]
AdwCleaner[S0].txt - [6994 octets] - [14/02/2014 04:29:33]
AdwCleaner[S1].txt - [1037 octets] - [15/02/2014 19:15:35]
AdwCleaner[S2].txt - [1026 octets] - [16/02/2014 14:07:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1086 octets] ##########
 
JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Ultimate x64
Ran by ElijahMC on Sun 02/16/2014 at 14:19:35.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/16/2014 at 14:22:42.57
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL 1 of 2

OTL logfile created on: 2/16/2014 2:24:12 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ElijahMC\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.90 Gb Total Physical Memory | 12.64 Gb Available Physical Memory | 79.50% Memory free
31.80 Gb Paging File | 28.34 Gb Available in Paging File | 89.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244.04 Gb Total Space | 41.20 Gb Free Space | 16.88% Space Free | Partition Type: NTFS
Drive D: | 454.49 Gb Total Space | 62.80 Gb Free Space | 13.82% Space Free | Partition Type: NTFS

Computer Name: ELIJAHMC-PC | User Name: ElijahMC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/16 14:05:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ElijahMC\Desktop\OTL.exe
PRC - [2014/02/13 00:57:16 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2014/02/06 19:36:13 | 009,890,608 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\GarenaMessenger.exe
PRC - [2014/01/21 10:56:25 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/01/21 10:55:50 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/01/03 08:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\ElijahMC\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/01 17:38:24 | 000,655,712 | ---- | M] () -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
PRC - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\ggdllhost.exe
PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\ElijahMC\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/03/07 07:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/07 07:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/12/09 17:51:30 | 000,336,992 | ---- | M] (Power Software Ltd) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2012/09/01 18:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/09/01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/04/27 14:27:10 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\S-Bar\MSIService.exe
PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/03/27 08:02:04 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/03/27 08:02:02 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012/03/27 08:01:56 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/03/27 08:01:56 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2012/03/15 12:48:22 | 000,362,840 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/03/15 12:48:20 | 000,276,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/03/15 12:48:14 | 000,127,320 | R--- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/03/15 12:48:06 | 000,162,648 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/27 03:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2011/09/15 06:19:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
PRC - [2011/03/14 23:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/11 19:36:34 | 000,027,952 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\VersionModule.dll
MOD - [2014/02/06 19:37:04 | 000,957,232 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\XLL.dll
MOD - [2014/02/06 19:36:13 | 009,890,608 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\GarenaMessenger.exe
MOD - [2014/01/20 16:50:34 | 000,891,184 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\Plugins\ggplugin.dll
MOD - [2014/01/03 08:45:04 | 003,558,400 | ---- | M] () -- C:\Users\ElijahMC\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/19 07:55:02 | 025,100,288 | ---- | M] () -- C:\Users\ElijahMC\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/09/20 19:12:15 | 000,956,208 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\delay_load\GaFileTransfer.dll
MOD - [2013/08/23 17:10:18 | 000,553,776 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\ggspawn.dll
MOD - [2013/07/15 22:29:36 | 001,545,520 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\delay_load\FileSender.dll
MOD - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\ggdllhost.exe
MOD - [2013/04/10 17:23:12 | 000,170,800 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\fs\YYFileSystem.dll
MOD - [2013/04/10 17:22:55 | 000,155,440 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\libmpg123.dll
MOD - [2013/04/09 18:22:36 | 000,027,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgrSvcInt#\ac975f5d18f8ed858c03d4b75a8cf2c2\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2013/04/09 18:22:36 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\3edb98ea7aee0ec596d4df165bacecd0\IAStorCommon.ni.dll
MOD - [2013/04/09 18:22:35 | 000,361,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\fd0a907c3a5c780609c363e0d7ffa401\IAStorUtil.ni.dll
MOD - [2013/03/13 18:05:59 | 000,374,064 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\Http.dll
MOD - [2013/03/07 10:10:42 | 000,106,288 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\UILayout.dll
MOD - [2013/03/07 10:10:39 | 000,224,560 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\Plugins\StatsPlugin.dll
MOD - [2013/03/07 10:10:22 | 000,487,216 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\CxImage.dll
MOD - [2013/02/07 17:11:25 | 000,025,392 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\PluginModule.dll
MOD - [2013/02/07 17:11:24 | 000,087,344 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\PluginKernel.dll
MOD - [2013/02/07 17:11:22 | 000,192,816 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\ImageModule.dll
MOD - [2013/02/07 17:11:17 | 000,051,504 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\FileLoader.dll
MOD - [2013/02/07 17:11:15 | 000,033,584 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\DibModule.dll
MOD - [2013/02/03 12:02:41 | 001,222,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\63f1339786fa9b84e97073f9859f8c51\System.WorkflowServices.ni.dll
MOD - [2013/02/03 12:01:52 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\56f330e897ee2b713d49400e592ab592\System.ServiceModel.Routing.ni.dll
MOD - [2013/02/03 12:01:51 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\449cb8fbbaf8ae2456b7ef4a1f06bd45\System.ServiceModel.Discovery.ni.dll
MOD - [2013/02/03 12:01:49 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e3dc87f1531b61606b24be7c88c28464\System.ServiceModel.Channels.ni.dll
MOD - [2013/02/03 12:01:26 | 001,392,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b58c47b19c9590780cadddf930f6bd2a\System.ServiceModel.Activities.ni.dll
MOD - [2013/02/03 12:01:21 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\8a46112332f7dce3042642c03d2734ba\System.IdentityModel.ni.dll
MOD - [2013/02/03 12:01:19 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a283fadbb6dcc293c05dee07024f3b64\System.ServiceModel.ni.dll
MOD - [2013/02/03 12:00:53 | 001,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\51b881a42d54d3042b901c7ba7708f95\System.ServiceModel.Web.ni.dll
MOD - [2013/02/03 09:53:16 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f2b32d7477ee2c1220bf4173743425ea\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/02/03 09:53:15 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\4fde6b1690bd0bc5b57536efbde46ddb\System.Runtime.Serialization.ni.dll
MOD - [2013/02/03 09:53:15 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\b8e891c1c9ccf87e5f74aef0d2f171ff\SMDiagnostics.ni.dll
MOD - [2013/02/03 09:16:22 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5a4de0d567696567ddd0ad7ddf4a9e0d\System.Xaml.ni.dll
MOD - [2013/02/02 23:46:10 | 013,102,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\adeb9af3c309921ae1b7fb8a621ee243\System.Windows.Forms.ni.dll
MOD - [2013/02/02 23:46:08 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\e09bc975f73e4bc24ab3eb7f6373288e\System.Core.ni.dll
MOD - [2013/02/02 23:46:05 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\717c6a68a2ad575e93bccc52a11f7c52\System.Xml.ni.dll
MOD - [2013/02/02 23:46:03 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5c5b46515e207b2025a474340de7ae15\System.Drawing.ni.dll
MOD - [2013/02/02 23:46:03 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\276f7b53f15e66e518278753c57b78b2\System.Configuration.ni.dll
MOD - [2013/02/02 23:46:00 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\68131da3061b5a1c048abf73c5bae11d\System.ni.dll
MOD - [2013/02/02 23:45:51 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ac9bfacce80c52220e4b4b3a814aaa3d\mscorlib.ni.dll
MOD - [2013/02/01 13:42:29 | 000,153,088 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\libzmq.dll
MOD - [2013/01/30 16:26:41 | 002,941,232 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\ggdownloader.dll
MOD - [2013/01/30 16:26:38 | 000,104,752 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\CommonLib.dll
MOD - [2013/01/14 19:57:46 | 000,219,952 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\TaskManagerLib.dll
MOD - [2012/09/13 14:19:20 | 000,048,640 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\XmlUIModule.dll
MOD - [2012/07/27 14:59:44 | 000,010,240 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\delay_load\ClientTcp.dll
MOD - [2012/07/27 14:59:30 | 000,061,952 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\delay_load\UdtLib.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2012/04/24 09:19:16 | 000,238,592 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\delay_load\MediaEngine.dll
MOD - [2012/04/13 11:12:18 | 000,059,392 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\delay_load\AudioMixerLib.dll
MOD - [2012/04/13 11:12:18 | 000,019,968 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\ServerMemAlloc.dll
MOD - [2012/03/08 16:56:40 | 000,510,464 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\delay_load\RSALib.dll
MOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lame_enc.dll
MOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\sqlite3.dll
MOD - [2012/02/22 16:52:16 | 000,178,176 | ---- | M] () -- D:\Applications\GarenaLoLPH\GameData\lib\MP3Module.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/01/21 10:55:35 | 016,939,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/10/11 06:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/10/08 12:35:10 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2013/06/28 09:28:26 | 000,123,392 | ---- | M] (Dassault Systèmes) [Auto | Running] -- C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service)
SRV:64bit: - [2013/03/07 07:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/03/29 07:57:36 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/03/29 07:57:24 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/03/29 07:57:14 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/03/29 07:57:10 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/02/21 07:01:02 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2012/02/02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2012/01/17 16:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/01/09 12:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/09/15 06:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe -- (mi-raysat_3dsmax2013_64)
SRV:64bit: - [2009/09/14 05:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/05 22:58:57 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/21 10:55:50 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/01/03 22:24:39 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/12/01 17:38:24 | 000,655,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe -- (Globe Tattoo Broadband. RunOuc)
SRV - [2013/11/15 13:49:58 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/05/16 22:13:25 | 000,089,600 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\WindowBlinds\WBSrv.exe -- (WindowBlinds)
SRV - [2013/02/03 01:16:28 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/06 05:13:00 | 005,150,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012/09/01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/04/27 14:27:10 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\S-Bar\MSIService.exe -- (Micro Star SCM)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/03/27 08:02:04 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/03/27 08:02:02 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012/03/27 08:01:56 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/03/15 12:48:22 | 000,362,840 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/03/15 12:48:20 | 000,276,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/03/15 12:48:14 | 000,127,320 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/03/15 12:48:06 | 000,162,648 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011/12/07 15:38:10 | 002,429,544 | R--- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/14 23:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/28 02:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/12/20 04:33:31 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/12/01 17:38:25 | 000,223,744 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:64bit: - [2013/12/01 17:38:25 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2013/12/01 17:38:25 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2013/12/01 17:38:25 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2013/12/01 17:38:25 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2013/12/01 17:38:24 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2013/10/28 14:13:24 | 000,449,496 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/10/28 14:06:26 | 004,195,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/05/22 18:49:32 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2013/04/09 15:36:06 | 000,849,408 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2013/04/09 15:36:06 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2013/04/09 15:35:27 | 000,080,896 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2013/04/09 15:34:52 | 000,111,104 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2013/04/09 15:34:45 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2013/04/09 15:34:33 | 011,523,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013/04/09 15:34:22 | 000,792,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013/04/09 15:34:18 | 000,358,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013/04/09 15:34:05 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2013/04/09 15:33:42 | 000,838,216 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/03/07 07:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/07 07:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/03/07 07:33:21 | 000,178,624 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/07 07:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/07 07:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/07 07:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/07 07:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/03/07 07:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/12/19 14:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/12/09 17:51:20 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/09/01 18:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/09/01 18:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/02/29 18:31:16 | 000,143,144 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/02/01 16:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/01/09 12:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/01/03 11:21:44 | 000,340,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/11/10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/23 00:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/13 05:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/21 11:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 11:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 11:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 11:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 11:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 11:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/09/21 01:43:52 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2009/09/21 01:43:52 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus)
DRV:64bit: - [2009/09/21 01:43:52 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 08:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/01/29 07:40:58 | 000,456,192 | ---- | M] (MSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MSILiveVirtualCamera.sys -- (MSILiveVirtualCamera)
DRV:64bit: - [2006/12/13 18:14:14 | 000,065,024 | ---- | M] (Aladdin Knowledge Systems Ltd.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2006/12/04 10:44:14 | 000,314,368 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 80 3D 23 B6 01 CE 01 [binary data]
IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@graphisoft.com/GDL Web Plug-in: C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll (Graphisoft SE)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: D:\Applications\GarenaLoLPH\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ElijahMC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\ElijahMC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\ElijahMC\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/19 10:02:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/10/17 05:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/01/03 22:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/01/03 22:24:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/02/03 20:04:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ElijahMC\AppData\Roaming\Mozilla\Extensions
[2013/04/24 13:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ElijahMC\AppData\Roaming\Mozilla\Firefox\Profilesluwmcrsj.default\extensions
[2013/04/24 13:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ElijahMC\AppData\Roaming\Mozilla\Firefox\Profilesluwmcrsj.default\extensions\staged
[2014/01/03 22:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2014/01/03 22:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/03 22:24:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========
 
OTL 2 of 2


CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Advanced SystemCare 6 (Enabled) = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc\1.0.0_0\Plugin/ASCPlugin_Protect.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: ArchiCAD (Enabled) = C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\ElijahMC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\ElijahMC\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\ElijahMC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Garena Talk Plugin (Enabled) = D:\Applications\GarenaLoLPH\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
CHR - Extension: Tank Hero: Laser Wars (Web) = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkkneogpiampdcpgceflcjjmghppmmn\1.0.8_0\
CHR - Extension: RuneScape = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajjblpfpopipimofkhbglcoeknpnfijj\1.1_0\
CHR - Extension: Beautiful landscape = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig\1_0\
CHR - Extension: Google Docs = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: American Racing 2 3D = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfpfdjclhabpjncikdngdoldjjjegnbe\2.1.2_0\
CHR - Extension: Dragon Age Legends: Remix 01 = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkiinhllammkfejicmjmhnanlbifccfj\3_0\
CHR - Extension: YouTube = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: BeGone: Last Stand HD = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmekbplkjhgmljmbblmhmcnocafhaink\1.8.2.17_0\
CHR - Extension: Smartsheet Project Management = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cindmhdfkimaeggbebfjkmkdfiohldbm\2.5.0_0\
CHR - Extension: Kingdom Rush = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.1.0.1_0\
CHR - Extension: Google Search = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Facebook Customizer (by Adblock Plus) = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm\0.1_0\
CHR - Extension: No name found = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopfmbpfhhfnklgmjpoehcjaajhpbhbl\1.0.0.16_0\
CHR - Extension: Picditor Photo Editor = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggdplhaiiohpkafnlhlfikiomnboacoi\3.5_0\
CHR - Extension: Planner 5D = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc\1.2.0.5_0\
CHR - Extension: Ads Removal = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\
CHR - Extension: Arcane Legends = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido\1.0.2.2_0\
CHR - Extension: avast! WebRep = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: theHunter = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jangaedeekciafhlanphhnalogmhefmo\10_0\
CHR - Extension: Online PDF Tools = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfpnmfhodaljeelokfceepbeapgbdn\2.0.0.1_0\
CHR - Extension: Traffic Slam 3 = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfjmailnmofkkffoemgmdbemmohldhe\1.1_0\
CHR - Extension: Autodesk Homestyler = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.6_0\
CHR - Extension: Verdun Game = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\khdppkcpilejlgahecofelpoidcnjbdg\1.1_0\
CHR - Extension: No name found = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclbocehhgmkm\1.0.9_0\
CHR - Extension: Save as PDF = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc\1.7_0\
CHR - Extension: Drakensang Online = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgloifppaepihckkhiocnodicehjdoof\4.0.8_0\
CHR - Extension: Fishing Joy = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlonhgnjdlnjgalpdigmbpfpielpadmc\1.0.8.0_0\
CHR - Extension: Google Wallet = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Battlefield Play4Free = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
CHR - Extension: Bastion = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid\0.0.0.4_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0\
CHR - Extension: Gmail = C:\Users\ElijahMC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/02/15 19:20:34 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\.DEFAULT..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKU\S-1-5-18..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000..\Run: [Akamai NetSession Interface] C:\Users\ElijahMC\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000..\Run: [GarenaPlus] D:\Applications\GarenaLoLPH\GameData\GarenaMessenger.exe ()
O4 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
O4 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - Startup: C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ElijahMC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\..Trusted Domains: eset.com ([www] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 210.4.2.61 202.78.97.41
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B4E458E-F37C-4A10-918F-7C41369D8C99}: DhcpNameServer = 210.4.2.61 202.78.97.41
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/08 15:39:21 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2013/11/30 20:17:30 | 000,669,668 | ---- | M] () - D:\AutoSave_AutoSave_Untitled.skb -- [ NTFS ]
O32 - AutoRun File - [2013/12/02 12:22:25 | 000,670,239 | ---- | M] () - D:\AutoSave_AutoSave_Untitled.skp -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/16 13:28:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/02/16 13:17:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/02/16 13:17:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/02/16 13:17:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/02/16 13:17:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/16 13:10:46 | 005,183,211 | R--- | C] (Swearware) -- C:\Users\ElijahMC\Desktop\ComboFix.exe
[2014/02/16 12:24:28 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/16 12:24:01 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/16 11:40:31 | 000,000,000 | ---D | C] -- C:\FRST
[2014/02/16 11:39:10 | 002,152,960 | ---- | C] (Farbar) -- C:\Users\ElijahMC\Desktop\FRST64.exe
[2014/02/16 11:32:55 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\ElijahMC\Desktop\rkill.exe
[2014/02/16 11:06:55 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2014/02/16 11:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2014/02/16 11:02:47 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\Desktop\Take_Ownership
[2014/02/16 09:59:53 | 001,037,530 | ---- | C] (Thisisu) -- C:\Users\ElijahMC\Desktop\JRT.exe
[2014/02/16 09:55:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/02/15 19:32:24 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ElijahMC\Desktop\tdsskiller.exe
[2014/02/15 19:18:51 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\Desktop\RK_Quarantine
[2014/02/15 18:55:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ElijahMC\Desktop\OTL.exe
[2014/02/15 18:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/02/15 18:47:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/02/15 18:42:52 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\AppData\Roaming\Malwarebytes
[2014/02/15 13:31:20 | 000,353,352 | ---- | C] (Malwarebytes Corporation) -- C:\Users\ElijahMC\Desktop\mbam-check-2.0.0.1000.exe
[2014/02/14 21:20:13 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\AppData\Local\CrashDumps
[2014/02/14 11:21:38 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\48230029.sys
[2014/02/14 03:47:10 | 000,000,000 | ---D | C] -- C:\UsbFix
[2014/02/13 18:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/02/13 18:53:44 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\Desktop\mbar
[2014/02/13 18:49:44 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/13 18:38:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/13 14:45:32 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/02/13 14:34:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/02/13 14:31:16 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\AppData\Roaming\SUPERAntiSpyware.com
[2014/02/13 14:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/02/13 14:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/02/13 14:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/02/13 13:36:23 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\AppData\Local\28050
[2014/02/13 13:12:16 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\AppData\Local\Adobe
[2014/02/10 23:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2014/02/10 10:13:05 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\AppData\Roaming\Process Hacker 2
[2014/02/10 10:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2014/02/10 10:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2014/02/10 10:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/02/10 10:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/08 21:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2014/02/06 17:44:14 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\Documents\AutoCAD Sheet Sets
[2014/01/29 09:43:02 | 000,000,000 | ---D | C] -- C:\Users\ElijahMC\AppData\Roaming\BatteryBar
[2014/01/29 09:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\BatteryBar
[2014/01/24 03:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\V-Ray for SketchUp
[2014/01/19 21:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2014/01/19 12:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
[2014/01/19 12:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune
[2014/01/19 05:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2014/01/18 03:05:11 | 000,000,000 | ---D | C] -- C:\Nexon
[2014/01/18 03:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/16 14:26:09 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/16 14:26:09 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/16 14:23:09 | 000,779,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/16 14:23:09 | 000,660,856 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/16 14:23:09 | 000,121,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/16 14:18:25 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/02/16 14:18:21 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/16 14:17:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/16 14:17:27 | 4213,919,742 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/16 14:05:52 | 001,166,132 | ---- | M] () -- C:\Users\ElijahMC\Desktop\adwcleaner.exe
[2014/02/16 14:05:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ElijahMC\Desktop\OTL.exe
[2014/02/16 14:05:40 | 001,037,530 | ---- | M] (Thisisu) -- C:\Users\ElijahMC\Desktop\JRT.exe
[2014/02/16 14:02:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/16 14:01:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000UA.job
[2014/02/16 13:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/16 13:15:47 | 005,183,211 | R--- | M] (Swearware) -- C:\Users\ElijahMC\Desktop\ComboFix.exe
[2014/02/16 12:24:28 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/16 12:24:01 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/16 12:16:28 | 003,813,376 | ---- | M] () -- C:\Users\ElijahMC\Desktop\RogueKiller.exe
[2014/02/16 11:40:20 | 002,152,960 | ---- | M] (Farbar) -- C:\Users\ElijahMC\Desktop\FRST64.exe
[2014/02/16 11:33:04 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\ElijahMC\Desktop\rkill.exe
[2014/02/16 11:04:07 | 000,000,051 | ---- | M] () -- C:\Users\ElijahMC\AppData\Roaming\mbam.context.scan
[2014/02/16 10:13:45 | 000,080,384 | ---- | M] () -- C:\Users\ElijahMC\Desktop\MBRCheck.exe
[2014/02/16 06:31:01 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f9043a35-9b89-4ada-ad8b-5cdab3964008.job
[2014/02/15 19:20:34 | 000,000,741 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/02/15 18:47:26 | 000,001,108 | ---- | M] () -- C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/02/15 18:47:22 | 000,000,928 | ---- | M] () -- C:\Users\ElijahMC\Desktop\NTREGOPT.lnk
[2014/02/15 18:47:22 | 000,000,909 | ---- | M] () -- C:\Users\ElijahMC\Desktop\ERUNT.lnk
[2014/02/15 13:39:58 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ElijahMC\Desktop\tdsskiller.exe
[2014/02/15 13:31:21 | 000,353,352 | ---- | M] (Malwarebytes Corporation) -- C:\Users\ElijahMC\Desktop\mbam-check-2.0.0.1000.exe
[2014/02/15 02:00:00 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ecc2c5ef-5784-4d02-bb63-91292ea9aa2b.job
[2014/02/14 23:01:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1474345794-4172456791-2447515797-1000Core.job
[2014/02/14 12:27:18 | 000,001,448 | ---- | M] () -- C:\Users\ElijahMC\Desktop\UsbFix.lnk
[2014/02/14 11:21:38 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\48230029.sys
[2014/02/14 05:46:28 | 000,001,033 | ---- | M] () -- C:\Users\ElijahMC\Desktop\Take_Ownership.zip
[2014/02/14 03:01:47 | 000,125,896 | ---- | M] () -- C:\Users\ElijahMC\Documents\cc_20140214_030132.reg
[2014/02/14 02:58:18 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/02/13 18:29:32 | 000,000,874 | ---- | M] () -- C:\Users\ElijahMC\Desktop\Lumion 3.0.1.lnk
[2014/02/13 14:30:34 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014/02/13 12:36:01 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
[2014/02/12 18:08:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/02/11 16:50:43 | 001,535,069 | ---- | M] () -- C:\Users\ElijahMC\Documents\Print.skp
[2014/02/11 08:30:14 | 005,204,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/10 22:50:00 | 000,001,522 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2014/02/10 16:34:33 | 000,777,877 | ---- | M] () -- C:\Users\ElijahMC\Documents\Grid.skp
[2014/02/10 10:52:31 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/02/10 10:52:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2014/02/08 10:02:19 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014/02/06 17:56:43 | 001,753,419 | ---- | M] () -- C:\Users\ElijahMC\Documents\ARCH33_CATBAGAN_121813.pdf
[2014/01/20 23:43:20 | 007,593,516 | ---- | M] () -- C:\Users\ElijahMC\Documents\Quezon Hall.skp
[2014/01/20 23:42:45 | 007,608,665 | ---- | M] () -- C:\Users\ElijahMC\Documents\Quezon Hall.skb
[2014/01/19 05:08:49 | 000,000,192 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/16 14:04:54 | 001,166,132 | ---- | C] () -- C:\Users\ElijahMC\Desktop\adwcleaner.exe
[2014/02/16 13:17:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/02/16 13:17:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/02/16 13:17:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/02/16 13:17:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/02/16 13:17:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/02/16 12:15:28 | 003,813,376 | ---- | C] () -- C:\Users\ElijahMC\Desktop\RogueKiller.exe
[2014/02/16 10:14:06 | 000,080,384 | ---- | C] () -- C:\Users\ElijahMC\Desktop\MBRCheck.exe
[2014/02/15 18:47:26 | 000,001,108 | ---- | C] () -- C:\Users\ElijahMC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/02/15 18:47:22 | 000,000,928 | ---- | C] () -- C:\Users\ElijahMC\Desktop\NTREGOPT.lnk
[2014/02/15 18:47:22 | 000,000,909 | ---- | C] () -- C:\Users\ElijahMC\Desktop\ERUNT.lnk
[2014/02/14 05:46:50 | 000,001,777 | ---- | C] () -- C:\Users\ElijahMC\Desktop\Add_Take_Ownership.reg
[2014/02/14 05:46:50 | 000,001,108 | ---- | C] () -- C:\Users\ElijahMC\Desktop\Remove_Take_Ownership.reg
[2014/02/14 05:46:27 | 000,001,033 | ---- | C] () -- C:\Users\ElijahMC\Desktop\Take_Ownership.zip
[2014/02/14 03:47:13 | 000,001,448 | ---- | C] () -- C:\Users\ElijahMC\Desktop\UsbFix.lnk
[2014/02/14 03:01:36 | 000,125,896 | ---- | C] () -- C:\Users\ElijahMC\Documents\cc_20140214_030132.reg
[2014/02/14 02:58:18 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/02/13 14:31:29 | 000,000,516 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f9043a35-9b89-4ada-ad8b-5cdab3964008.job
[2014/02/13 14:31:27 | 000,000,516 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ecc2c5ef-5784-4d02-bb63-91292ea9aa2b.job
[2014/02/13 14:30:34 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014/02/13 12:32:14 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
[2014/02/11 16:50:43 | 001,535,069 | ---- | C] () -- C:\Users\ElijahMC\Documents\Print.skp
[2014/02/10 22:46:49 | 000,087,040 | ---- | C] () -- C:\Users\ElijahMC\Desktop\xf-mccs6-keygen.exe
[2014/02/10 21:36:13 | 000,001,534 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2014/02/10 21:36:13 | 000,001,522 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2014/02/10 16:34:32 | 000,777,877 | ---- | C] () -- C:\Users\ElijahMC\Documents\Grid.skp
[2014/02/10 10:52:31 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/02/10 10:46:42 | 000,000,051 | ---- | C] () -- C:\Users\ElijahMC\AppData\Roaming\mbam.context.scan
[2014/02/08 10:02:19 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014/02/06 17:56:05 | 001,753,419 | ---- | C] () -- C:\Users\ElijahMC\Documents\ARCH33_CATBAGAN_121813.pdf
[2014/01/20 22:54:22 | 007,608,665 | ---- | C] () -- C:\Users\ElijahMC\Documents\Quezon Hall.skb
[2014/01/20 22:41:25 | 007,593,516 | ---- | C] () -- C:\Users\ElijahMC\Documents\Quezon Hall.skp
[2014/01/19 23:11:40 | 000,002,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Update Management Tool.lnk
[2014/01/19 23:09:11 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk
[2014/01/19 23:07:41 | 000,001,204 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk
[2014/01/19 05:08:48 | 000,000,192 | ---- | C] () -- C:\Users\Public\Desktop\MapleStory.url
[2014/01/14 15:12:40 | 000,007,604 | ---- | C] () -- C:\Users\ElijahMC\AppData\Local\Resmon.ResmonCfg
[2014/01/09 08:49:53 | 000,314,656 | ---- | C] () -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2013/12/02 12:22:25 | 000,669,668 | ---- | C] () -- C:\Users\ElijahMC\AutoSave_AutoSave_Untitled.skb
[2013/11/30 20:17:29 | 000,670,239 | ---- | C] () -- C:\Users\ElijahMC\AutoSave_AutoSave_Untitled.skp
[2013/11/13 00:11:04 | 000,075,880 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll
[2013/11/06 19:55:37 | 000,234,220 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/10/28 14:02:00 | 000,317,440 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2013/10/28 14:01:40 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/10/28 14:01:34 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/10/23 17:50:02 | 000,230,400 | ---- | C] () -- C:\ProgramData\tempraw
[2013/08/22 15:08:22 | 000,002,952 | ---- | C] () -- C:\Users\ElijahMC\AppData\Local\cgqicccg.ini
[2013/05/18 22:29:48 | 000,000,884 | RHS- | C] () -- C:\Users\ElijahMC\ntuser.pol
[2013/04/02 01:37:43 | 000,236,678 | ---- | C] () -- C:\Users\ElijahMC\AppData\Local\Metadata.xml
[2013/03/15 21:03:26 | 000,037,984 | ---- | C] () -- C:\Users\ElijahMC\TitleBlock.dwg
[2013/03/06 08:31:02 | 000,000,023 | -HS- | C] () -- C:\Windows\SysWow64\ecdaf_g.dll
[2013/02/24 22:55:42 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/02/24 22:55:41 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/02/24 18:58:21 | 000,001,456 | ---- | C] () -- C:\Users\ElijahMC\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/02/24 16:39:41 | 000,000,132 | ---- | C] () -- C:\Users\ElijahMC\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/02/24 16:34:24 | 000,000,132 | ---- | C] () -- C:\Users\ElijahMC\AppData\Roaming\Adobe BMP Format CS6 Prefs
[2013/02/24 01:36:02 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2013/02/05 02:07:25 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013/02/04 14:00:58 | 000,000,100 | ---- | C] () -- C:\ProgramData\CameraRecorder.ini
[2013/02/04 01:56:58 | 000,109,696 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2013/02/03 22:27:00 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2013/02/02 23:41:31 | 000,795,368 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/02 18:25:04 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013/02/02 18:25:04 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/02/27 23:07:46 | 000,057,344 | R--- | C] () -- C:\Windows\SysWow64\XSIChooser.exe

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/21 11:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 11:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/06 21:03:57 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\AnvSoft
[2013/11/15 22:41:02 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Autodesk
[2013/10/12 13:28:35 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Backup Tickets
[2014/01/29 13:23:47 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\BatteryBar
[2013/08/03 13:54:18 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\BoL
[2013/08/22 15:08:14 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\BuildEdge
[2013/07/01 00:54:37 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\CasaPortale.de
[2013/08/03 23:14:35 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\cobra
[2013/10/12 13:28:35 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Configuration
[2013/07/10 23:11:20 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\DraftSight
[2014/02/16 14:20:08 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Dropbox
[2013/02/20 00:34:35 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\EPSON
[2013/08/28 11:04:32 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\EQATEC Analytics
[2013/05/03 22:07:15 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Garena
[2014/02/16 14:23:42 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\GarenaPlus
[2013/04/08 19:24:53 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\GDL Technology
[2013/02/04 14:39:17 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Graphisoft
[2013/02/03 10:32:47 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\HoolappForAndroid
[2013/11/06 23:12:21 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Hothead Games
[2014/01/09 10:07:50 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Install.GS
[2014/02/13 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\IObit
[2013/03/27 12:10:09 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\LockAP
[2013/04/30 14:19:27 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\LolClient
[2013/08/03 11:54:28 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\LoLPlus
[2014/01/02 10:46:31 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Origin
[2013/10/13 13:38:41 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\PACE Anti-Piracy
[2014/01/04 01:12:07 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\PDAppFlex
[2013/02/02 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\PowerISO
[2014/02/13 00:19:50 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\PrimoPDF
[2014/02/10 10:13:05 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Process Hacker 2
[2013/02/02 23:35:10 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\ProgeCAD
[2013/11/14 14:15:49 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\ProxySwitcher
[2013/03/08 04:29:26 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Publish Providers
[2013/12/15 21:23:07 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Quest3D
[2014/02/15 19:26:11 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\QuickScan
[2014/02/11 02:43:04 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Rainmeter
[2013/10/26 14:32:26 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Red Alert 3
[2013/08/12 17:34:17 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\SketchUp
[2013/10/26 04:10:30 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Softros Messenger
[2013/12/27 10:16:34 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Sony
[2013/02/16 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/12/27 20:26:12 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Stardock
[2014/01/17 09:23:20 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\SystemRequirementsLab
[2013/08/22 15:08:17 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Temp
[2013/11/17 01:30:37 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Ubisoft
[2013/02/03 01:26:11 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Unity
[2014/02/16 10:27:49 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\uTorrent
[2013/11/20 15:08:54 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\Wargaming.net
[2013/02/24 22:56:24 | 000,000,000 | ---D | M] -- C:\Users\ElijahMC\AppData\Roaming\WebCam Recorder

========== Purity Check ==========



< End of report >
 
Extras 1 of 2

OTL Extras logfile created on: 2/15/2014 6:55:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ElijahMC\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.90 Gb Total Physical Memory | 14.20 Gb Available Physical Memory | 89.33% Memory free
31.80 Gb Paging File | 30.09 Gb Available in Paging File | 94.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244.04 Gb Total Space | 42.21 Gb Free Space | 17.30% Space Free | Partition Type: NTFS
Drive D: | 454.49 Gb Total Space | 70.85 Gb Free Space | 15.59% Space Free | Partition Type: NTFS
Drive H: | 15.10 Gb Total Space | 12.77 Gb Free Space | 84.58% Space Free | Partition Type: FAT32

Computer Name: ELIJAHMC-PC | User Name: ElijahMC | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0318961F-8C90-4A8B-ADE7-40D1E6664388}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{0632BE34-DB29-4C0E-AEFC-4175064410CD}" = lport=6990 | protocol=17 | dir=in | name=league of legends launcher |
"{0AA3AABB-C443-4A51-B59E-CA2CB2283105}" = lport=6958 | protocol=17 | dir=in | name=league of legends launcher |
"{0D2A4D33-8B3D-4205-B4D4-4F3E8F83EB1C}" = lport=6881 | protocol=6 | dir=in | name=league of legends launcher |
"{100D39E7-745F-4AF7-9BDB-878FAD7B97DC}" = lport=6965 | protocol=6 | dir=in | name=league of legends launcher |
"{14DDE1CF-8813-43CF-A87A-253FDE952230}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{1E657C50-99FE-4DFA-A38E-ED69C6E51FE1}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{216BB45C-96F5-48B7-BF6A-9F3635775EE6}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher |
"{265694A5-DE57-4ACC-B768-C3D7A4E18330}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher |
"{279D8447-63D2-4753-BF70-22C20BA7C2AA}" = lport=6980 | protocol=17 | dir=in | name=league of legends launcher |
"{2C3679EF-F74E-4916-BA92-4CDD479432C4}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service |
"{2F43796C-FD64-4CD2-AD1D-4781E0FEB654}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{2FAE6F8A-6936-4B20-9D6A-9941A848CB9A}" = lport=139 | protocol=6 | dir=in | app=system |
"{352EBCF7-7EF2-4C68-B47F-6755DA252436}" = lport=6924 | protocol=6 | dir=in | name=league of legends launcher |
"{37FFC6A0-C77C-414A-8779-BDAFF1A13E1C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{38781D9C-F012-4C23-BE01-3784C0DA1504}" = lport=6993 | protocol=17 | dir=in | name=league of legends launcher |
"{3FE7061A-6269-46DD-BC23-93EA90B58B6C}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher |
"{4BBDFEB6-38DD-44E5-986D-A84D3A00FCA0}" = lport=6993 | protocol=6 | dir=in | name=league of legends launcher |
"{4C8CAC78-5C5B-4980-BFA7-ECE1E9724753}" = lport=6988 | protocol=6 | dir=in | name=league of legends launcher |
"{516CB103-D7E2-4CEC-ABB8-E2B2FB42B416}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{5423AFEF-E87D-4463-8510-FA543F633E64}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |
"{56BFB8F8-244C-4927-B696-E34ADD26900A}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{5905B6EC-393A-472A-B798-7A790299C1E5}" = lport=6946 | protocol=6 | dir=in | name=league of legends launcher |
"{5C0300D5-4269-4F6D-A28C-BA7695925D57}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{5DF65562-7094-4BE4-8759-74EB9F17751A}" = lport=6965 | protocol=17 | dir=in | name=league of legends launcher |
"{5F0F003D-20AE-42D4-A840-EDE702882FDD}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{61A34F3D-C2B8-4ECD-838B-2A28CD2806EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6A00C93A-B1BF-4D0D-A2C0-EED791918764}" = lport=6881 | protocol=17 | dir=in | name=league of legends launcher |
"{6A27D5A3-BCFB-4389-A14C-B270839FBB58}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{7173A5B5-3A56-4E9E-93E6-6AC47ECF8F8B}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{7360D91A-AE3A-4D00-9BAD-1C4C1F209F52}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{776D1A72-BC35-4177-9534-8BD3BA3EEA22}" = lport=6920 | protocol=17 | dir=in | name=league of legends launcher |
"{822F217A-E729-4720-82D9-430F8DABB71E}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher |
"{82A82E33-042C-48A0-8DF2-8B09BEA116FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89088F98-15CD-4B09-8E4D-D9C0EA8E39E6}" = lport=6920 | protocol=6 | dir=in | name=league of legends launcher |
"{902B805B-B776-4401-A9C8-C8E560B04DCD}" = lport=137 | protocol=17 | dir=in | app=system |
"{903751F6-A7BD-48B0-A6D6-293DFF216285}" = lport=6992 | protocol=6 | dir=in | name=league of legends launcher |
"{95BF1FD6-E77F-48D1-9CDA-4C9678037C74}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{96019F7B-77ED-418D-BC89-41B93FDDA1FB}" = lport=138 | protocol=17 | dir=in | app=system |
"{96D9EA74-FC3C-43A4-9CBC-33A2A4ADC2F2}" = lport=6988 | protocol=17 | dir=in | name=league of legends launcher |
"{9724D2E0-A713-4C80-BEAA-EA23A5EAA3F5}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{99533461-9460-4DDB-97B5-7090D6ACE6A2}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{9BC4B8E3-8618-484D-A9BA-45FF4B0A3CAF}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{9FEF1D22-E7AE-4C57-8714-8903D53BD0CA}" = rport=138 | protocol=17 | dir=out | app=system |
"{A3884583-8406-4602-A1D4-515E258D24CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A728D0AD-F7F9-4D49-BC15-49BE4E25DE57}" = lport=6990 | protocol=6 | dir=in | name=league of legends launcher |
"{A8E02888-4A77-4E95-B516-CFA2EF314113}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{AEE71DC1-F07B-4419-8B58-213F577514C8}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher |
"{B0196997-FCCE-445B-8BE5-0700D46AC68A}" = lport=445 | protocol=6 | dir=in | app=system |
"{B129698C-A55E-431C-BEBE-A3C452F64CAE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B23EE7EC-F4FE-46FC-858B-889047E7D311}" = rport=137 | protocol=17 | dir=out | app=system |
"{BA3D788C-9674-40E9-976E-D58158B9E358}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{BC5ED88F-661E-4DCD-8526-8781EFC31B4D}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{BDEF621E-BBA0-4A9F-8CCF-98F21A47A2C8}" = lport=6915 | protocol=6 | dir=in | name=league of legends launcher |
"{C0B4A15A-5592-491E-84A1-E5180EE8F37A}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{C5BA9DEA-4279-4072-856A-81FA79260898}" = rport=139 | protocol=6 | dir=out | app=system |
"{C92A12F0-C3ED-47B9-AAA2-2B53CB08E99B}" = lport=6958 | protocol=6 | dir=in | name=league of legends launcher |
"{CC4F6CA4-FE36-4C52-B167-B4A528B6FC42}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{CC61D3E3-EAAA-43C6-B1C5-36424A7985A5}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{CF468633-4D0C-426F-8E66-1E9D80F65746}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher |
"{D6D130E0-09AC-4C8E-91C4-E5D55F5E3F03}" = lport=6992 | protocol=17 | dir=in | name=league of legends launcher |
"{D725FA92-462B-4AE8-ACE4-084DEA52233E}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{DD1C9450-EC9E-4D2C-B642-D223861B2BB6}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{E022A2B0-DA1A-41C0-8C1F-6EEF9A1696E8}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{E029270A-0D72-48D9-919F-71FB6B1EF371}" = lport=6915 | protocol=17 | dir=in | name=league of legends launcher |
"{E1F3CB83-C44B-429E-BEDD-923C110C9BED}" = lport=6980 | protocol=6 | dir=in | name=league of legends launcher |
"{EA23A6D9-3D62-4732-A1FD-6784A695BAFE}" = rport=445 | protocol=6 | dir=out | app=system |
"{EBAD27EE-BB61-459C-9FE8-C4AE0647B12E}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{EE3D13E5-7444-4769-A2A8-255DF761E7C7}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{F77F6C7F-68C2-4239-A30E-FA4C27F8CD64}" = lport=6946 | protocol=17 | dir=in | name=league of legends launcher |
"{F831C729-41D8-4D0D-AD91-D6BB075991AE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{F93BE740-EC63-49D8-85FE-5CC010144889}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{FE55C985-24D3-4FAA-9A4B-98BC58677A59}" = lport=6924 | protocol=17 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00031362-7B54-420A-9C65-8651FA1168A2}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{06569BBB-FDB7-4DD4-9475-48ED193831E0}" = protocol=6 | dir=in | app=c:\users\elijahmc\appdata\roaming\utorrent\utorrent.exe |
"{070723A6-AD45-433B-9D7D-33A6A71160B7}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{0FDEA805-97C7-40F5-817F-A20AD7BAFAAD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{11EE7D7F-B7C6-461F-B998-3C0E62416869}" = dir=out | app=%programfiles%\sony\vegas pro 12.0\vegas120.exe |
"{12A463D1-DB3E-4B97-9765-BF0C57BB6C2E}" = protocol=6 | dir=in | app=d:\applications\garenalolph\gamedata\bbtalk\bbtalk.exe |
"{1B91F4C4-C8B9-44E6-AA33-D0CA960A4259}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{1BBE8366-9A0E-4259-AF37-8710C43DBA6C}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64.exe |
"{1BC7DC01-0E1F-4AA2-9716-D7695D8FD1D8}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{1EE8EFCA-ADDB-4129-B4AB-BF44E89F714D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{23B43BD5-A8A0-4C20-8DD3-5C45AAFF4772}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{261D5086-92A7-4FBF-AE7B-F0DE414F639F}" = protocol=17 | dir=in | app=d:\applications\garenalolph\gamedata\apps\lolph\game\league of legends.exe |
"{2685364F-A197-4750-874B-6A1DB205D048}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2A20E8C4-8791-4617-8576-A14F679CD63B}" = protocol=17 | dir=in | app=d:\applications\garenalolph\gamedata\apps\lolph\game\league of legends.exe |
"{3135150E-02B6-4CA3-B69B-744C51B697F9}" = protocol=17 | dir=in | app=c:\users\elijahmc\appdata\roaming\utorrent\utorrent.exe |
"{3248C7BC-2AC8-4795-B37C-4BB92C660D1C}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{3331CE24-A834-4FB2-BAAF-BD1AD664158C}" = protocol=6 | dir=in | app=d:\applications\wot\world of tanks\wotlauncher.exe |
"{39FD5D21-3453-498A-A816-2E1A965CE83B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3F32034C-0957-4830-95A2-D4181EB89EA2}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2013\3dsmax.exe |
"{43F147A2-2DDE-49FA-9DA4-AD0BFCECD149}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{4A21194E-DA8C-4610-BB4F-576EF60889E1}" = protocol=17 | dir=in | app=d:\applications\garenalolph\gamedata\apps\lolph\air\lolclient.exe |
"{504EDF16-F78A-4C26-AA96-F483AEAB3F94}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{50E1DDE3-51A3-437C-B06D-DDBD8BB7C784}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{546771F6-8088-40AF-BCA2-4EB6AC771C76}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{577BE7D3-9F44-4CFF-B790-644C6AAE430B}" = protocol=6 | dir=in | app=c:\program files\autodesk\softimage 2013\application\bin\xsi.exe |
"{586EBEC8-D72C-429C-8C87-DB2867DB940C}" = dir=in | app=c:\users\elijahmc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{60D64C2C-7D6F-4A7F-BCAC-29D11A6DF85F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{62545D3A-987F-4CE2-9C3F-A7E83955E25E}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{643F978B-B254-4C2A-8AAA-B5517920DE78}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{7453862A-C7C7-4D94-BEBF-E85B48915D69}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{77A0FCA5-EFD1-4773-934C-612F3FC8BB12}" = protocol=17 | dir=in | app=d:\applications\garenalolph\gamedata\apps\lolph\air\lolclient.exe |
"{7B8296F1-B50C-40F6-A036-F15EC182ACF6}" = protocol=17 | dir=in | app=c:\program files\autodesk\softimage 2013\application\bin\xsi.exe |
"{7CFFCDCE-323F-4373-B60D-E1F2E4021FFD}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{839BCC3C-CAF4-411A-AF21-9102AA9846E6}" = protocol=17 | dir=in | app=d:\applications\wot\world of tanks\wotlauncher.exe |
"{861BAB7B-5CFF-4530-8FFC-98594A16A042}" = protocol=6 | dir=in | app=d:\applications\garenalolph\gamedata\apps\lolph\air\lolclient.exe |
"{88281858-C839-4A34-AA47-B585F6A9AEDF}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64.exe |
"{8C2A3714-3386-4AD6-BB80-F428ABF75A75}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{928527E3-D731-4E33-A172-587072F09655}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{928702FB-1AD7-4684-91C9-405E4F5FD646}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{946CE608-CD93-44CC-B9D7-03AAC4A40A3A}" = protocol=6 | dir=in | app=d:\applications\garenalolph\gamedata\apps\lolph\game\league of legends.exe |
"{9D4F2A03-304E-4CC4-B117-EF49C509FE78}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2013\3dsmax.exe |
"{9DBFC54C-3341-4421-A6AE-A63DDF980BCA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{A2A9A361-3761-45EA-A94F-B29F817538B9}" = protocol=6 | dir=in | app=d:\applications\garenalolph\gamedata\apps\lolph\air\lolclient.exe |
"{A71815CD-175C-470E-A8EE-F6F5C1F5C42A}" = protocol=17 | dir=in | app=c:\users\elijahmc\appdata\roaming\dropbox\bin\dropbox.exe |
"{ABC2F1A8-4465-47C1-9D0A-FDE6780334F4}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{AED9465D-F7C6-4C0E-BDB9-2412BFBD3497}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B0ABAD00-46AD-43D1-9020-838F1077EADC}" = protocol=6 | dir=in | app=d:\applications\garenalolph\gamedata\garenamessenger.exe |
"{B2AFD65F-D6C0-4912-97FD-2E852B557432}" = protocol=6 | dir=in | app=c:\users\elijahmc\appdata\roaming\dropbox\bin\dropbox.exe |
"{B9324279-925B-4FFF-901D-B90BAFC9EC47}" = protocol=6 | dir=in | app=c:\program files\autodesk\softimage 2013\application\bin\xsi.exe |
"{BC0A7F2B-E578-48C0-9B68-F5AC6A77D6D2}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{C430B55F-6BE7-43E8-9AD1-E5B678041E8E}" = protocol=6 | dir=in | app=d:\applications\garenalolph\gamedata\apps\lolph\game\league of legends.exe |
"{CB275CCE-4C54-40EB-AC18-175C6B23369B}" = protocol=17 | dir=in | app=c:\program files\autodesk\maya2013\bin\maya.exe |
"{CDD75469-74EF-4EDA-AD16-35C4539638BB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D1FDE521-5067-46DA-994A-439B1E04EFB4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{DD4D7AE3-CB6E-4D51-B907-9225AB6B2D1A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{DE3AFCFE-E5B4-482F-AFA8-0D3C64D9C554}" = protocol=17 | dir=in | app=d:\applications\garenalolph\gamedata\bbtalk\bbtalk.exe |
"{DFFBBFEE-80C6-4886-9226-5A1FC1B55EA0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E343FFAF-49C9-4D8A-BDCB-136C57074743}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{EB324E38-2403-40D1-857C-8E9CFC98EE1A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{EB7EDF9E-FE17-4DDD-A31C-39189EBD27CD}" = protocol=6 | dir=in | app=c:\program files\autodesk\maya2013\bin\maya.exe |
"{F3A9D018-43BD-4EDC-99FB-0911E9AA83DC}" = dir=in | app=d:\applications\garenalolph\gamedata\ggdllhost.exe |
"{F79C0400-2172-4073-863C-B27EACF3A39A}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{F8D866A6-A011-4D2C-B93D-E99E19653129}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64server.exe |
"{FA36399B-02DC-4476-8658-3C4E561FD450}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64server.exe |
"{FCBC585B-89A7-4395-BF62-4F31BD3FB893}" = protocol=17 | dir=in | app=c:\program files\autodesk\softimage 2013\application\bin\xsi.exe |
"{FCC57363-F121-4769-9F71-87C6F237379B}" = protocol=17 | dir=in | app=d:\applications\garenalolph\gamedata\garenamessenger.exe |
"TCP Query User{0223760C-5F2D-498A-AFCF-1F55B3958F0E}C:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{09EE47A2-0621-4557-905A-64933ED21A7F}C:\program files (x86)\google\google sketchup 8\sketchup.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google sketchup 8\sketchup.exe |
"TCP Query User{0A78C81C-7353-41C4-8372-99DD2F77F424}C:\program files\graphisoft\archicad 16\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 16\archicad.exe |
"TCP Query User{0E71D3EA-1074-4AE6-9A9C-104082D5F754}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"TCP Query User{15CFBE96-AA3F-4DF4-BAE9-077D9432C7DF}C:\program files (x86)\google\google sketchup 8\sketchup.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google sketchup 8\sketchup.exe |
"TCP Query User{165D38A4-E886-4812-A916-2127E58577EF}D:\applications\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=d:\applications\left 4 dead 2\left4dead2.exe |
"TCP Query User{272654EB-BC2E-420E-8D1A-C44DFFAFD674}C:\Program Files (x86)\SketchUp\sketchup 2013\LayOut\LayOut.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe |
"TCP Query User{2C01075D-A717-4AD9-83B0-43E6F3A371AB}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"TCP Query User{357F4944-C0D0-4562-8557-BA98BB70E3D3}D:\applications\wot\world of tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\applications\wot\world of tanks\worldoftanks.exe |
"TCP Query User{4328B485-BE4F-413F-878F-35D5D8687332}C:\users\elijahmc\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\elijahmc\appdata\local\akamai\netsession_win.exe |
"TCP Query User{63843229-2706-4A55-AD41-495099C920C5}D:\applications\garenalolph\gamedata\bbtalk\bbtalk.exe" = protocol=6 | dir=in | app=d:\applications\garenalolph\gamedata\bbtalk\bbtalk.exe |
"TCP Query User{758D5A1A-03E0-48A1-8738-685AEEE0C039}D:\applications\wot\world of tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\applications\wot\world of tanks\worldoftanks.exe |
"TCP Query User{79D8E99D-8CC8-4AAA-926A-8CFC0DE72C1B}C:\users\elijahmc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\elijahmc\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{85BB50B4-1B6F-4E63-A190-54855326CBCF}D:\applications\garenalolph\gamedata\updatemanager.exe" = protocol=6 | dir=in | app=d:\applications\garenalolph\gamedata\updatemanager.exe |
"TCP Query User{8FD53AD6-247A-4849-96A3-B3B3D5961213}C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sketchup\sketchup 2013\sketchup.exe |
"TCP Query User{98609624-9BAE-49E0-9853-FD7D93DFA02D}H:\google sketchup 8\sketchup.exe" = protocol=6 | dir=in | app=h:\google sketchup 8\sketchup.exe |
"TCP Query User{9F57B4CF-9C10-4CD3-A7D3-BAB2B4846773}C:\program files\graphisoft\archicad 16\gsquicktimeserver\gsqtserver.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 16\gsquicktimeserver\gsqtserver.exe |
"TCP Query User{A21E9CA6-ED46-42F9-B298-F9E317898B39}C:\Program Files (x86)\SketchUp\sketchup 2013\SketchUp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sketchup\sketchup 2013\sketchup.exe |
"TCP Query User{A8B0B623-AC70-4D25-9998-DC09F1F60D9B}D:\applications\garenalolph\gamedata\garenamessenger.exe" = protocol=6 | dir=in | app=d:\applications\garenalolph\gamedata\garenamessenger.exe |
"TCP Query User{AED623DB-1E0C-43AE-ABDA-9760EB9B62DA}C:\program files (x86)\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"TCP Query User{C07A2368-65A0-4469-B544-D8DB5797BC96}H:\google sketchup 8\sketchup.exe" = protocol=6 | dir=in | app=h:\google sketchup 8\sketchup.exe |
"TCP Query User{C1A2A224-1B39-40AC-9A09-960AAFE2C18D}C:\program files\autodesk\maya2013\bin\maya.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\maya2013\bin\maya.exe |
"TCP Query User{D056E747-F39A-4473-A380-F74C28F26430}C:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe |
"TCP Query User{D449D85B-8772-4741-B7BB-482FCE3058EE}I:\downloads\software\microsoft office 2010 professional plus with sp1 vl edition+crack.waqarr\microsoft office 2010 professional plus with sp1 vl edition+crack\keygen.exe" = protocol=6 | dir=in | app=I:\downloads\software\microsoft office 2010 professional plus with sp1 vl edition+crack.waqarr\microsoft office 2010 professional plus with sp1 vl edition+crack\keygen.exe |
"TCP Query User{E77D89D1-7E32-4F72-9C28-C0EBD5442CF0}D:\applications\wot\world of tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\applications\wot\world of tanks\wotlauncher.exe |
"TCP Query User{EC1E6BF2-B90C-461B-AC39-077E19524E15}C:\users\elijahmc\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\elijahmc\appdata\local\akamai\netsession_win.exe |
"TCP Query User{F07B70C6-44AD-414A-BE50-8A6AB77FEAB7}C:\program files (x86)\Ubisoft\Assassin's Creed II\assassinscreediigame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"UDP Query User{13C6A185-8A0C-492F-8647-323406EA8355}C:\Program Files (x86)\SketchUp\sketchup 2013\SketchUp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sketchup\sketchup 2013\sketchup.exe |
"UDP Query User{1588AB4D-7458-405A-A103-1B8BD46B364C}C:\program files\autodesk\maya2013\bin\maya.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\maya2013\bin\maya.exe |
"UDP Query User{18209147-5A1A-4304-9577-4E89D43B651B}D:\applications\garenalolph\gamedata\updatemanager.exe" = protocol=17 | dir=in | app=d:\applications\garenalolph\gamedata\updatemanager.exe |
"UDP Query User{1B6DC9ED-9613-4295-9378-468B5F4DB716}C:\program files (x86)\google\google sketchup 8\sketchup.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google sketchup 8\sketchup.exe |
"UDP Query User{1CDE0096-E2EA-4FDE-9A89-D9B2F418B916}C:\program files\graphisoft\archicad 16\gsquicktimeserver\gsqtserver.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 16\gsquicktimeserver\gsqtserver.exe |
"UDP Query User{1F001041-4BFB-4928-AE2D-0FD6A62D0F14}C:\program files (x86)\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"UDP Query User{1FDF43A6-C14C-4DE1-8B29-9FBA0F657977}C:\Program Files (x86)\SketchUp\sketchup 2013\LayOut\LayOut.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe |
"UDP Query User{24B5F705-7954-4D30-8A84-7AEF6478546C}D:\applications\garenalolph\gamedata\bbtalk\bbtalk.exe" = protocol=17 | dir=in | app=d:\applications\garenalolph\gamedata\bbtalk\bbtalk.exe |
"UDP Query User{34FD8CA6-29F7-44D2-975A-9A301E36A374}C:\users\elijahmc\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\elijahmc\appdata\local\akamai\netsession_win.exe |
"UDP Query User{5DC8FEBC-F034-4378-9F12-F66CDBC48DFC}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{717C3321-C21F-4D47-B812-B4E435723635}D:\applications\garenalolph\gamedata\garenamessenger.exe" = protocol=17 | dir=in | app=d:\applications\garenalolph\gamedata\garenamessenger.exe |
"UDP Query User{7C4BD67C-4955-4C36-8D6B-66BF6B7AB2D0}C:\users\elijahmc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\elijahmc\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{8D442CFC-B9EF-4544-AE93-1E3D5CA5E469}C:\program files (x86)\Ubisoft\Assassin's Creed II\assassinscreediigame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"UDP Query User{8F18FDC7-4642-433F-9E5C-6A218499401C}H:\google sketchup 8\sketchup.exe" = protocol=17 | dir=in | app=h:\google sketchup 8\sketchup.exe |
"UDP Query User{9A292902-72BC-4661-9DA4-64CE422B4CC1}C:\program files (x86)\google\google sketchup 8\sketchup.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google sketchup 8\sketchup.exe |
"UDP Query User{ACE32BA5-071C-4091-A8C4-F48B7352A305}D:\applications\wot\world of tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\applications\wot\world of tanks\worldoftanks.exe |
"UDP Query User{AEE53D00-72EC-4AA4-8F41-F2D90FFD6CA9}C:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sketchup\sketchup 2013\layout\layout.exe |
"UDP Query User{B336ED3C-3267-4AEC-9F85-098A3B00D0E1}D:\applications\wot\world of tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\applications\wot\world of tanks\wotlauncher.exe |
"UDP Query User{BC8108DF-5CEE-4F82-927E-A91343C3E6D4}C:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{BD570859-764B-441A-BCF5-B53BAFB9A52C}D:\applications\wot\world of tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\applications\wot\world of tanks\worldoftanks.exe |
"UDP Query User{BD5D1DF9-391D-43D9-8610-A7644CC80387}I:\downloads\software\microsoft office 2010 professional plus with sp1 vl edition+crack.waqarr\microsoft office 2010 professional plus with sp1 vl edition+crack\keygen.exe" = protocol=17 | dir=in | app=I:\downloads\software\microsoft office 2010 professional plus with sp1 vl edition+crack.waqarr\microsoft office 2010 professional plus with sp1 vl edition+crack\keygen.exe |
"UDP Query User{C35EF2F4-83BC-45E4-AB97-BFD7325570C9}C:\users\elijahmc\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\elijahmc\appdata\local\akamai\netsession_win.exe |
"UDP Query User{C5ADB75C-9246-4854-AE18-ABD848FA8743}D:\applications\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=d:\applications\left 4 dead 2\left4dead2.exe |
"UDP Query User{D526DCBB-A8B7-4F4D-B063-6F42AAF979CD}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{D96874B8-AD10-4377-B956-E49E7716E4CA}H:\google sketchup 8\sketchup.exe" = protocol=17 | dir=in | app=h:\google sketchup 8\sketchup.exe |
"UDP Query User{E259E744-949F-46E4-BF12-26FF62746A68}C:\program files (x86)\sketchup\sketchup 2013\sketchup.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sketchup\sketchup 2013\sketchup.exe |
"UDP Query User{E9214E7E-0D38-4BEC-BCBE-B8BA0C523B3C}C:\program files\graphisoft\archicad 16\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 16\archicad.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
Extras 2 of 2


64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E18300-BB64-1664-8E6A-2593FC67BB74}" = Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC4
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0C821839-EA2A-48C2-BBD5-2B3D28159BC0}" = Autodesk Mudbox 2013 64-bit
"{0F30B978-3536-0409-BC9C-0A2FB4C35EFC}" = Autodesk 3ds Max 2013 64-bit
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{31ABA3F2-0000-1033-0102-111D43815377}" = Autodesk ReCap
"{31ABA3F2-0010-1033-0102-111D43815377}" = Autodesk ReCap Language Pack-English
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{3CB60177-D3D2-4E9C-BE4D-8372B34B4C7F}" = Autodesk SketchBook Designer 2013
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}" = Autodesk 360
"{54EB8041-1115-4406-AA4B-44D236E84B3B}" = Intel® PROSet/Wireless WiFi Software
"{5783F2D7-B001-0000-0102-0060B0CE6BBA}" = AutoCAD 2013 - English
"{5783F2D7-B001-0409-1102-0060B0CE6BBA}" = AutoCAD 2013 Language Pack - English
"{5783F2D7-B001-0409-2102-0060B0CE6BBA}" = AutoCAD 2013 - English
"{5783F2D7-D004-0000-0102-0060B0CE6BBA}" = AutoCAD Architecture 2014 - English
"{5783F2D7-D004-0409-1102-0060B0CE6BBA}" = AutoCAD Architecture 2014 Language Pack - English
"{5783F2D7-D004-0409-2102-0060B0CE6BBA}" = AutoCAD Architecture 2014 - English
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5B77A046-DAD6-4F19-A8B9-4E5B3EAD2C24}" = Autodesk MatchMover 2013 64-bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.5
"{696BB53C-28E6-1664-974E-D42FFF5B8E04}" = Autodesk Inventor Server Engine for 3ds Max 2013 64-bit
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7346B4A0-1300-0110-0409-705C0D862004}" = Revit Architecture 2013
"{7346B4A0-1300-0111-0409-705C0D862004}" = Revit Architecture 2013 Language Pack - English
"{7963F870-6575-11E2-A4D9-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{7E708ADE-6575-11E2-8713-F04DA23A5C58}" = MSVCRT Redists
"{7EDE5B68-1FB0-405D-88F0-A34236002DA8}" = Autodesk Essential Skills Movies for 3ds Max 2013 64-bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9F5DDF76-5889-40E9-8459-E6FC6DC9C6BF}" = Autodesk MotionBuilder 2013 64-bit
"{A7EE5537-8511-4911-8E89-E0CFE40561A9}" = Suite Exclusives Premium 2013 64-bit
"{A7EE5537-8511-4911-8E89-E0CFE40561B0}" = Turtle for Maya Premium 2013 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF827870-C827-4B04-A365-1C9EC5B4FD6A}" = Autodesk Softimage 2013 64-bit
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 332.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 332.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 11.10.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 11.10.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 11.10.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20
"{B7C76170-A86D-4AD2-B2A8-46BB42E4B667}" = DraftSight x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC7084CE-5090-4770-8B5B-CA3125526F0D}" = Autodesk Maya 2013 64-bit
"{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"001FFF2FFF16FF00FF0701F01F02F000-R1" = ArchiCAD 16 INT
"AutoCAD 2013 - English" = AutoCAD 2013 - English
"AutoCAD Architecture 2014 - English" = Autodesk AutoCAD Architecture 2014 - English
"Autodesk 3ds Max 2013 64-bit" = Autodesk 3ds Max 2013 64-bit
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Fusion plug-in for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"Autodesk Maya 2013 64-bit" = Autodesk Maya 2013 64-bit
"Autodesk MotionBuilder 2013 64-bit" = Autodesk MotionBuilder 2013 64-bit
"Autodesk Mudbox 2013 64-bit" = Autodesk Mudbox 2013 64-bit
"Autodesk ReCap" = Autodesk ReCap
"Autodesk Revit Architecture 2013" = Autodesk Revit Architecture 2013
"Autodesk SketchBook Designer 2013" = Autodesk SketchBook Designer 2013
"Autodesk Softimage 2013 64-bit" = Autodesk Softimage 2013 64-bit
"BatteryBar" = BatteryBar (remove only)
"CCleaner" = CCleaner
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.2f Shizuku Edition
"Elantech" = ETDWare PS/2-X64 8.0.5.7_WHQL
"EPSON ME 320 Series" = EPSON ME 320 Series Printer Uninstall
"EPSON ME 340 Series" = EPSON ME 340 Series Printer Uninstall
"EPSON T13 T22E Series" = EPSON T13 T22E Series Printer Uninstall
"Lumion 3.0.1_is1" = Lumion 3.0.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0642A70A-F852-4939-8228-27ED4E3B0892}" = IObit Apps Toolbar v8.6
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{118F84A7-53AA-4BDB-AC4E-723B7B0D8A4B}" = S-Bar
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{173F2B02-2AAA-414F-A2D8-44870BB98F7A}" = Shaun White Skateboarding
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.0
"{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}" = System Requirements Lab for Intel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}" = Adobe Photoshop CC
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}" = Camera Recorder
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4L7IG77L-T4D4-75B1-98C3-11CD6E4334A3}_is1" = Deus ex Human Revolution version 1.0
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51BF3210-B825-4092-8E0D-66D689916E02}" = Autodesk Material Library Base Resolution Image Library 2014
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1" = Adobe Update Management Tool
"{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
"{5CDFBF03-D1B2-466B-AA19-B10FDA43E2BB}" = YTD Toolbar v8.6
"{5FB827D0-DABC-11DF-6784-014F400218BE}" = progeCAD 2011 Professional
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644E9589-F73A-49A4-AC61-A953B9DE5669}" = SketchUp Import for AutoCAD 2014
"{644F9B19-A462-499C-BF4D-300ABC2A28B1}" = Autodesk Material Library 2014
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{69B77D45-F5AD-4AB9-933D-352703324469}_is1" = RAR Password Unlocker
"{6DA2B636-698A-3294-BF4A-B5E11B238CDD}" = Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729
"{6E8BFE9E-F05C-4F4F-ABA4-FB82F9AF2F98}" = SketchUp Pro 8
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{722CEEBA-22BB-4448-9903-4B89F53B74DB}" = ONIMUSHA3 PC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B622C9-AA10-47D7-A10C-377CF9BC8502}" = SketchUp 2013
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82BF2C5E-79A7-4A13-B508-D5E64A5B141E}" = Uninstall Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A470330-70B2-49AD-86AF-79885EF9898A}" = FARO LS 1.1.501.0 (64bit)
"{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}" = Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.5.0
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.4.0
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91221AAC-F2A0-4028-8016-C7DAF63CB6CC}" = FARO LS 1.1.408.2
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B25F30C5-5FC5-41F5-BDE6-00C5DFD11404}" = Onigiri_US
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD85CEE1-BFBA-4FDB-A0FB-F8FE4938CCB0}" = Proxy Switcher
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C070121A-C8C5-4D52-9A7D-D240631BD433}" = Autodesk App Manager
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}" = Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D004B255-9786-44EC-B8BF-233168CADA22}" = RAMDisk
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}" = Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729
"{F732FEDA-7713-4428-934B-EF83B8DD65D0}" = Autodesk Featured Apps
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"075FFFFFFF14FF00FF0701F00F02F000-R1" = Profiler 14 INT
"075FFFFFFF16FF00FF0701F00F02F000-R1" = Profiler 16 INT
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Any Video Converter 5_is1" = Any Video Converter 5 5.0.3
"Autodesk Content Service" = Autodesk Content Service
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Company of Heroes" = Company of Heroes
"Debut" = Debut Video Capture Software
"Dishonored_is1" = Dishonored
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FARO LS_is1" = FARO LS 4.8.2.25521
"Globe Tattoo Broadband" = Globe Tattoo Broadband
"Google Chrome" = Google Chrome
"GraphCalc v4.0.1_is1" = GraphCalc v4.0.1
"HD Tune_is1" = HD Tune 2.55
"IObit Surfing Protection_is1" = Surfing Protection
"IObitUninstall" = IObit Uninstaller
"MapleStory" = MapleStory
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PosteRazor_is1" = PosteRazor
"PowerISO" = PowerISO
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"progeCAD Architecture_is1" = progeCAD Architecture
"Rainmeter" = Rainmeter
"RegSupreme_is1" = RegSupreme
"RocketDock_is1" = RocketDock 1.3.5
"SevenZip" = SevenZip
"Smart Bro" = Smart Bro
"Smart Defrag 2_is1" = Smart Defrag 2
"SpeedFan" = SpeedFan (remove only)
"Stardock WindowBlinds" = Stardock WindowBlinds
"Uninstall Helper 2.0.1.0" = Uninstall Helper
"Usbfix" = UsbFix
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.0.5
"V-Ray for SketchUp 1.49.02" = V-Ray for SketchUp
"WebCam Recorder_is1" = WebCam Recorder
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/15/2014 1:28:34 AM | Computer Name = ElijahMC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.75.0.1, time stamp:
0x511f8eb2 Faulting module name: OLEAUT32.dll, version: 6.1.7601.17514, time stamp:
0x4ce7b972 Exception code: 0xc0000005 Fault offset: 0x0001604c Faulting process id:
0xf14 Faulting application start time: 0x01cf2a0ec4216d16 Faulting application path:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
C:\Windows\syswow64\OLEAUT32.dll Report Id: 02dd7fc9-9602-11e3-9ba4-01226e000000

Error - 2/15/2014 1:28:50 AM | Computer Name = ElijahMC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.75.0.1, time stamp:
0x511f8eb2 Faulting module name: OLEAUT32.dll, version: 6.1.7601.17514, time stamp:
0x4ce7b972 Exception code: 0xc0000005 Fault offset: 0x0001604c Faulting process id:
0x934 Faulting application start time: 0x01cf2a0ecba9f133 Faulting application path:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
C:\Windows\syswow64\OLEAUT32.dll Report Id: 0c6361fb-9602-11e3-9ba4-01226e000000

Error - 2/15/2014 1:35:56 AM | Computer Name = ElijahMC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.75.0.1, time stamp:
0x511f8eb2 Faulting module name: OLEAUT32.dll, version: 6.1.7601.17514, time stamp:
0x4ce7b972 Exception code: 0xc0000005 Fault offset: 0x0001604c Faulting process id:
0x1e30 Faulting application start time: 0x01cf2a0fba805af8 Faulting application path:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
C:\Windows\syswow64\OLEAUT32.dll Report Id: 0a35c50b-9603-11e3-9ba4-01226e000000

Error - 2/15/2014 6:35:17 AM | Computer Name = ElijahMC-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/15/2014 6:37:44 AM | Computer Name = ElijahMC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.75.0.1, time stamp:
0x511f8eb2 Faulting module name: OLEAUT32.dll, version: 6.1.7601.17514, time stamp:
0x4ce7b972 Exception code: 0xc0000005 Fault offset: 0x0001604c Faulting process id:
0x1e8c Faulting application start time: 0x01cf2a39f2b2d67a Faulting application path:
H:\Malwarebytes' Anti-Malware\mbam.exe Faulting module path: C:\Windows\syswow64\OLEAUT32.dll
Report
Id: 33c760e8-962d-11e3-aaa8-01226e000000

Error - 2/15/2014 6:39:37 AM | Computer Name = ElijahMC-PC | Source = MBAMService | ID = 131073
Description =

Error - 2/15/2014 6:40:08 AM | Computer Name = ElijahMC-PC | Source = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe | ID = 131073
Description =

Error - 2/15/2014 6:42:47 AM | Computer Name = ElijahMC-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/15/2014 6:43:12 AM | Computer Name = ElijahMC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.75.0.1, time stamp:
0x511f8eb2 Faulting module name: OLEAUT32.dll, version: 6.1.7601.17514, time stamp:
0x4ce7b972 Exception code: 0xc0000005 Fault offset: 0x0001604c Faulting process id:
0x5bc Faulting application start time: 0x01cf2a3aad02ef33 Faulting application path:
H:\Malwarebytes' Anti-Malware\mbam.exe Faulting module path: C:\Windows\syswow64\OLEAUT32.dll
Report
Id: f6fa553d-962d-11e3-9751-8c89a501f2b5

Error - 2/15/2014 6:50:15 AM | Computer Name = ElijahMC-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\Troubleshooting\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ Media Center Events ]
Error - 2/14/2014 12:46:35 AM | Computer Name = ElijahMC-PC | Source = MCUpdate | ID = 0
Description = 12:46:23 PM - Error connecting to the internet. 12:46:23 PM - Unable
to contact server..

[ System Events ]
Error - 2/15/2014 6:57:09 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/15/2014 6:57:57 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/15/2014 6:57:57 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/15/2014 6:57:57 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/15/2014 7:02:23 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/15/2014 7:02:23 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/15/2014 7:02:23 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/15/2014 7:02:57 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/15/2014 7:02:57 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/15/2014 7:02:57 AM | Computer Name = ElijahMC-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
 
redtarget.gif

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
IE - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
O15 - HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\..Trusted Domains: eset.com ([www] https in Trusted sites)
[2014/02/16 12:24:28 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/16 12:24:01 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/15 13:31:20 | 000,353,352 | ---- | C] (Malwarebytes Corporation) -- C:\Users\ElijahMC\Desktop\mbam-check-2.0.0.1000.exe
[2014/02/14 11:21:38 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\48230029.sys


:Services

:Reg

:Files
C:\FRST
c:\programdata\Malwarebytes' Anti-Malware (portable)
c:\users\ElijahMC\AppData\Roaming\Malwarebytes

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL


All processes killed
========== OTL ==========
HKU\S-1-5-21-1474345794-4172456791-2447515797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1474345794-4172456791-2447515797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\eset.com\www\ deleted successfully.
C:\Windows\SysNative\drivers\MBAMSwissArmy.sys moved successfully.
C:\Windows\SysNative\drivers\mbamchameleon.sys moved successfully.
C:\Users\ElijahMC\Desktop\mbam-check-2.0.0.1000.exe moved successfully.
C:\Windows\SysNative\drivers\48230029.sys moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
c:\programdata\Malwarebytes' Anti-Malware (portable) folder moved successfully.
c:\users\ElijahMC\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder moved successfully.
c:\users\ElijahMC\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
c:\users\ElijahMC\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
c:\users\ElijahMC\AppData\Roaming\Malwarebytes folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ElijahMC
->Temp folder emptied: 4649026 bytes
->Temporary Internet Files folder emptied: 10271455 bytes
->Java cache emptied: 398375 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 184078772 bytes
->Flash cache emptied: 669 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8405015 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2805774 bytes

Total Files Cleaned = 201.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: ElijahMC
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: ElijahMC
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02162014_222008

Files\Folders moved on Reboot...
C:\Users\ElijahMC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Security Check


Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
RegSupreme
Java(TM) 6 Update 32
Java 7 Update 51
Adobe Flash Player 11.9.900.170
Adobe Reader 10.1.1 Adobe Reader out of Date!
Mozilla Firefox (26.0)
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.107
````````Process Check: objlist.exe by Laurent````````
Globe Tattoo Broadband OnlineUpdate ouc.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
FSS

Farbar Service Scanner Version: 02-02-2014
Ran by ElijahMC (administrator) on 16-02-2014 at 22:35:18
Running from "C:\Users\ElijahMC\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2010-11-21 11:24] - [2010-11-21 11:24] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2010-11-21 11:24] - [2010-11-21 11:24] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D

C:\Windows\System32\dnsrslvr.dll
[2010-11-21 11:24] - [2010-11-21 11:24] - 0183296 ____A (Microsoft Corporation) CD55F5355D8F55D44C9F4ED875705BD6

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
ESET Online scanner won't work. It prompts "Cannot get updates. Is proxy confgured?" -> I am pretty sure I do not have any proxy configured...
 
Slept during ESET scan, there were no questions about logs. Took ownership of the said folder, tried installing, but still the same error
 
Right click on ProgramData folder click "Properties" and UN-check "Read only".
Click OK.
Try to install MBAM again.
 
It's still the same... The error pops halfway through the installation. Also, when I applied the properties some folders were skipped.
 
OK. At this point your computer is clean.
Follow steps listed below and then go to MBAM forum and post your issue there: https://forums.malwarebytes.org/
I'm out of ideas here.

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

13. Please, let me know, how your computer is doing.
 
Thank you very much for your assistance. I truly appreciate your help as I have been dealing with this for about 3 days straight now. I will update on the performance when possible. Cheers!
 
Back