Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having trouble removing PC Optimzer Pro after running Combofix.


  • This topic is locked This topic is locked
14 replies to this topic

#1 SB_Tiger

SB_Tiger

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 03 June 2013 - 04:13 PM

Hello,

 

I am running Windows 7 64-bit and am having trouble completely removing the rogueware PC optimizer pro from my computer. This got installed on my computer without permission from a CNET webpage.

 

Prior to making this topic I'd already tried to remove this program with RKiller and then Malwarebytes and Combofix.

 

Both Rkill and Malwarebytes fail to detect PC optimizer pro as a threat in either safe mode or on a regular boot up. After running both of those I ran Combofix, which detected PC optimzer pro and supposedly removed it. But even after combofix “removed” it, PC optimzer pro still boots up whenever I startup my PC (only on regular boot up, it doesn't occur in safe mode). On bootup it gives me a pop up that it needs to be updated, this pop up can only be closed through task manager.

 

PC optimizer pro appears to close down completely when I end the process in the task manager, but I'd like to get it completely off my computer.

A few things to note are that

  1. PC Optimizer Pro also installed Sweet Packs extension for Firefox and another ad pop up program. I uninstalled the pop up program using Revo uninstaller. Sweet packs was disabled within Firefox, but I haven't uininstaled it.

  2. Before running Combofix, PC optimizer pro showed up as a program that could be uninstalled in the Windows installer, now it doesn't.

  3. PC optimizer Pro has an uninstaller, which is located in the folder that the desktop shortcut leads to. I haven't used this as I don't trust it will actually uninstall the program.

 

I do have the log saved from when I ran Combofix.

 

Thanks,

SB_TIger



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:28 AM

Posted 03 June 2013 - 06:15 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.


We need to see some information about what is happening in your machine.  Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet. 

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner



Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log.  Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Note:
If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the  save log button, save it to your desktop and post it in your next reply.




Thanks and again sorry for the delay.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 SB_Tiger

SB_Tiger
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 03 June 2013 - 07:44 PM

Here is my initial DDS log and GMER log.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by Stuart at 17:31:13 on 2013-06-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8109.6850 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
StartupFolder: C:\Users\Stuart\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIGFOO~1.LNK - C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: NameServer = 71.9.127.107 68.190.192.35 24.205.224.36
TCP: Interfaces\{53F78877-E44B-4E91-B164-F4C7B68E426D} : DHCPNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
TCP: Interfaces\{6CAE3FA3-057D-473A-ABDC-B16088ABAE32} : DHCPNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [CAHS1Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\y3n42r2y.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-05-26 22:19; {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}; C:\Program Files\Updater By SweetPacks\Firefox
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-7-18 21104]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2010-5-10 573952]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-1 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-1 701512]
R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-7-18 114688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-5-12 413472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-18 2655768]
R2 Updater By SweetPacks;Updater By SweetPacks;C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [2013-5-26 188760]
R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-3-23 493384]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480]
R3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;C:\Windows\System32\drivers\Edge7x64.sys [2010-5-10 30824]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\Xeno7x64.sys [2010-5-10 152680]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-3-7 40832]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-3-7 65280]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-18 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-1 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-18 413800]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 CorsairCAHS1;CA-HS1 Interface;C:\Windows\System32\drivers\CAHS164.sys [2011-6-16 1308160]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-1-1 131912]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-7-18 30528]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-24 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-06-01 01:08:41    9460464    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2419661F-A017-46A3-A2B0-B21F18282960}\mpengine.dll
2013-05-29 04:34:30    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-05-29 02:30:41    --------    d-----w-    C:\Program Files (x86)\VS Revo Group
2013-05-29 00:55:01    98816    ----a-w-    C:\Windows\sed.exe
2013-05-29 00:55:01    256000    ----a-w-    C:\Windows\PEV.exe
2013-05-29 00:55:01    208896    ----a-w-    C:\Windows\MBR.exe
2013-05-27 05:29:45    --------    d-----w-    C:\ProgramData\PC Optimizer Pro
2013-05-27 05:19:42    --------    d-----w-    C:\Program Files\PC Optimizer Pro
2013-05-27 05:19:16    --------    d-----w-    C:\Program Files\Updater By SweetPacks
2013-05-27 05:19:15    --------    d-----w-    C:\Users\Stuart\AppData\Local\Programs
2013-05-27 05:18:37    --------    d-----w-    C:\Windows\SysWow64\jmdp
2013-05-27 05:18:37    --------    d-----w-    C:\Windows\SysWow64\ARFC
2013-05-27 05:18:36    33792    ----a-w-    C:\Windows\System32\ImHttpComm.dll
2013-05-27 05:18:36    1453872    ----a-w-    C:\Windows\System32\dmwu.exe
2013-05-24 01:16:00    --------    d-----w-    C:\Users\Stuart\AppData\Local\NVIDIA
2013-05-24 01:11:57    --------    d-----w-    C:\Windows\SysWow64\NV
2013-05-24 01:11:57    --------    d-----w-    C:\Windows\System32\NV
2013-05-22 04:21:11    262552    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-16 07:28:15    701952    ----a-w-    C:\Program Files\Internet Explorer\ieproxy.dll
2013-05-16 06:52:30    --------    d-----w-    C:\Users\Stuart\AppData\Roaming\FairyBloomRe
2013-05-15 23:36:13    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 23:36:13    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 23:36:13    144384    ----a-w-    C:\Windows\System32\cdd.dll
2013-05-15 23:36:06    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-05-15 23:36:05    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2013-05-15 23:36:05    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-05-15 23:36:05    111448    ----a-w-    C:\Windows\System32\consent.exe
2013-05-15 23:35:59    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-05-15 23:35:59    230400    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-05-15 23:35:58    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-05-12 22:43:36    566048    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-05-06 05:36:25    --------    d-----w-    C:\Users\Stuart\AppData\Local\Insanely Twisted Shadow Planet
2013-05-05 18:17:51    --------    d-----w-    C:\Users\Stuart\AppData\Roaming\Origin
2013-05-05 18:17:51    --------    d-----w-    C:\Program Files (x86)\Origin Games
2013-05-05 18:17:46    --------    d-----w-    C:\Users\Stuart\AppData\Local\Origin
2013-05-05 18:17:20    --------    d-----w-    C:\ProgramData\Origin
2013-05-05 18:17:19    --------    d-----w-    C:\ProgramData\Electronic Arts
2013-05-05 18:17:19    --------    d-----w-    C:\Program Files (x86)\Origin
2013-05-05 16:33:14    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2013-06-03 17:55:17    25640    ----a-w-    C:\Windows\gdrv.sys
2013-05-21 12:28:00    829264    ----a-w-    C:\Windows\System32\msvcr100.dll
2013-05-21 12:28:00    608080    ----a-w-    C:\Windows\System32\msvcp100.dll
2013-05-15 05:07:19    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 05:07:19    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-15 05:07:12    9195912    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-05-12 20:34:14    6491936    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-05-12 20:34:14    3514656    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-05-12 20:34:12    884512    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-05-12 20:34:12    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-05-12 20:34:11    237856    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-05-08 14:13:10    3165737    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-05-02 09:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-05 06:52:14    2242048    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-05 06:50:36    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24    1767424    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 23:57:40    189248    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-04-04 23:57:33    189248    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-04-04 21:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-03-19 18:53:44    861088    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-03-19 18:53:44    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-03-19 06:04:06    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\Windows\System32\smss.exe
.
============= FINISH: 17:31:31.87 ===============
 

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-03 17:38:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721010CLA332 rev.JP4OA3MA 931.51GB
Running: gmer.exe; Driver: C:\Users\Stuart\AppData\Local\Temp\kgrirfow.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [252:2532]                        000007fef7ba9498
Thread  C:\Windows\system32\svchost.exe [252:3792]                        000007fef6a8506c
Thread  C:\Windows\system32\svchost.exe [252:3812]                        000007fef9481c20
Thread  C:\Windows\system32\svchost.exe [252:3796]                        000007fef9481c20
Thread  C:\Windows\system32\svchost.exe [252:5440]                        000007fefaf64164
Thread  C:\Windows\system32\svchost.exe [252:4312]                        000007fef6dd1ab0
Thread  C:\Windows\system32\svchost.exe [252:5888]                        000007fef595cb70
Thread  C:\Windows\System32\spoolsv.exe [1236:3192]                       000000018000a310
Thread  C:\Windows\System32\spoolsv.exe [1236:3200]                       000000018000a310
Thread  C:\Windows\System32\spoolsv.exe [1236:3204]                       000000018000a310
Thread  C:\Windows\System32\spoolsv.exe [1236:3216]                       000000018000a310
Thread  C:\Windows\System32\spoolsv.exe [1236:2028]                       000007fef90310c8
Thread  C:\Windows\System32\spoolsv.exe [1236:3344]                       000007fef6926144
Thread  C:\Windows\System32\spoolsv.exe [1236:3352]                       000007fef9445fd0
Thread  C:\Windows\System32\spoolsv.exe [1236:3360]                       000007fef8fe3438
Thread  C:\Windows\System32\spoolsv.exe [1236:3364]                       000007fef94463ec
Thread  C:\Windows\System32\spoolsv.exe [1236:3232]                       000007fef8fe3438
Thread  C:\Windows\System32\spoolsv.exe [1236:3372]                       000007fef94463ec
Thread  C:\Windows\System32\spoolsv.exe [1236:3396]                       000007fefae45e5c
Thread  C:\Windows\System32\spoolsv.exe [1236:3404]                       000007fef6995074
Thread  C:\Windows\System32\spoolsv.exe [1236:3460]                       00000000003de0bc
Thread  C:\Windows\system32\svchost.exe [1424:3968]                       000007fef5752888
Thread  C:\Windows\system32\svchost.exe [1424:5760]                       000007fef5752a40
Thread  C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [1728:3008]  00000000100092a0
Thread  C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [1728:2772]  00000000100092a0
Thread  C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [1728:2776]  00000000100092a0
Thread  C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [1728:1844]  00000000100092a0
Thread  C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [1728:3060]  00000000758920f2
Thread  C:\Windows\system32\svchost.exe [1872:3152]                       000007fefa6c8470
Thread  C:\Windows\system32\svchost.exe [1872:3412]                       000007fefa6d2418
Thread  C:\Windows\system32\taskhost.exe [3896:3408]                      000007fefa642740
Thread  C:\Windows\system32\taskhost.exe [3896:3532]                      000007fefb1c1010
Thread  C:\Windows\system32\taskhost.exe [3896:2988]                      000007fef7f11f38
Thread  C:\Windows\system32\taskhost.exe [3896:1264]                      000007fef8545170
Thread  C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1436:4964]    000007fef0583774
Thread  C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1436:2996]    000007fef0097498
Thread  C:\Windows\sysWOW64\wbem\wmiprvse.exe [772:4320]                  000000006e091070

---- EOF - GMER 2.1 ----
 



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:28 AM

Posted 05 June 2013 - 05:43 PM

Please run the following and post there logs.

 

1.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Run%20as%20admin.png
  • Click the Delete button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

 

2.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

Things to include in your next reply::

AdwCleaner log

Roguekiller log

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 SB_Tiger

SB_Tiger
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 10 June 2013 - 09:11 PM

Okay, I ran both ADWCleaner and Rougekiller. After running ADWCleaner, PC Optimzer no longer auto boots and opens on startup. I had disable Sweet Packs in my Firefox settings and the option to enable it again is still there, but it hasn't appeared to be affecting my Internet browsing at all.

 

Here are the ADWCleaner and RK logs:

 

# AdwCleaner v2.303 - Logfile created 06/10/2013 at 18:15:23
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Stuart - STUARTZ-PC
# Boot Mode : Normal
# Running from : C:\Users\Stuart\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\PC Optimizer Pro
Deleted on reboot : C:\Program Files\Updater By SweetPacks
File Deleted : C:\Users\Public\Desktop\PC Optimizer Pro.lnk
File Deleted : C:\Windows\tasks\PC Optimizer Pro Updates.job
File Deleted : C:\Windows\tasks\PC Optimizer Pro64 Scan.job
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro
Folder Deleted : C:\ProgramData\PC Optimizer Pro

***** [Registry] *****

Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\y3n42r2y.default\prefs.js

Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks")[...]

*************************

AdwCleaner[R1].txt - [13259 octets] - [28/05/2013 17:47:53]
AdwCleaner[S1].txt - [13524 octets] - [28/05/2013 17:48:19]
AdwCleaner[S2].txt - [1852 octets] - [10/06/2013 18:15:23]

########## EOF - C:\AdwCleaner[S2].txt - [1912 octets] ##########

 

 

 

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Stuart [Admin rights]
Mode : Scan -- Date : 06/10/2013 18:27:22
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] 52f747f7d8781d62bffe500713dccad7
[BSP] 0c59e5b5b2a9a04515534d9e47f0e8ea : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_06102013_02d1827.txt >>
RKreport[1]_S_06102013_02d1827.txt

 

 

 



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:28 AM

Posted 11 June 2013 - 04:41 PM

  •    1. Please download OTL from one of the following mirrors:
             
  • This is THE Mirror
       2. Save it to your desktop.
       3. Double click on the otlDesktopIcon.png  icon on your desktop.
       4. Under the Custom Scan box paste this in
         

    c:\windows\*. /SL
    c:\windows\*. /RP
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
       5. Push the Quick Scan button.
       6. Two reports will open, copy and paste them in a reply here:
             
  • OTL.txt <-- Will be opened
             
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 SB_Tiger

SB_Tiger
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 11 June 2013 - 05:50 PM

OTL logfile created on: 6/11/2013 3:38:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stuart\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.92 Gb Total Physical Memory | 6.24 Gb Available Physical Memory | 78.74% Memory free
15.84 Gb Paging File | 13.97 Gb Available in Paging File | 88.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 40.19 Gb Free Space | 4.31% Space Free | Partition Type: NTFS
 
Computer Name: STUARTZ-PC | User Name: Stuart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/11 15:37:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stuart\Desktop\OTL.exe
PRC - [2013/05/21 21:21:10 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/16 07:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/05/16 07:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/05/12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/04/04 16:57:40 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2013/02/28 13:37:14 | 000,188,760 | ---- | M] () -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012/07/14 21:53:53 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/02/09 15:52:38 | 000,979,360 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/07/30 11:37:42 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011/03/23 21:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
PRC - [2011/03/22 01:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
PRC - [2010/11/20 20:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/11/15 04:21:56 | 000,841,544 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
PRC - [2010/11/15 04:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/04/22 15:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
PRC - [2009/10/13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/21 21:21:10 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/30 11:37:42 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/02/28 13:37:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)
SRV:64bit: - [2010/05/10 12:06:18 | 000,573,952 | ---- | M] () [Auto | Running] -- C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe -- (Bigfoot Networks Killer Service)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/21 21:21:10 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/21 15:37:44 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/16 07:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/05/12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/04/15 10:33:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 16:57:40 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2013/01/01 00:34:43 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012/07/14 21:53:53 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/08/07 05:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/03/23 21:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF)
SRV - [2011/03/22 01:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2010/11/15 04:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/02/24 22:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/06/16 22:10:08 | 001,308,160 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAHS164.sys -- (CorsairCAHS1)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/09 20:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/07 02:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/03/07 02:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/01/13 04:58:00 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/14 10:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 09:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/05/10 12:07:22 | 000,152,680 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Xeno7x64.sys -- (BFN7x64)
DRV:64bit: - [2010/05/10 12:07:22 | 000,030,824 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Edge7x64.sys -- (BfEdge7x64)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/06/11 15:34:47 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/07/18 09:05:11 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{1C03849C-506A-4798-9250-F3B382B30E00}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKCU\..\SearchScopes\{5E864FAC-D6C8-489e-9B96-EA278AE1465A}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKCU\..\SearchScopes\{7563A1C3-5DC2-49c6-B175-50C79712687B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/05/26 22:19:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2011/07/18 08:51:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2011/07/18 08:51:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2011/07/18 08:51:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox [2013/05/26 22:19:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/21 21:21:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/21 21:21:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/05/26 22:19:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stuart\AppData\Roaming\Mozilla\Extensions
[2013/05/28 20:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\y3n42r2y.default\extensions
[2013/05/26 22:18:44 | 000,001,793 | ---- | M] () -- C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\y3n42r2y.default\searchplugins\Bing.xml
[2013/05/21 21:21:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/21 21:21:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/05/21 21:21:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/05/21 21:21:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/21 21:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/21 21:21:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/05/28 18:07:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [CAHS1Sound] C:\Windows\Syswow64\CAHS1.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4 - Startup: C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53F78877-E44B-4E91-B164-F4C7B68E426D}: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CAE3FA3-057D-473A-ABDC-B16088ABAE32}: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/11 15:37:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stuart\Desktop\OTL.exe
[2013/06/10 18:22:36 | 000,000,000 | ---D | C] -- C:\Users\Stuart\Desktop\RK_Quarantine
[2013/06/03 16:24:13 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Stuart\Desktop\dds.scr
[2013/05/28 21:34:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/28 20:58:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/28 19:30:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/05/28 19:30:41 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/05/28 17:55:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/28 17:55:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/28 17:55:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/28 17:54:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/28 17:54:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/28 17:53:24 | 005,073,758 | R--- | C] (Swearware) -- C:\Users\Stuart\Desktop\ComboFix.exe
[2013/05/26 22:31:39 | 000,000,000 | ---D | C] -- C:\Users\Stuart\Desktop\rkill
[2013/05/26 22:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/05/26 22:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[2013/05/26 22:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Updater By SweetPacks
[2013/05/26 22:19:15 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\Programs
[2013/05/26 22:18:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp
[2013/05/26 22:18:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC
[2013/05/26 22:18:36 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013/05/23 18:16:00 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Local\NVIDIA
[2013/05/23 18:12:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/05/23 18:11:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2013/05/23 18:11:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2013/05/21 21:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/15 23:52:30 | 000,000,000 | ---D | C] -- C:\Users\Stuart\AppData\Roaming\FairyBloomRe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/11 15:41:41 | 000,021,888 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 15:41:41 | 000,021,888 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/11 15:37:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stuart\Desktop\OTL.exe
[2013/06/11 15:34:42 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/06/11 15:34:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/11 15:34:10 | 2082,299,903 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/11 00:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/10 18:15:46 | 000,000,155 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/06/03 17:28:38 | 000,377,856 | ---- | M] () -- C:\Users\Stuart\Desktop\gmer.exe
[2013/06/03 16:24:16 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Stuart\Desktop\dds.scr
[2013/06/03 14:05:26 | 000,007,324 | ---- | M] () -- C:\Users\Stuart\Desktop\bleeping_computer_optimzer.rtf
[2013/05/28 19:30:41 | 000,001,264 | ---- | M] () -- C:\Users\Stuart\Desktop\Revo Uninstaller.lnk
[2013/05/28 18:07:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/28 17:53:45 | 005,073,758 | R--- | M] (Swearware) -- C:\Users\Stuart\Desktop\ComboFix.exe
[2013/05/28 13:38:24 | 344,560,740 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/26 22:34:20 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Idle.job
[2013/05/26 22:32:40 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/23 18:15:18 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013/05/21 05:53:10 | 001,453,872 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
[2013/05/21 05:52:14 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013/05/16 08:30:19 | 000,298,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/10 18:15:32 | 000,000,155 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/06/03 17:28:37 | 000,377,856 | ---- | C] () -- C:\Users\Stuart\Desktop\gmer.exe
[2013/06/03 13:40:18 | 000,007,324 | ---- | C] () -- C:\Users\Stuart\Desktop\bleeping_computer_optimzer.rtf
[2013/05/28 19:30:41 | 000,001,264 | ---- | C] () -- C:\Users\Stuart\Desktop\Revo Uninstaller.lnk
[2013/05/28 17:55:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/28 17:55:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/28 17:55:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/28 17:55:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/28 17:55:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/26 22:29:46 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro Idle.job
[2013/05/26 22:29:45 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/05/26 22:18:36 | 001,453,872 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
[2013/05/23 18:15:18 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2012/07/14 21:30:13 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/14 21:30:11 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/14 21:30:10 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/03/22 22:04:48 | 000,000,357 | ---- | C] () -- C:\Users\Stuart\.cb_layout.bin
[2012/03/18 16:15:07 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/03/18 16:15:07 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/03/18 16:15:07 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/03/18 16:15:07 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/03/18 16:15:07 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/03/18 16:15:07 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/03/18 16:15:07 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/03/18 16:15:07 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/03/18 16:15:07 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/03/18 16:15:07 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/03/18 16:15:07 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/03/18 16:15:07 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/03/18 16:15:07 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/03/18 16:15:07 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/03/18 16:15:07 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/03/18 16:15:07 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/09 20:20:41 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/23 13:54:49 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/07/23 12:55:23 | 000,143,360 | ---- | C] () -- C:\Windows\VmixHS1.dll
[2011/07/23 12:55:14 | 000,000,266 | ---- | C] () -- C:\Windows\CAHS1.ini.cfl
[2011/07/23 12:55:10 | 000,000,347 | ---- | C] () -- C:\Windows\CAHS1.ini.imi
[2011/07/23 12:55:09 | 000,001,525 | ---- | C] () -- C:\Windows\CAHS1.ini.cfg
[2011/07/18 09:18:55 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2011/07/18 08:59:39 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011/07/18 08:55:28 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/07/18 08:52:32 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/18 08:52:32 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/18 08:52:32 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/07/18 08:52:32 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/07/18 08:52:31 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/07/18 08:49:58 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/12/10 00:44:03 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Atlus
[2011/09/04 17:54:44 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\AtomZombieData
[2013/05/26 19:52:27 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Awesomium
[2011/10/29 21:22:19 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Beat Hazard
[2013/04/25 20:46:55 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Bioshock
[2012/06/16 14:44:53 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Carbon
[2012/07/10 00:00:11 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Chime
[2012/09/01 01:14:20 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\collection
[2012/06/27 00:52:14 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\com.cipherprime.auditorium
[2013/02/13 16:02:29 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Doublefine
[2012/12/14 12:40:02 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Dwarfs
[2012/03/19 23:43:23 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Epson
[2013/05/16 00:01:26 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\FairyBloomRe
[2011/10/30 23:54:57 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\fltk.org
[2012/06/26 22:35:03 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\HackSlashLoot
[2011/07/30 12:16:09 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\LolClient
[2013/05/02 12:17:13 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\OnLive App
[2012/09/30 21:35:30 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\OpenOffice.org
[2013/05/05 11:17:51 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Origin
[2012/01/01 18:55:33 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Polynomial
[2013/04/25 23:20:23 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\RenPy
[2012/02/27 22:52:08 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\RotMG.Production
[2012/07/15 12:38:35 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\runic games
[2011/07/23 11:59:50 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Splashtop
[2011/10/28 19:52:23 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\SystemRequirementsLab
[2013/01/16 21:00:41 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\YOUDONTKNOWJACK
[2012/07/09 23:58:26 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\ZenBound2
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< c:\windows\*. /SL >
[2009/07/13 22:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 22:08:49 | 000,032,646 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/01/13 12:02:53 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/05/26 22:29:45 | 000,000,416 | ---- | C] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job
[2013/05/26 22:29:46 | 000,000,438 | ---- | C] () -- C:\Windows\Tasks\PC Optimizer Pro Idle.job
 
< c:\windows\*. /RP >
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2013/02/01 20:31:42 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Adobe
[2011/10/18 19:48:10 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Apple Computer
[2012/12/10 00:44:03 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Atlus
[2011/09/04 17:54:44 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\AtomZombieData
[2013/05/26 19:52:27 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Awesomium
[2011/10/29 21:22:19 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Beat Hazard
[2013/04/25 20:46:55 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Bioshock
[2012/06/16 14:44:53 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Carbon
[2012/07/10 00:00:11 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Chime
[2012/09/01 01:14:20 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\collection
[2012/06/27 00:52:14 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\com.cipherprime.auditorium
[2013/02/13 16:02:29 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Doublefine
[2012/12/14 12:40:02 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Dwarfs
[2012/03/19 23:43:23 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Epson
[2013/05/16 00:01:26 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\FairyBloomRe
[2011/10/30 23:54:57 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\fltk.org
[2012/06/26 22:35:03 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\HackSlashLoot
[2011/07/23 11:59:35 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Identities
[2012/03/18 16:15:06 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\InstallShield
[2011/07/30 12:16:09 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\LolClient
[2011/07/23 12:40:07 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Macromedia
[2012/11/01 22:43:29 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Malwarebytes
[2010/11/21 00:16:41 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Media Center Programs
[2012/10/14 08:37:35 | 000,000,000 | --SD | M] -- C:\Users\Stuart\AppData\Roaming\Microsoft
[2011/07/23 12:05:27 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Mozilla
[2011/10/29 11:17:27 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\NVIDIA
[2013/05/02 12:17:13 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\OnLive App
[2012/09/30 21:35:30 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\OpenOffice.org
[2013/05/05 11:17:51 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Origin
[2012/01/01 18:55:33 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Polynomial
[2013/04/25 23:20:23 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\RenPy
[2012/02/27 22:52:08 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\RotMG.Production
[2012/07/15 12:38:35 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\runic games
[2011/07/23 11:59:50 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\Splashtop
[2011/10/28 19:52:23 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\SystemRequirementsLab
[2012/08/02 21:55:52 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\vlc
[2013/01/16 21:00:41 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\YOUDONTKNOWJACK
[2012/07/09 23:58:26 | 000,000,000 | ---D | M] -- C:\Users\Stuart\AppData\Roaming\ZenBound2
 
< %APPDATA%\*.exe /s >
[2013/02/01 20:30:24 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Stuart\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\drivers\*.sys /90 >

< End of report >
 

 

 

OTL Extras logfile created on: 6/11/2013 3:38:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stuart\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.92 Gb Total Physical Memory | 6.24 Gb Available Physical Memory | 78.74% Memory free
15.84 Gb Paging File | 13.97 Gb Available in Paging File | 88.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 40.19 Gb Free Space | 4.31% Space Free | Partition Type: NTFS
 
Computer Name: STUARTZ-PC | User Name: Stuart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33E4CD93-4BEB-4175-A6CC-B2A92EEF2B87}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{90E29A6A-FBF1-44CE-B8E5-9D8183C8562F}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{B3AE214B-AB8E-4DB8-97EA-A038FCF87694}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005F04D0-A259-4307-8A1A-9DA39574DFA2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe |
"{01086A8F-CC8C-465B-9C03-20B34CA3E201}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
"{010C4A19-FFED-49DA-ADF9-F230C1481030}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anodyne\anodyne.exe |
"{01107937-C711-4C45-AD56-660C573F4548}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{052CDADC-E059-4742-ADAF-3DA3BF48B5E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\slam bolt scrappers\sbs.exe |
"{05DE7528-A60A-4667-8C1F-50252F686EB6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\bin\sdklauncher.exe |
"{08BBF507-DE6A-4085-BEB2-D83C35DDCF01}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe |
"{0923137C-8731-45E2-8D21-79DE902A4941}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half minute hero\hmh.exe |
"{097A1D3E-6C46-4354-8805-3CB2A602C5B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\delve deeper\delvedeeper.exe |
"{09D5E7AA-6423-43E7-95B2-50B38AEB5EE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stacking\stack.exe |
"{0A5749FD-C7A6-43D3-A8C9-A8C23559241C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{0A9BB703-AE5C-4439-8E28-25EA739360D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gamemaker_studio\gamemakerplayer.exe |
"{0C83D1A4-A409-4304-B7F2-DB5A6CF7E852}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sugar cube bittersweet factory\sugarcube-bf.exe |
"{0EBA5B57-08F2-40FC-A7D9-FF1E231FC256}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brutallegend\brutallegend.exe |
"{106D91B3-C080-4EE3-8625-072945EF4367}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trash tv\trashtv.exe |
"{10E31E97-5FF7-4EF9-BC87-CF254061A4A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{110D3F9F-967F-4520-B6AB-11BAC0ECD037}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{11AEC600-0BD7-4E43-82D6-700D8BC77A56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hardreset\hardreset.exe |
"{1231B103-60E7-4DD9-A646-0FEE72C494D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{12EC5EC2-CEB1-457F-BCDC-97F2D9921DAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\marvel heroes\unrealengine3\binaries\win32\marvelgame.exe |
"{12F7EC5A-6129-4E5D-B9DB-D6E5B0D94EED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{13CD74F8-31BD-407A-BE47-DBDA4ED0192C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{14CCD7AC-4E01-4D3B-9209-F970E39EBB10}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brainpipe\brainpipe.exe |
"{16B0DE79-A480-4DAE-8142-4D793A4054E0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kings bounty crossworlds\kb.exe |
"{16E83C72-8DCF-480E-BB2F-27B28C3D7491}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe |
"{1AD3C4F7-86F3-4DD3-9B3C-0C5C4D850CAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shado\shado.exe |
"{1C368CF3-6EDB-457A-A4CF-8DEFF7857ED5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\pid\pid.exe |
"{1CA31C19-552F-479D-A994-70D62C7D56CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\bin\sdklauncher.exe |
"{1CB6825D-A9F1-4F2F-963A-1D317CF44A89}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{1D136E83-6A67-4CA3-BFD3-6538A40A1D96}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe |
"{1D3D3D4C-01DC-4017-9107-98A82B79E2F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\post mortem\game.exe |
"{220AB9E8-A000-4079-B8D7-B22167E3AE4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flotilla\flotilla.exe |
"{25686D04-F58C-4CEC-96DC-98827C4A93BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{267E293D-3C99-4270-A4B8-EBEE204A8BA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rip 3 - the last hero\rip3\rip3.exe |
"{26801A51-3BCF-4F06-A992-E26006BE285C}" = protocol=17 | dir=in | app=c:\udk\content\smnc_content\binaries\win64\udk.exe |
"{26F5BE4F-9C24-4179-9C9F-6CD6809DB43B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lunar flight\lunarflight.exe |
"{2703F2E1-0471-420C-A462-47E34DC8917D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\8-bit is enough\homestar105.exe |
"{2724516A-B80E-4370-812D-6F7A969EEE5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{275611D3-A332-4D93-9E85-39EE6204F107}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\king's bounty - the legend\save_fixer.exe |
"{28A96F81-5FCF-47C8-9D76-C1A3FB9DD9E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe |
"{28FAEC2B-20DA-43E6-A55B-499590AB76C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{2AA7ED32-4C64-4AC6-9AAF-7E9023B8B730}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{2C0CEF54-D2A5-4560-81E2-F0EFBF255FA7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\baddest of the bands\homestar103.exe |
"{2C7EE67C-111A-40DE-B499-514DA4E8C33B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{2CADA16B-9301-49AA-AB0C-80A9563A9312}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vigil blood bitterness\vigil blood bitterness.exe |
"{2F1EDDE0-5BA9-4B4E-A4B4-9A642A6818A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\obulis\obulis_steam.exe |
"{30186C35-BC8F-4360-B662-E5C4E9A07939}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\karateka\binaries\karateka.exe |
"{30A34257-A1B1-4BFF-A38F-4AE95EF4B4A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{310B1FF7-30C8-484B-96D6-8270AEB644EA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rise of immortals\roiclientr.exe |
"{31B79217-B7CB-43FB-BF05-2E3E75680E52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\offspring fling!\offspring fling.exe |
"{32C9E6F0-1B1C-4F50-B6BA-79DF3AC10F17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\baddest of the bands\homestar103.exe |
"{32D2ADC9-2A90-4A6B-BFCB-FF7207CBE163}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kings bounty armored princess\kb.exe |
"{33EFF5CA-4445-421F-AA72-4E2D219A7429}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cogs\cogs.exe |
"{344D27AE-23F3-4FD5-80AB-32E5067D7257}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe |
"{346823EB-6E1D-46AF-9434-6E006EBBCB4C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip void\bit.trip void.exe |
"{349B9DE2-139E-4EBC-80B3-88598EF22AC5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\pinball fx2\pinball fx2.exe |
"{357C4390-48E3-4B95-AB0B-89051F9BDC1C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rise of immortals\roiclientr.exe |
"{3647B521-64CD-4431-B1C9-6E850226CEF4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kungfustrike\kungfustrike.exe |
"{3662371E-075F-41E7-8550-9EAFC867DCC1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\post mortem\game.exe |
"{366AFFCC-F3CD-4007-9D5C-7FCD15B42FDC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\king's bounty - the legend\kb.exe |
"{37501561-2CBB-43EF-A2AC-5B505C429D30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |
"{3811686A-67EC-4EA7-82D9-32C4B137799A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bittriprunner2\runner2.exe |
"{384C43A3-098A-4FAC-AE3D-D52912B5AAF0}" = protocol=6 | dir=in | app=c:\udk\content\smnc_content\binaries\win32\udk.exe |
"{389B79CD-CFCD-4F4D-AD0C-BAAD912CB2C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rip 3 - the last hero\rip3\rip3.exe |
"{3A1BBF7B-9333-4C5E-A016-13E49A7FDB0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ironbrigade\ironbrigade.exe |
"{3A4AB557-0ED9-48F6-9D3D-ADA380FDF6BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ja2_wildfire\wf6.exe |
"{3A4E0879-8911-414E-BB21-D8E759A7421A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{3A64B0BB-596C-4EBF-913F-D41E9CA750C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys the oath in felghana\config.exe |
"{3AB58DE7-09E3-4D4D-8CDE-0B210CD10A23}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3AFCC254-BB6E-4684-A6E7-301177738C28}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{3BA9EA5A-AA15-427C-86F5-2D5FEB151F57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe |
"{3BB50A39-AD2D-4E21-93B2-1061F5DD1029}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfs.exe |
"{3D138B8F-52BF-4EC6-802B-F547BE7B3883}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tidalis\tidalis.exe |
"{3D18A6AD-4F34-4C38-B06C-1833279F0A2B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |
"{3E2F127F-98C7-4F80-BD0E-57CC9EFF8A24}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the path\pathviewer.exe |
"{4096F8BC-CEEF-48EC-966F-9D7685C7A6B3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rip 2 - strike back\ripsb\rip.exe |
"{4102D506-45F6-42D8-94B0-53114F69DF18}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip beat\beat.exe |
"{424BE5A5-C6FC-41A0-BE98-453A2FCE49D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scratches\scream.exe |
"{4371D2F7-494D-4166-9A7E-695532284372}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs\dwarfs.exe |
"{444E06E3-3AF0-4C96-BA1E-4630D35B30AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe |
"{4478D939-7C46-40E6-98B6-EC1EB55E78E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ja2_wildfire\wf6.exe |
"{44ABA5CC-BF61-42C1-9518-7BCFEE17843B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shadowgrounds\shadowgroundseditor.exe |
"{45C17B16-3BDF-4522-BE10-D318D545E2DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe |
"{47611246-AFC1-4228-8A3A-AD73710B3A9D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brainpipe\brainpipe.exe |
"{48834EDB-68B0-4BD0-A702-0E07C8839515}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stacking\stack.exe |
"{4C372655-BD26-40DA-AB4E-44720C52D46B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hardreset\hardreset.exe |
"{4CB2CFEF-AD46-48D6-BEF0-E6794FBF5F7E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\strong badia the free\homestar102.exe |
"{4E2D27B9-78BD-43D4-877B-DC912B92721E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\pid\pid.exe |
"{51569449-05B5-4657-BDF6-75882EBACA6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kings bounty crossworlds\kb.exe |
"{53865ED5-7050-4A37-945B-82A8308C86AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hack n slash prototype\afhack.exe |
"{539264BE-F867-4EF4-BCA5-32D075A330D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chantelise\chantelise.exe |
"{545E43F8-5FD7-41E6-822B-2C0C8D00CB54}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rochard\rochard.exe |
"{555CEBCC-1ED5-4090-B03D-0FAB4C53C8F2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thirty_flights_of_loving\tfol.exe |
"{56E8005E-7B03-4F1C-8989-106DDB23EC2F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{57DD6B45-0800-4AAE-90DB-E89CB3CD87B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3bdupdatersteam.exe |
"{58D60C9D-5012-407D-A95D-E8757DEE2185}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hero academy\heroacademy.exe |
"{594F5423-5CD5-4BB1-8556-4DDDD3A5D0A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe |
"{5A719C28-9D5B-4DB5-800B-825E2BDC2820}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cubemen\cubemen.exe |
"{5B9BF762-FC35-4F27-B4C4-8E4BC1CB7F81}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anodyne\anodyne.exe |
"{5D71E31B-F20D-41D5-85F8-1860C679AA06}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sugar cube bittersweet factory\sugarcube-bf.exe |
"{5E4A7B22-AAC8-433A-BB79-449719D6122A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dangeresque 3\homestar104.exe |
"{5E5E1A0B-C819-4C02-8AAC-7A945F65D102}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homestar ruiner\homestar101.exe |
"{60215757-4479-4E62-A929-55DEAE918CF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\costume quest\cq.exe |
"{6190543B-7145-43E9-8C06-4B7AF1CB11AC}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{62238905-5C48-4EB0-B44E-6FC4BB0A5D8A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
"{627BB37D-4996-4489-8931-E0CD94800668}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\slam bolt scrappers\sbs.exe |
"{630ECE0A-9008-4A76-BA5F-6F6D9525F3FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brutallegend\brutallegend.exe |
"{632BDD37-DB68-40DB-B164-80E08124CDD0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rip\rip\rip.exe |
"{64759692-24C4-4AC4-9CA8-5CF2F8F17D2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\strong badia the free\homestar102.exe |
"{6600E443-2ECB-45D9-AC8B-1C1ED15C665A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lunar flight\lunarflight.exe |
"{663EAFF1-5964-4E77-83C2-B4B837E7871B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{6685046D-8AB9-4CB4-A74D-9AFA63FF0016}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\costume quest\cq.exe |
"{66ACEA3A-BCE1-4D54-BDAA-5A188358153D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zen bound 2\zenbound2.exe |
"{67537106-D54F-4C71-9875-E23940589AC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{6789AD04-0BFE-4EB4-B301-37B30D9C0192}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\krater\run_game.exe |
"{681FBC50-789B-4F17-8658-EE2439279FE4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flotilla\flotilla.exe |
"{6925237D-D7A7-4BD1-831D-0D0E6DD7BA03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vertex dispenser\vertex dispenser.exe |
"{6A4609FC-6F03-4A59-8248-74F6DCCCA667}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\far cry 3 blood dragon\bin\fc3bdupdatersteam.exe |
"{6B97A6D9-7EDD-40D7-A273-21F6A97DFECE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\obulis\obulis_steam.exe |
"{6CD1DADF-48EB-4699-BA7E-4933C8BC8120}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blades of time\bladesoftime.exe |
"{6CDE3833-5510-4954-9B54-02BDDD41DFF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airforte\data\airforte.exe |
"{6E27B5D8-B29D-4335-BC90-38215F5AF8D8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blood bowl legendary edition\bb_le.exe |
"{6EE588D6-04C1-4577-820C-8A3B161C2D17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\data jammers fastforward\fastforward.exe |
"{71F25150-3953-4F35-8778-D801CBE7FBFD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\king's bounty - the legend\save_fixer.exe |
"{73F1F6B4-4173-4789-AABF-2990031B336B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe |
"{7476D4B8-E281-4455-90A5-D52D9859960D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cogs\cogs.exe |
"{74C7EAE1-DC6B-40B7-86CD-CEF8F3610A58}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{75A4A5A5-BCED-413A-9CD1-FE0388A715D6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{77058B4E-1F06-46FD-9AEB-F677D3650CBA}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{77E5EA92-5EE5-416C-A817-7A5FF6CBDB64}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe |
"{794DCF07-3A83-497C-AE16-B0117486CBB8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penguins arena\penguinsarena.exe |
"{79B2C5D0-A997-478D-823A-95B8ACA64B08}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kungfustrike\kungfustrike.exe |
"{7A32223F-00EC-4D98-8D0F-80526EA46364}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shado\shado.exe |
"{7B8D88A8-4F09-495A-A856-695C0AEC9317}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys the oath in felghana\config.exe |
"{7C814903-C896-4454-9D10-D699C567D78B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bittriprunner2\runner2.exe |
"{7CC2B15F-2B9E-49E3-8CB8-5239F6A86158}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys the oath in felghana\ysf_win.exe |
"{7D22AB06-641E-4CEE-836E-0A6B0F4ECD47}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dlc quest\dlc.exe |
"{7FB2EFEB-7B53-4965-94F2-AE41C3BCA97B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe |
"{7FFF74E1-CAD0-4FC1-B521-25A4A24094D9}" = protocol=6 | dir=in | app=c:\udk\content\smnc_content\binaries\win64\udk.exe |
"{80FBE3C7-1368-4C5F-9FDB-8635B6C9F251}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip void\bit.trip void.exe |
"{81AB71B2-E052-4E8B-814B-E91BB440CD60}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8369C4B9-E215-4F2E-9C82-CE628D844B52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\pinball fx2\pinball fx2.exe |
"{89C054A2-464A-453D-9C4E-94F1D77E74A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfs.exe |
"{89C25DC3-1810-4A9D-B19E-C641995AEB53}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night 2\pokernight2.exe |
"{89CA0C19-A695-48D4-B80B-93392C431A09}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dlc quest\dlc.exe |
"{8ADAF6A8-DEB1-4697-92D0-6AA95CBE13BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\delve deeper\delvedeeper.exe |
"{8B6E307C-6169-41BA-8C87-571972DD8FAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{8BAEC6B5-9F61-4FDF-B8D9-4D91AF496B05}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{8C32E112-E289-4B05-8C69-5377E74F374E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8D08FC3A-A9F9-4BC2-AB91-DB995B6E2F59}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank 2\bin\shank2.exe |
"{8DD48323-B911-4EF8-A3DD-7A7B56295712}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{8E3D92BA-B5F2-4637-AF87-D07987BA895D}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{8FCDC60C-7D71-41F6-8C2A-4D546A038819}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trash tv\trashtv.exe |
"{8FCDD27B-47BB-4427-A6A2-F8FD9879EC0B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{91CEB90C-7FC6-49AD-AF07-D24156C1088D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip beat\beat.exe |
"{923773DC-44E1-4133-BC1C-583B0C333983}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rochard\rochard.exe |
"{929C28B7-4353-49C0-8DF8-3673BF202AD0}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{92D3AFAF-3363-420D-BA5E-1A4B18BB145A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fairy bloom freesia\fairybloomfreesia.exe |
"{93FA9A22-AA5A-4C1B-AD89-27180E579239}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homestar ruiner\homestar101.exe |
"{94EB8647-5B75-4D60-8AA6-15C4797EC812}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9C3888BE-739F-46AF-B787-51619AFB82CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jet set radio\jsrsetup.exe |
"{9C77C432-613D-4668-BCCC-F396CEFB37B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vigil blood bitterness\vigil blood bitterness.exe |
"{9F73FA0A-ED42-4649-8312-5428EA323BE1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe |
"{A105F260-3FD9-492C-A55F-6158319DBE75}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{A38081C1-91B7-415A-8FE7-7F961086EF03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blood bowl legendary edition\bb_le.exe |
"{A3A2EA4D-818D-48F1-A301-2A1B8C6D6185}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe |
"{A3F69DED-3829-4F9F-BE8F-0FCE93255968}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tidalis\tidalis.exe |
"{A42DB4B1-FA6C-442F-8FBD-7A1A1E4AD191}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{A55B3C71-A446-4EAD-B885-172E0A225FDA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vertex dispenser\vertex dispenser.exe |
"{A61B4B1C-96AD-4543-8C3B-52CCCBE0F04E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe |
"{A66BCB29-499E-4B03-9DA9-415DBB6C2A28}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{A6894047-37C2-43C0-9007-2306B4378831}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2 deathmatch\hl2.exe |
"{A7212C39-0FA8-48AC-B412-8A5FED3C8F8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{A7348BCB-768D-466F-90DA-D3F3E4F8A6C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon hearts\dungeonhearts.exe |
"{A740DFF0-D8D2-4D60-A8DA-018AF7257E00}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A7AF09A2-9833-4821-8644-0353A511B988}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\data jammers fastforward\fastforward.exe |
"{A7E8BEE9-8ED6-48DE-85B8-2EA50AE51E67}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe |
"{A82C4AF3-D087-4509-994C-0CC0C653687A}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{A8C3CA71-9C54-4662-99A0-5440536BCAC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs\dwarfs.exe |
"{AD7EE563-F43F-466D-B3A8-18D912F3188B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{ADDE5DAF-3D75-4D31-BEDA-706D6B8D60DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon hearts\dungeonhearts.exe |
"{AE18E19B-0A9F-4FD2-99A0-8A9585A21F79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{AF52BC01-717C-44D8-BB06-FE7452852541}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cortex command\cortex command.exe |
"{AF565000-56E8-44AF-989F-BAABD739AE26}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hack n slash prototype\afhack.exe |
"{AF7240E4-4850-4612-9EEF-1FFE644F9F65}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{B08F71B6-9961-41F8-A0D0-20FCEFC9B137}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rip 2 - strike back\ripsb\rip.exe |
"{B446428D-F8C5-488F-93AA-3AC796D053E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{B60C6161-1C7A-483B-9229-9754ECA2362D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\weird worlds\weirdworlds.exe |
"{B99E3437-3764-4554-A063-463191B49D91}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys the oath in felghana\ysf_win_dx9.exe |
"{BC44E9C5-0350-4FEB-BC30-CD771694BD50}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{BD14D841-C761-445A-9AFC-B289992581DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\weird worlds\weirdworlds.exe |
"{BD232D8A-BCD7-4247-A507-C67AACF86FFB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\zen bound 2\zenbound2.exe |
"{BEAF3EE7-F6F5-41FD-A796-2CE970356588}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe |
"{C1923831-2EBD-4FE8-8857-486D95FF1D71}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C21BF0BA-F12B-4D3F-8FC0-04DBC541EC1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night 2\pokernight2.exe |
"{C3AC42E4-E639-4D37-BF3E-110ECD0E2548}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gamemaker_studio\gamemakerplayer.exe |
"{C49525C8-7903-428C-A97E-C8429BE610FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe |
"{C51CF708-9448-4E52-AF3C-305728FBC09D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{C77AB2E3-E533-4DC9-B260-7CFD784784FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2 deathmatch\hl2.exe |
"{C80C7BA7-52CC-4BA6-B88B-DE1CB0F30349}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{C887C37D-F8AA-4D7A-B523-202D296758A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{C900B00F-92DB-42AC-B7A8-C8C8B4E27101}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\offspring fling!\offspring fling.exe |
"{C9C0CAEC-EA82-4543-B887-723F33BF06E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ironbrigade\ironbrigade.exe |
"{CA9C6551-6768-4CF3-A572-F4C8C14D7D16}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\8-bit is enough\homestar105.exe |
"{CAF5DB3A-C6D8-4F8A-ADFF-FA42A0E0C0E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\larva mortus\larvamortus.exe |
"{CBB4F113-F28C-42C0-B6AC-2644B79CE052}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fairy bloom freesia\fairybloomfreesia.exe |
"{CD2B2D4B-2CE7-4AF6-BA2C-A18C996DA0DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys the oath in felghana\config_dx9.exe |
"{CE99C69A-37BF-4431-A156-AFFB10B9746A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe |
"{CE9EB88E-06AC-45FF-A205-21766CA22B33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys the oath in felghana\ysf_win.exe |
"{CFBE214A-0220-4E3B-ABF9-0B893A72DD04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe |
"{CFD4B0C4-8D2D-4CB8-87D8-3465AE8EF7D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dustforce\dustforce.exe |
"{D0D326A6-ED03-412A-BDCF-B81A10B56CFA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\satazius\satazius.exe |
"{D0F77525-B867-464B-8D8D-CF013FA00157}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
"{D1927033-871B-43C9-98F4-C1166C0F4E5D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe |
"{D1D5D29A-9B10-490A-8F9E-AABB1C21D463}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe |
"{D258C5DD-6762-4D0B-B597-02F608A6990D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\larva mortus\larvamortus.exe |
"{D2CA2B67-3374-49AC-84BA-839D6314398C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe |
"{D2D4F86A-144C-4214-9820-A9792D8DEA37}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{D33BA4CA-658E-4A5C-86F2-F6DDB3209A18}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{D37579DA-AD5A-4B4A-9387-9765A692DAB8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cortex command\cortex command.exe |
"{D3C52FA4-4C71-4D3D-8DA8-F9E4C7610768}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\guns of icarus online\gunsoficarusonline.exe |
"{D55A8F9A-0CD9-4E2B-A2FF-E140A48EBFE2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thirty_flights_of_loving\tfol.exe |
"{D5AFE13E-A64D-44F1-8C24-8593FED0657C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hero academy\heroacademy.exe |
"{D66326C2-847D-47BB-95EB-826EA57806EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dangeresque 3\homestar104.exe |
"{D67ED892-F31F-4AB0-ADE9-CC826F0B2EB9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{D69FE678-9669-4C71-A4AA-5DBED46FE28E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe |
"{D6ADAF22-F1D4-4D13-977E-1585353A0DC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rip\rip\rip.exe |
"{D753448B-47D5-418A-9DA7-E592CEABCA0B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chantelise\custom.exe |
"{D7F7C35C-098E-44E2-B7C3-39B3C31680E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys the oath in felghana\ysf_win_dx9.exe |
"{D84D0BAF-2685-4F9F-95E1-3E7F32DB1EDD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penguins arena\penguinsarena.exe |
"{D9383E7F-3417-418B-8EF5-CAEFDC6130C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airforte\data\airforte.exe |
"{D96F80BF-7E7D-4856-BF14-8B3A9819249B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{DA78CA31-3686-4059-93E5-CA16195E1D44}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chantelise\chantelise.exe |
"{DB2BD137-3546-4C26-B011-1A82BD29229A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{DB985BCC-450A-44BE-A61A-93C5D29714DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{DBF10879-971A-46A8-B35D-D68464887BC4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe |
"{DC1D08DB-3171-44EF-98A3-19668F941555}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{DC45C92A-C361-4ED1-836E-C017A8C8658D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe |
"{DCAE8899-F414-41E5-818B-A9E0799D8BC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{DD631129-1769-492F-9742-94F3A5501E4E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{DE3F47AF-0F4D-4098-B419-BC2F3476B23D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DEC9634A-D080-4B06-A188-824DE99EA86E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chantelise\custom.exe |
"{DEFA465E-FFAB-4F95-AD46-BCA4020D6B6C}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{E366B778-8D9A-40E4-9966-26CF4E6104A2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shank 2\bin\shank2.exe |
"{E5BA852D-4E19-4F07-947A-1A58550CC5DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cubemen\cubemen.exe |
"{E67032BF-29E9-4DC4-9DCC-E8A377421B0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cargo commander\cargocommander.exe |
"{E8A1E75E-9D8A-4DB3-968D-4EF0B8439420}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cargo commander\cargocommander.exe |
"{E9091BA0-7530-4DB8-9FD5-4F5CC332F4F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scratches\scream.exe |
"{EB1BC079-FB0A-4F92-88F5-E5A2317988F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\satazius\satazius.exe |
"{EECD570F-0F50-418C-95DB-0DD5D3B9CDF1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe |
"{EF03BBA3-8B2C-4AF7-81A2-A0B42B1B7E2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe |
"{F0314A46-E7E8-423D-9722-4C8003E5913F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\karateka\binaries\karateka.exe |
"{F2E7CA36-9016-45B2-9CFA-C27761ABB895}" = protocol=17 | dir=in | app=c:\udk\content\smnc_content\binaries\win32\udk.exe |
"{F3B3AE24-4643-4E70-A6AE-8FA771823895}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\kings bounty armored princess\kb.exe |
"{F5496003-7D3E-4B63-A7F1-3B87B8ACC583}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dustforce\dustforce.exe |
"{F677F9C5-7FFF-4361-A836-8DA1E84424E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys the oath in felghana\config_dx9.exe |
"{F8320E90-31A4-43EF-9B7D-31666AD50E5D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shadowgrounds\shadowgroundseditor.exe |
"{F8F0D533-A492-46E9-B9C2-12F772FF5275}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\king's bounty - the legend\kb.exe |
"{F9B220E8-442D-4DF9-88D8-F94E4069E375}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blades of time\bladesoftime.exe |
"{FD098FAB-E5D6-4CF6-B8AC-1BA4BD7EA9E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\jet set radio\jsrsetup.exe |
"{FD0BF8EA-F29E-4944-90D3-2E7C605B8E3F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the path\pathviewer.exe |
"{FE670DE6-306B-4CD5-8B81-DD60AA419125}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{FECE5EA0-2ED4-43B7-8023-303BAC107996}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half minute hero\hmh.exe |
"TCP Query User{1323E44F-A06F-41C2-8BC1-28BF6CA11080}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{2D7EEA77-6CC3-45FE-8CE8-491EF2A9035F}C:\program files (x86)\steam\steamapps\stuartzinke\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\stuartzinke\team fortress 2\hl2.exe |
"TCP Query User{53BCE2A7-5BDD-437D-9D46-12444B0C49B9}C:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe |
"TCP Query User{69CEE851-5A2A-4278-A316-CFDB650281C0}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{77C834E1-9CAF-4A72-A770-FC53A0CA35EF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{969E0D79-7624-4CA5-BEC4-1B65065B75A1}C:\program files (x86)\steam\steamapps\common\insanely twisted shadow planet\fcengine-gfwl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\insanely twisted shadow planet\fcengine-gfwl.exe |
"TCP Query User{A830B18A-287C-46EB-9D2B-1D85A3B5A9E8}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{AA48E403-DFF7-41A0-ADA3-726F30D42ACB}C:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"TCP Query User{BC645EC3-2A48-4146-86D7-F747310C6541}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{E1A0D1D5-23AF-45CC-A933-818E0274FB60}C:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"TCP Query User{E33997F1-B1AB-4297-9F4A-EE62813F55E1}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{0192BA27-03A0-4425-809E-07519B7DD417}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{02EAB0E5-0CEA-451E-AFE0-6A50A3B77395}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"UDP Query User{0A4F4D58-96F3-42B2-88B0-87DB0C3B4CA0}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{199A1EA9-FC5C-4160-94D1-7DF69EFB9547}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{392E0838-F945-4709-9A57-3FDCA944D9D6}C:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"UDP Query User{4152E537-86C1-4C20-B662-B965A8C30A44}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{440E7342-060F-420D-8537-8A9172A815A6}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"UDP Query User{750FC662-9E96-4D52-9EE5-D0982E9B6AC8}C:\program files (x86)\steam\steamapps\common\insanely twisted shadow planet\fcengine-gfwl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\insanely twisted shadow planet\fcengine-gfwl.exe |
"UDP Query User{CFD943CF-FDAE-4A20-81A9-CF1DD90BCA83}C:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"UDP Query User{EAF15B02-032E-4799-9C1D-49E83958BDCB}C:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe |
"UDP Query User{FE349F89-8C9C-4029-AFBA-FDA8CACD1D1C}C:\program files (x86)\steam\steamapps\stuartzinke\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\stuartzinke\team fortress 2\hl2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FE78439-7CAA-45FE-A808-2D7A0FC98643}" = iTunes
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1" = Updater By SweetPacks 2.0.0.566
"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"UDK-31f5e850-c5ca-4e18-acef-3803585dfaa9" = Unreal Development Kit: 2012-10
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B11.0512.1
"{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}" = Splashtop Connect IE
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0512.1
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}" = Splashtop Connect for Firefox
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB7}" = Corsair HS1 USB Headset
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05905B9-775A-4894-A4DF-B57C15250958}" = Razer Imperator
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Code::Blocks_is1" = Code::Blocks
"Desura" = Desura
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"EPSON Scanner" = EPSON Scan
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0512.1
"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Bigfoot Networks Killer Network Manager
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OnLive" = OnLive
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.94
"StarCraft II" = StarCraft II
"Steam App 102400" = Vertex Dispenser
"Steam App 102600" = Orcs Must Die!
"Steam App 102840" = Shank 2
"Steam App 104600" = Portal 2 - The Final Hours
"Steam App 104700" = Super MNC Invitational
"Steam App 105600" = Terraria
"Steam App 105700" = Tobe's Vertical Adventure
"Steam App 105800" = PixelJunk Eden
"Steam App 107200" = Space Pirates and Zombies
"Steam App 107300" = Breath of Death VII
"Steam App 107310" = Cthulhu Saves the World
"Steam App 107600" = Waves
"Steam App 107800" = Rochard
"Steam App 108500" = Vessel
"Steam App 108710" = Alan Wake
"Steam App 110500" = Data Jammers: FastForward
"Steam App 110600" = Astro Tripper
"Steam App 110610" = Alien Zombie Megadeath
"Steam App 110630" = Mutant Storm Reloaded
"Steam App 111100" = Snuggle Truck
"Steam App 112100" = Avadon: The Black Fortress
"Steam App 11280" = Penguins Arena: Sedna's World
"Steam App 113200" = The Binding Of Isaac
"Steam App 11330" = Obulis
"Steam App 11340" = Larva Mortus
"Steam App 115100" = Costume Quest
"Steam App 115110" = Stacking
"Steam App 115120" = Iron Brigade
"Steam App 11900" = Lumines
"Steam App 1200" = Red Orchestra: Ostfront 41-45
"Steam App 12140" = Max Payne
"Steam App 12150" = Max Payne 2: The Fall of Max Payne
"Steam App 12170" = Grand Theft Auto
"Steam App 12180" = Grand Theft Auto 2
"Steam App 1230" = Mare Nostrum
"Steam App 1250" = Killing Floor
"Steam App 12500" = Puzzle Quest
"Steam App 12900" = Audiosurf
"Steam App 13500" = Prince of Persia: Warrior Within
"Steam App 13520" = Far Cry
"Steam App 13530" = Prince of Persia: The Two Thrones
"Steam App 13600" = Prince of Persia: The Sands of Time
"Steam App 1500" = Darwinia
"Steam App 1510" = Uplink
"Steam App 1520" = DEFCON
"Steam App 1530" = Multiwinia
"Steam App 15400" = Harvest: Massive Encounter
"Steam App 15520" = AaAaAA!!! - A Reckless Disregard for Gravity
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 15700" = Oddworld: Abe's Oddysee
"Steam App 15710" = Oddworld: Abe's Exoddus
"Steam App 17080" = Tribes: Ascend
"Steam App 17300" = Crysis
"Steam App 18000" = On the Rain-Slick Precipice of Darkness, Episode One
"Steam App 18020" = On the Rain-Slick Precipice of Darkness, Episode Two
"Steam App 18110" = Shattered Horizon
"Steam App 18120" = Unstoppable Gorg
"Steam App 1840" = Source Filmmaker
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 18700" = And Yet It Moves
"Steam App 200010" = Quantum Conundrum
"Steam App 200210" = Realm of the Mad God
"Steam App 200410" = SOL: Exodus
"Steam App 200900" = Cave Story+
"Steam App 200910" = Sequence
"Steam App 200940" = Sonic CD
"Steam App 200960" = Geneforge 1
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 201570" = Really Big Sky
"Steam App 201790" = Orcs Must Die! 2
"Steam App 203210" = Titan Attacks
"Steam App 203510" = Fortune Summoners: Secret of the Elemental Stone
"Steam App 203650" = SONIC THE HEDGEHOG 4 Episode II
"Steam App 203990" = Satazius
"Steam App 204030" = Fable - The Lost Chapters
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 204140" = All Zombies Must Die!
"Steam App 204220" = Snapshot
"Steam App 204300" = Awesomenauts
"Steam App 204350" = Serious Sam 2 Editor
"Steam App 204390" = Pineapple Smash Crew
"Steam App 205070" = BIT.TRIP VOID
"Steam App 205690" = 1000 Amps
"Steam App 205730" = Insanely Twisted Shadow Planet
"Steam App 205870" = Auditorium
"Steam App 205950" = Jet Set Radio
"Steam App 206020" = Avernum 4
"Steam App 206040" = Avernum 5
"Steam App 206060" = Avernum 6
"Steam App 206210" = Gotham City Impostors: Free To Play
"Steam App 206440" = To the Moon
"Steam App 206500" = AirMech
"Steam App 207170" = Legend of Grimrock
"Steam App 207230" = Archeblade
"Steam App 207250" = Cubemen
"Steam App 207320" = Ys: The Oath in Felghana
"Steam App 207420" = Wizorb
"Steam App 207430" = Hack, Slash, Loot
"Steam App 207530" = Noitu Love 2 Devolution
"Steam App 207610" = The Walking Dead
"Steam App 207670" = AVSEQ
"Steam App 207690" = Botanicula
"Steam App 20820" = Shatter
"Steam App 208600" = Lunar Flight
"Steam App 208670" = Blades of Time
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 209080" = Guns of Icarus Online
"Steam App 209270" = Hero Academy
"Steam App 209370" = Analogue: A Hate Story
"Steam App 209670" = Cortex Command
"Steam App 209690" = Fieldrunners
"Steam App 209830" = Lone Survivor
"Steam App 209870" = Blacklight: Retribution
"Steam App 210170" = Spirits
"Steam App 211180" = Unmechanical
"Steam App 211360" = Offspring Fling!
"Steam App 211400" = Deadlight
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 211440" = Adventures of Shuggy
"Steam App 212030" = Kung Fu Strike: The Warrior's Rise
"Steam App 212110" = Sugar Cube: Bittersweet Factory
"Steam App 212800" = Super Crate Box
"Steam App 213030" = Penny Arcade's On the Rain-Slick Precipice of Darkness 3
"Steam App 213390" = Atooms to Moolecules
"Steam App 213410" = BeatBuddy
"Steam App 213430" = DIVO
"Steam App 213450" = Imagine Earth
"Steam App 213470" = MilitAnt
"Steam App 213530" = The White Laboratory
"Steam App 213550" = ThunderWheels
"Steam App 213570" = Trash TV
"Steam App 213590" = Blackwell's Asylum
"Steam App 213650" = Dwarfs F2P
"Steam App 214560" = Mark of the Ninja
"Steam App 214590" = Fairy Bloom Freesia
"Steam App 214700" = Thirty Flights of Loving
"Steam App 214790" = The Basement Collection
"Steam App 214830" = Half Minute Hero: Super Mega Neo Climax Ultimate Boy
"Steam App 214850" = GameMaker: Studio
"Steam App 215670" = Home
"Steam App 215770" = Shad'O
"Steam App 215930" = Jagged Alliance 2 - Wildfire
"Steam App 217270" = Karateka
"Steam App 218060" = BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien
"Steam App 218680" = Scribblenauts Unlimited
"Steam App 218740" = Pid
"Steam App 219340" = The Banner Saga: Factions
"Steam App 219740" = Don't Starve
"Steam App 220" = Half-Life 2
"Steam App 22000" = World of Goo
"Steam App 220460" = Cargo Commander
"Steam App 22140" = Penumbra: Requiem
"Steam App 22180" = Penumbra: Overture
"Steam App 22230" = Rock of Ages
"Steam App 22350" = Brink
"Steam App 22370" = Fallout 3 - Game of the Year Edition
"Steam App 224280" = RPG Maker VX Ace Lite
"Steam App 225120" = BRAZEN Prototype
"Steam App 225260" = Brütal Legend
"Steam App 225940" = Happy Song Prototype
"Steam App 225960" = Costume Quest Prototype
"Steam App 226120" = Weird Worlds: Return to Infinite Space
"Steam App 226320" = Marvel Heroes
"Steam App 226980" = Pinball FX2
"Steam App 228020" = Spacebase DF-9 Prototype
"Steam App 228040" = The White Birch Prototype
"Steam App 228060" = Black Lake Prototype
"Steam App 228080" = Hack n Slash Prototype
"Steam App 228100" = Autonomous Prototype
"Steam App 229520" = Dungeon Hearts
"Steam App 230050" = DLC Quest
"Steam App 230410" = Warframe
"Steam App 23120" = Droplitz
"Steam App 23310" = The Last Remnant
"Steam App 234710" = Poker Night 2
"Steam App 234900" = Anodyne
"Steam App 235780" = MINERVA: Metastasis
"Steam App 23600" = Depths of Peril
"Steam App 2400" = The Ship
"Steam App 2420" = The Ship Single Player
"Steam App 24240" = PAYDAY: The Heist
"Steam App 2430" = The Ship Tutorial
"Steam App 24420" = Aquaria
"Steam App 2505" = Shadowgrounds Editor
"Steam App 2540" = RIP
"Steam App 2545" = RIP 2: Strike Back
"Steam App 2550" = RIP 3: The Last Hero
"Steam App 2570" = Vigil: Blood Bitterness
"Steam App 25900" = King's Bounty: The Legend
"Steam App 26800" = Braid
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 27000" = The Path
"Steam App 27400" = Dangerous High School Girls in Trouble!
"Steam App 280" = Half-Life: Source
"Steam App 28110" = Deus Ex Human Revolution Augmented Edition Bonus Content
"Steam App 29180" = Osmos
"Steam App 31170" = Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
"Steam App 31270" = Puzzle Agent
"Steam App 31280" = Poker Night at the Inventory
"Steam App 3170" = King's Bounty: Armored Princess
"Steam App 31740" = Iron Grip: Marauders
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 32360" = The Secret of Monkey Island: Special Edition
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 32380" = Star Wars Jedi Knight: Dark Forces II
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 34190" = Sonic and SEGA All Stars Racing
"Steam App 34270" = SEGA Genesis & Mega Drive Classics
"Steam App 3483" = Peggle Extreme
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 35480" = Dwarfs!?
"Steam App 35700" = Trine
"Steam App 35800" = BRAINPIPE: A Plunge to Unhumanity
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 36630" = Rusty Hearts
"Steam App 3730" = Aliens versus Predator Classic 2000
"Steam App 37400" = Time Gentlemen, Please!
"Steam App 37420" = Ben There, Dan That!
"Steam App 380" = Half-Life 2: Episode One
"Steam App 3830" = Psychonauts
"Steam App 38700" = Toki Tori
"Steam App 38740" = EDGE
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 40100" = Supreme Commander 2
"Steam App 40700" = Machinarium
"Steam App 40720" = Samorost 2
"Steam App 40800" = Super Meat Boy
"Steam App 40990" = Mafia
"Steam App 41100" = Hammerfight
"Steam App 41210" = Eufloria
"Steam App 41500" = Torchlight
"Steam App 41800" = Gratuitous Space Battles
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42120" = Lead and Gold - Gangs of the Wild West
"Steam App 42170" = Krater
"Steam App 42910" = Magicka
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 44100" = Super Laser Racer
"Steam App 4560" = Company of Heroes
"Steam App 4570" = Warhammer 40,000: Dawn of War - Game of the Year Edition
"Steam App 46460" = Scratches: Director's Cut
"Steam App 46550" = Post Mortem
"Steam App 48000" = LIMBO
"Steam App 49520" = Borderlands 2
"Steam App 49600" = Beat Hazard
"Steam App 50" = Half-Life: Opposing Force
"Steam App 500" = Left 4 Dead
"Steam App 50620" = Darksiders
"Steam App 513" = Left 4 Dead Authoring Tools
"Steam App 550" = Left 4 Dead 2
"Steam App 55000" = Flotilla
"Steam App 55020" = Air Forte
"Steam App 55040" = Atom Zombie Smasher
"Steam App 55100" = Homefront
"Steam App 55110" = Red Faction: Armageddon
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 563" = Left 4 Dead 2 Authoring Tools
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 57400" = Batman: Arkham City™
"Steam App 58230" = MacGuffin's Curse
"Steam App 58400" = Turba
"Steam App 58520" = Blood Bowl: Legendary Edition
"Steam App 6120" = Shank
"Steam App 61600" = Zen Bound® 2
"Steam App 61700" = Might and Magic: Clash of Heroes
"Steam App 620" = Portal 2
"Steam App 62100" = Chime
"Steam App 630" = Alien Swarm
"Steam App 63200" = Monday Night Combat
"Steam App 63500" = Swords and Soldiers HD
"Steam App 6370" = Bloodline Champions
"Steam App 63700" = BIT.TRIP BEAT
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 63800" = Delve Deeper
"Steam App 63910" = King's Bounty: Crossworlds
"Steam App 65300" = Dustforce
"Steam App 65800" = Dungeon Defenders
"Steam App 67000" = The Polynomial
"Steam App 67370" = The Darkness II
"Steam App 6860" = Hitman: Blood Money
"Steam App 6880" = Just Cause
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 6920" = Deus Ex: Invisible War
"Steam App 70300" = VVVVVV
"Steam App 70400" = Recettear: An Item Shop's Tale
"Steam App 70420" = Chantelise
"Steam App 71260" = Space Channel 5: Part 2
"Steam App 730" = Counter-Strike: Global Offensive Beta
"Steam App 7760" = X-COM: UFO Defense
"Steam App 78000" = Bejeweled 3
"Steam App 8190" = Just Cause 2
"Steam App 8200" = Sam & Max 101: Culture Shock
"Steam App 8210" = Sam & Max 102: Situation: Comedy
"Steam App 8220" = Sam & Max 103: The Mole, the Mob and the Meatball
"Steam App 8230" = Sam & Max 104: Abe Lincoln Must Die!
"Steam App 8240" = Sam & Max 105: Reality 2.0
"Steam App 8340" = Strong Bad Episode 1: Homestar Ruiner
"Steam App 8350" = Strong Bad Episode 2: Strong Badia the Free
"Steam App 8360" = Strong Bad Episode 3: Baddest of the Bands
"Steam App 8370" = Strong Bad Episode 4: Dangeresque 3
"Steam App 8380" = Strong Bad Episode 5: 8-Bit Is Enough
"Steam App 8850" = BioShock 2
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 8980" = Borderlands
"Steam App 90530" = Rise of Immortals
"Steam App 91200" = Anomaly Warzone Earth
"Steam App 91310" = Dead Island
"Steam App 91600" = Sanctum
"Steam App 92200" = Gundemonium Recollection
"Steam App 92210" = Hitogata Happa
"Steam App 92220" = GundeadliGne
"Steam App 92800" = SpaceChem
"Steam App 93200" = Revenge of the Titans
"Steam App 94200" = Jamestown
"Steam App 94600" = Hector: Ep 1
"Steam App 9500" = Gish
"Steam App 96200" = Steel Storm: Burning Retribution
"Steam App 96900" = Slam Bolt Scrappers
"Steam App 98100" = TRAUMA
"Steam App 98200" = Frozen Synapse
"Steam App 98300" = Toy Soldiers
"Steam App 98400" = Hard Reset
"Steam App 98800" = Dungeons of Dredmor
"Steam App 99200" = YOU DON'T KNOW JACK
"Steam App 99700" = NightSky
"Steam App 99900" = Spiral Knights
"SystemRequirementsLab" = System Requirements Lab
"Uplay" = Uplay
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/31/2012 12:48:08 AM | Computer Name = StuartZ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/31/2012 12:48:08 AM | Computer Name = StuartZ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7005
 
Error - 12/31/2012 12:48:08 AM | Computer Name = StuartZ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7005
 
Error - 12/31/2012 12:48:09 AM | Computer Name = StuartZ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/31/2012 12:48:09 AM | Computer Name = StuartZ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003
 
Error - 12/31/2012 12:48:09 AM | Computer Name = StuartZ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003
 
Error - 12/31/2012 12:48:10 AM | Computer Name = StuartZ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/31/2012 12:48:10 AM | Computer Name = StuartZ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9002
 
Error - 12/31/2012 12:48:10 AM | Computer Name = StuartZ-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9002
 
Error - 12/31/2012 6:46:51 PM | Computer Name = StuartZ-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 6/8/2013 4:47:38 PM | Computer Name = StuartZ-PC | Source = DCOM | ID = 10016
Description =
 
Error - 6/8/2013 4:52:32 PM | Computer Name = StuartZ-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.
 
Error - 6/10/2013 9:07:00 PM | Computer Name = StuartZ-PC | Source = DCOM | ID = 10016
Description =
 
Error - 6/10/2013 9:09:26 PM | Computer Name = StuartZ-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the eventlog service.
 
Error - 6/10/2013 9:12:11 PM | Computer Name = StuartZ-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.
 
Error - 6/10/2013 9:14:15 PM | Computer Name = StuartZ-PC | Source = Service Control Manager | ID = 7022
Description = The Intel® Management and Security Application User Notification
 Service service hung on starting.
 
Error - 6/10/2013 9:16:21 PM | Computer Name = StuartZ-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Update service terminated with the following error:   %%-2147467243
 
Error - 6/10/2013 9:18:54 PM | Computer Name = StuartZ-PC | Source = DCOM | ID = 10016
Description =
 
Error - 6/10/2013 9:22:37 PM | Computer Name = StuartZ-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.
 
Error - 6/11/2013 6:35:42 PM | Computer Name = StuartZ-PC | Source = DCOM | ID = 10016
Description =
 
 
< End of report >
 



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:28 AM

Posted 11 June 2013 - 07:35 PM

We need to execute an OTM script

  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the OTMdesktopicon.png icon on your desktop.
  • Paste the following code under the pasteline.png area. Do not include the word "Code".

    :otl
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/05/26 22:19:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox [2013/05/26 22:19:16 | 000,000,000 | ---D | M]
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2013/05/26 22:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
    [2013/05/26 22:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Updater By SweetPacks
    [2013/05/26 22:34:20 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Idle.job
    [2013/05/21 05:53:10 | 001,453,872 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
    2013/05/26 22:29:46 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro Idle.job
    [2013/05/26 22:29:45 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
    [2013/05/26 22:18:36 | 001,453,872 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
    [2013/05/26 22:29:45 | 000,000,416 | ---- | C] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job
    [2013/05/26 22:29:46 | 000,000,438 | ---- | C] () -- C:\Windows\Tasks\PC Optimizer Pro Idle.job
     
    :Commands
    [RESETHOSTS]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
     
     
    
  • Push the large btnmoveit.png button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the results.png line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 SB_Tiger

SB_Tiger
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 11 June 2013 - 09:19 PM

All processes killed
Error: Unable to interpret <:otl> in the current context!
Error: Unable to interpret <64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/05/26 22:19:16 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox [2013/05/26 22:19:16 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\livecall - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msnim - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found> in the current context!
Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <[2013/05/26 22:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro> in the current context!
Error: Unable to interpret <[2013/05/26 22:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Updater By SweetPacks> in the current context!
Error: Unable to interpret <[2013/05/26 22:34:20 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Idle.job> in the current context!
Error: Unable to interpret <[2013/05/21 05:53:10 | 001,453,872 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe> in the current context!
Error: Unable to interpret <2013/05/26 22:29:46 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro Idle.job> in the current context!
Error: Unable to interpret <[2013/05/26 22:29:45 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job> in the current context!
Error: Unable to interpret <[2013/05/26 22:18:36 | 001,453,872 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe> in the current context!
Error: Unable to interpret <[2013/05/26 22:29:45 | 000,000,416 | ---- | C] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job> in the current context!
Error: Unable to interpret <[2013/05/26 22:29:46 | 000,000,438 | ---- | C] () -- C:\Windows\Tasks\PC Optimizer Pro Idle.job> in the current context!
Error: Unable to interpret < > in the current context!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Stuart
->Temp folder emptied: 11827403 bytes
->Temporary Internet Files folder emptied: 31368584 bytes
->Java cache emptied: 12939 bytes
->FireFox cache emptied: 92685507 bytes
->Flash cache emptied: 308190 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 602112 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13572 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 517646 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43219550 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 172.00 mb
 
Restore point Set: OTM Restore Point
 
OTM by OldTimer - Version 3.1.21.0 log created on 06112013_190934

Files moved on Reboot...
C:\Users\Stuart\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:28 AM

Posted 16 June 2013 - 06:56 PM

We need to run an OTL Fix

  • Please reopen otlDesktopIcon.png on your desktop.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"

    :otl
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/05/26 22:19:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox [2013/05/26 22:19:16 | 000,000,000 | ---D | M]
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2013/05/26 22:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
    [2013/05/26 22:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Updater By SweetPacks
    [2013/05/26 22:34:20 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Idle.job
    [2013/05/21 05:53:10 | 001,453,872 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
    2013/05/26 22:29:46 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro Idle.job
    [2013/05/26 22:29:45 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
    [2013/05/26 22:18:36 | 001,453,872 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
    [2013/05/26 22:29:45 | 000,000,416 | ---- | C] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job
    [2013/05/26 22:29:46 | 000,000,438 | ---- | C] () -- C:\Windows\Tasks\PC Optimizer Pro Idle.job
     
    :Commands
    [RESETHOSTS]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
     
    
  • Push runFixbutton.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click btnOK.png.
  • A report will open. Copy and Paste that report in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 SB_Tiger

SB_Tiger
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 16 June 2013 - 09:09 PM

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ not found.
C:\Program Files\Updater By SweetPacks\Firefox\defaults\preferences folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\defaults folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\skin folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\resources folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\libraries folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Program Files\PC Optimizer Pro\Languages folder moved successfully.
C:\Program Files\PC Optimizer Pro folder moved successfully.
C:\Program Files\Updater By SweetPacks\resources folder moved successfully.
C:\Program Files\Updater By SweetPacks\libraries folder moved successfully.
C:\Program Files\Updater By SweetPacks folder moved successfully.
C:\Windows\Tasks\PC Optimizer Pro Idle.job moved successfully.
C:\Windows\SysNative\dmwu.exe moved successfully.
C:\Windows\Tasks\PC Optimizer Pro64 startups.job moved successfully.
File C:\Windows\SysNative\dmwu.exe not found.
File C:\Windows\Tasks\PC Optimizer Pro64 startups.job not found.
File C:\Windows\Tasks\PC Optimizer Pro Idle.job not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Stuart
->Temp folder emptied: 171395 bytes
->Temporary Internet Files folder emptied: 11758 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 64225251 bytes
->Flash cache emptied: 1355 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1053418 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 62.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 06162013_185858

Files\Folders moved on Reboot...
C:\Users\Stuart\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP000000018A54FA77243119DC not found!
File\Folder C:\Windows\temp\TMP0000000493AC1BAC86B1E6E9 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:28 AM

Posted 17 June 2013 - 09:32 PM

How is it running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 SB_Tiger

SB_Tiger
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 17 June 2013 - 10:58 PM

My computer is running very well now. ADW Cleaner stopped PC Optimzer Pro from starting when I booted my computer. Sweet Packs has never given me any direct problems, it was installed at the same time PC Optimzer pro. Before asking for help there was a 3rd ad plugin/program that I removed before seeking help called Top Arcade Hits, there doesn't seem to be any trace of it in any of the logs (this was also installed at the same time as Sweetpacks and PC optimizer, I had unistalled this with Revo unistaller and run combofix before seeking help on the forums).

 

From the user end I'm not seeing any instances of the malware programs or performance issues with the PC. PC Optimzer no longer boots with my machine. The PC optimizer and SweetPack updater folders are in the OTL moved files location, but otherwise I don't see any immediate trace of them.

 

Also, thank you so very much for helping me out. I've been not installing anything or using this PC outside of light web browsing since I seeked help with the malware removal, so let me know when it's clean and okay to use normally again. Thanks.


Edited by SB_Tiger, 17 June 2013 - 11:02 PM.


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:28 AM

Posted 21 June 2013 - 07:45 PM

Hello, SB_Tiger.

Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

 

 

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

 

 

Uninstall Combofix

  •    
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
          o *If it is not on your Desktop, the below will not work.
       
  • Click on StartBtn.gif then Run....
       
  • Now copy & paste the green bolded text in the run-box and click OK.

          ComboFix /Uninstall

    CF_Uninstall-1.jpg

          <Notice the space between the "x" and "/".> <--- It needs to be there
          Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall


       
  • Please advise if this step is missed for any reason as it performs some important actions:
          "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
          It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".

 

 


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess

  • Download OTC by OldTimer and save it to your desktop.
  • Double click OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest.  It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on.  Whether these things are files or sites it doesn't really matter.  If something is out to get you, and you click on it, it most likely will. 

Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!.  These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software.  For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert.  When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge.  You can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites.  I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites.  I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you.  It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection.  Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money.  By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.


Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here



Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:


Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running.  This alone can save you a lot of trouble with malware in the future. 
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.  If you use a commercial antivirus program you must make sure you keep renewing your subscription.  Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java).  You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:28 AM

Posted 24 June 2013 - 08:11 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users