Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer freezing up after several minutes of use


  • This topic is locked This topic is locked
101 replies to this topic

#1 Sam man

Sam man

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 05 July 2013 - 08:47 AM

My computer starts up fine, and I am able to log in ok, but very quickly all my windows freeze up and i am unable to do anything. I posted in the Am I Infected? forum, and was eventually directed here after my problems were not cleared up (trojans were found)

The thread can be found here: http://www.bleepingcomputer.com/forums/t/498065/computer-impossibly-slow/

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by Sam at 8:38:00 on 2013-07-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7974.6769 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Webroot\WRSA.exe
C:\windows\Explorer.EXE
C:\windows\SysWOW64\ctfmon.exe
C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://samsung.msn.com
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
uRun: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545"
uRun: [Google Update] "C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [BrowserProtect] "C:\Program Files (x86)\BrowserProtect\BpAuto.lnk"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{8020CD9F-4B4E-4F4C-9116-988C4BEECE20} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{8020CD9F-4B4E-4F4C-9116-988C4BEECE20}\2375942554630393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8020CD9F-4B4E-4F4C-9116-988C4BEECE20}\4556871637354716475655E69667562737964797 : DHCPNameServer = 147.26.8.205 147.26.8.204
TCP: Interfaces\{8020CD9F-4B4E-4F4C-9116-988C4BEECE20}\45568716373547164756750514 : DHCPNameServer = 147.26.8.11 147.26.8.12
TCP: Interfaces\{9912CCE7-3586-4623-9DB3-42A3CBFC45F8} : DHCPNameServer = 147.26.8.11 147.26.8.12 147.26.24.66 158.135.1.79
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - <orphaned>
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2012-9-17 22600]
R0 excsd;ExpressCache Storage Filter Driver;C:\windows\System32\drivers\excsd.sys [2012-5-10 80688]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-4-18 19224]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-5-10 28992]
R0 WRkrn;WRkrn;C:\windows\System32\drivers\WRkrn.sys [2013-6-22 112616]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-5-15 2467664]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-8-18 740328]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2012-5-10 280912]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-4-18 356632]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-4-18 789272]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-12-20 25496]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-10 648808]
S0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-3-14 65336]
S0 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-3-14 189936]
S1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-8-23 1025808]
S1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-8-23 378432]
S1 excfs;ExpressCache File System Filter Driver;C:\windows\System32\drivers\excfs.sys [2012-5-10 23344]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-5-10 13824]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-4 659968]
S2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-8-23 33400]
S2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-8-23 80816]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-18 46808]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-3-26 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-3-26 1104208]
S2 BpSvc;BrowserProtect Anti-Hijack Service;C:\Program Files (x86)\BrowserProtect\BpSvc.exe --> C:\Program Files (x86)\BrowserProtect\BpSvc.exe [?]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-4 135952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [2013-3-28 136576]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
S2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2011-9-23 79664]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
S2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-5-10 128280]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-10 161560]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-25 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-25 701512]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-5-10 31624]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-10 363800]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-7 594704]
S3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2010-11-21 9728]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-12-4 195584]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-12-4 195584]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-3-26 1304912]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2012-2-12 95232]
S3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2012-2-12 747008]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2012-2-16 31216]
S3 ibtfltcoex;ibtfltcoex;C:\windows\System32\drivers\iBtFltCoex.sys [2012-3-20 60928]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-12-20 34200]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-2-5 331264]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-10-25 25928]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-7 273168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]
S3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
S3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
S3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
S3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\drivers\ssadbus.sys [2012-5-10 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\System32\drivers\ssadmdfl.sys [2012-5-10 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\System32\drivers\ssadmdm.sys [2012-5-10 177640]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-10-24 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-21 1255736]
S3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2011-12-20 42392]
S4 PuranDefrag;PuranDefrag;C:\windows\System32\PuranDefragS.exe [2013-7-2 292736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\notepad.exe=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-07-02 14:22:51 292736 ----a-w- C:\windows\System32\PuranDefragS.exe
2013-07-02 14:22:51 287616 ----a-w- C:\windows\System32\PuranDC.exe
2013-07-02 14:22:51 256896 ----a-w- C:\windows\System32\PuranDefrag.dll
2013-07-02 14:22:51 1367424 ----a-w- C:\windows\System32\PuranFD.exe
2013-07-02 14:22:51 132480 ----a-w- C:\windows\System32\PuranDefragBT.exe
2013-07-02 14:22:51 -------- d-----w- C:\Program Files\Puran Defrag
2013-06-30 11:54:17 -------- d-----w- C:\Users\Sam\AppData\Local\lptmp1309630940
2013-06-23 02:54:08 -------- d-----w- C:\Users\Sam\AppData\Local\lptmp891577465
2013-06-23 01:33:37 -------- d-----w- C:\Users\Sam\AppData\Local\lptmp1974256386
2013-06-23 01:33:17 150160 ----a-w- C:\windows\SysWow64\WRusr.dll
2013-06-23 01:33:17 112616 ----a-w- C:\windows\System32\drivers\WRkrn.sys
2013-06-23 01:33:17 102792 ----a-w- C:\windows\System32\WRusr.dll
2013-06-22 02:20:58 -------- d-----w- C:\Program Files (x86)\ESET
2013-06-21 09:11:44 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3933F09A-3BFB-4007-9C3F-0DB76407D549}\mpengine.dll
2013-06-13 16:56:34 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-06-13 16:56:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-06-12 18:16:20 -------- d-----w- C:\Users\Sam\AppData\Local\ElevatedDiagnostics
2013-06-12 12:54:06 17018248 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-09 21:10:35 33856 ---ha-w- C:\windows\System32\hamachi.sys
2013-06-09 21:09:47 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
.
==================== Find3M  ====================
.
2013-06-30 11:54:17 9842040 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
2013-05-31 08:04:51 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-15 19:47:08 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 19:47:08 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-09 08:59:07 72016 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-05-09 08:59:07 1025808 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\windows\avastSS.scr
2013-05-08 03:46:05 108448 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-05-08 03:45:58 971680 ----a-w- C:\windows\System32\deployJava1.dll
2013-05-08 03:45:58 1092512 ----a-w- C:\windows\System32\npDeployJava1.dll
2013-05-04 03:25:58 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-04 03:25:56 866720 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-05-04 03:25:56 788896 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-05-02 07:06:08 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-04-07 01:21:44 280792 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr
2013-04-07 01:21:44 280792 ----a-w- C:\windows\SysWow64\PnkBstrB.exe
2013-04-07 01:02:47 281032 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0
.
============= FINISH:  8:40:24.98 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 10 July 2013 - 08:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/500163 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Sam man

Sam man
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 13 July 2013 - 12:03 AM

In addition to the steps taken in my first thread, I ran Puran Defrag.

I do not have my original windows install disk.

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by Sam at 23:54:23 on 2013-07-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7974.6725 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Webroot\WRSA.exe
C:\windows\Explorer.EXE
C:\windows\SysWOW64\ctfmon.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://samsung.msn.com
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
uRun: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545"
uRun: [Google Update] "C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [BrowserProtect] "C:\Program Files (x86)\BrowserProtect\BpAuto.lnk"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
TCP: Interfaces\{8020CD9F-4B4E-4F4C-9116-988C4BEECE20} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{8020CD9F-4B4E-4F4C-9116-988C4BEECE20}\2375942554630393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8020CD9F-4B4E-4F4C-9116-988C4BEECE20}\4556871637354716475655E69667562737964797 : DHCPNameServer = 147.26.8.205 147.26.8.204
TCP: Interfaces\{8020CD9F-4B4E-4F4C-9116-988C4BEECE20}\45568716373547164756750514 : DHCPNameServer = 147.26.8.11 147.26.8.12
TCP: Interfaces\{9912CCE7-3586-4623-9DB3-42A3CBFC45F8} : DHCPNameServer = 147.26.8.11 147.26.8.12 147.26.24.66 158.135.1.79
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - <orphaned>
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2012-9-17 22600]
R0 excsd;ExpressCache Storage Filter Driver;C:\windows\System32\drivers\excsd.sys [2012-5-10 80688]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-4-18 19224]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-5-10 28992]
R0 WRkrn;WRkrn;C:\windows\System32\drivers\WRkrn.sys [2013-6-22 112616]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-5-15 2467664]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-8-18 740328]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2012-5-10 280912]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-4-18 356632]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-4-18 789272]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-12-20 25496]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-10 648808]
S0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-3-14 65336]
S0 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-3-14 189936]
S1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-8-23 1030952]
S1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-8-23 378944]
S1 excfs;ExpressCache File System Filter Driver;C:\windows\System32\drivers\excfs.sys [2012-5-10 23344]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-5-10 13824]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-4 659968]
S2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-8-23 33400]
S2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-8-23 80816]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-18 46808]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-3-26 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-3-26 1104208]
S2 BpSvc;BrowserProtect Anti-Hijack Service;C:\Program Files (x86)\BrowserProtect\BpSvc.exe --> C:\Program Files (x86)\BrowserProtect\BpSvc.exe [?]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-4 135952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [2013-3-28 136576]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
S2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2011-9-23 79664]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
S2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-5-10 128280]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-10 161560]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-25 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-25 701512]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-5-10 31624]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-10 363800]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-7 594704]
S3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2010-11-21 9728]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-12-4 195584]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-12-4 195584]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-3-26 1304912]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2012-2-12 95232]
S3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2012-2-12 747008]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2012-2-16 31216]
S3 ibtfltcoex;ibtfltcoex;C:\windows\System32\drivers\iBtFltCoex.sys [2012-3-20 60928]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-12-20 34200]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-2-5 331264]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-10-25 25928]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-7 273168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]
S3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
S3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
S3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
S3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\drivers\ssadbus.sys [2012-5-10 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\System32\drivers\ssadmdfl.sys [2012-5-10 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\System32\drivers\ssadmdm.sys [2012-5-10 177640]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-10-24 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-21 1255736]
S3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2011-12-20 42392]
S4 PuranDefrag;PuranDefrag;C:\windows\System32\PuranDefragS.exe [2013-7-2 292736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\notepad.exe=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-07-11 02:45:33 -------- d-----w- C:\Users\Sam\AppData\Local\Warframe
2013-07-10 20:08:31 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-10 20:08:31 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-10 20:08:31 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-10 20:08:30 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-10 20:08:26 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-10 20:08:24 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 20:08:22 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 20:07:53 624128 ----a-w- C:\windows\System32\qedit.dll
2013-07-10 20:07:51 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2013-07-10 20:07:41 1887744 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-10 20:07:41 1620480 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 20:05:33 751104 ----a-w- C:\windows\System32\win32spl.dll
2013-07-10 20:05:32 492544 ----a-w- C:\windows\SysWow64\win32spl.dll
2013-07-10 20:05:27 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-07-10 20:05:20 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-07-10 20:05:20 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-07-10 20:04:22 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-10 20:04:22 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-10 20:04:22 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-10 20:04:22 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 20:04:21 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 20:03:47 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-07-10 20:03:47 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-07-10 20:03:47 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-07-10 20:03:46 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-07-10 20:03:46 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-07-10 20:03:46 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-07-10 20:03:46 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-07-10 20:03:45 52224 ----a-w- C:\windows\System32\certenc.dll
2013-07-10 20:03:45 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-07-10 20:03:45 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-07-10 20:01:32 1545728 ----a-w- C:\windows\System32\DWrite.dll
2013-07-10 20:01:28 1077760 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-07-10 19:42:30 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D76975E7-FBCA-46F8-BDB6-DF16D2312656}\mpengine.dll
2013-07-02 14:22:51 292736 ----a-w- C:\windows\System32\PuranDefragS.exe
2013-07-02 14:22:51 287616 ----a-w- C:\windows\System32\PuranDC.exe
2013-07-02 14:22:51 256896 ----a-w- C:\windows\System32\PuranDefrag.dll
2013-07-02 14:22:51 1367424 ----a-w- C:\windows\System32\PuranFD.exe
2013-07-02 14:22:51 132480 ----a-w- C:\windows\System32\PuranDefragBT.exe
2013-07-02 14:22:51 -------- d-----w- C:\Program Files\Puran Defrag
2013-06-30 11:54:17 -------- d-----w- C:\Users\Sam\AppData\Local\lptmp1309630940
2013-06-23 02:54:08 -------- d-----w- C:\Users\Sam\AppData\Local\lptmp891577465
2013-06-23 01:33:37 -------- d-----w- C:\Users\Sam\AppData\Local\lptmp1974256386
2013-06-23 01:33:17 150160 ----a-w- C:\windows\SysWow64\WRusr.dll
2013-06-23 01:33:17 112616 ----a-w- C:\windows\System32\drivers\WRkrn.sys
2013-06-23 01:33:17 102792 ----a-w- C:\windows\System32\WRusr.dll
2013-06-22 02:20:58 -------- d-----w- C:\Program Files (x86)\ESET
2013-06-13 16:56:34 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-06-13 16:56:34 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
.
==================== Find3M  ====================
.
2013-07-10 16:00:04 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-10 16:00:04 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-07-10 14:45:58 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-07-10 14:45:58 1030952 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-06-30 11:54:17 9842040 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
2013-05-31 08:04:51 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-09 08:59:07 72016 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:06 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\windows\avastSS.scr
2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-05-08 03:46:05 108448 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-05-08 03:45:58 971680 ----a-w- C:\windows\System32\deployJava1.dll
2013-05-08 03:45:58 1092512 ----a-w- C:\windows\System32\npDeployJava1.dll
2013-05-04 03:25:58 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-04 03:25:56 866720 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-05-04 03:25:56 788896 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-05-02 07:06:08 278800 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 23:58:13.88 ===============

Attached Files


Edited by Sam man, 13 July 2013 - 10:15 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 14 July 2013 - 10:33 PM

Greetings Sam man and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Sam man

Sam man
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 15 July 2013 - 03:31 PM

Hi Gary, feel free to call me Sam.

 

 

FRST results:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by Sam (administrator) on 15-07-2013 15:10:43
Running from C:\Users\Sam\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Google Inc.) C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sam\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12460136 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - %ProgramFiles%\Elantech\ETDCtrl.exe [2816336 2012-05-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [11407120 2012-03-26] (Intel Corporation)
HKLM\...\Run: [IntelliType Pro] - "c:\Program Files\Microsoft Device Center\itype.exe" [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - "c:\Program Files\Microsoft Device Center\ipoint.exe" [2004584 2012-06-26] (Microsoft Corporation)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545" [241280 2013-03-28] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [Google Update] - "C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-18] (Google Inc.)
HKCU\...\Run: [BrowserProtect] - "C:\Program Files (x86)\BrowserProtect\BpAuto.lnk" [x]
HKCU\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [WRSVC] - "C:\Program Files\Webroot\WRSA.exe" -ul [740328 2013-06-20] (Webroot)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [EEventManager] - "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] - "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] - "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)
AppInit_DLLs: C:\windows\system32\nvinitx.dll [260928 2012-03-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll [215360 2012-03-21] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -  No File
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll ()
BHO: No Name - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -  No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll ()
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll ()
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://samsung.msn.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Sam\AppData\Local\Google\Chrome\Application\28.0.1500.71\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Sam\AppData\Local\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Sam\AppData\Local\Google\Chrome\Application\28.0.1500.71\pdf.dll ()
CHR Plugin: (NPWebroot) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.0.15_0\npwebroot.dll (Webroot)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Sam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Adblock Plus) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0
CHR Extension: (Foxy Proxy Standard) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp\2.8_0
CHR Extension: (Stealthy) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\3.0.1_0
CHR Extension: (Ghostery) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0
CHR Extension: (NotScripts) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0
CHR Extension: (Webroot) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.0.15_0
 
==================== Services (Whitelisted) =================
 
S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2011-09-23] (Diskeeper Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-07] ()
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-04-05] ()
S4 PuranDefrag; C:\windows\system32\PuranDefragS.exe [292736 2013-01-17] (Puran Software)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
S2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] ()
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [740328 2013-06-20] (Webroot)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-07] (Intel® Corporation)
S2 BpSvc; C:\Program Files (x86)\BrowserProtect\BpSvc.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-06] (AVAST Software)
S2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-10] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-10] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-10] ()
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [59904 2008-11-18] (ASIX Electronics Corp.)
S1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2011-09-23] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [80688 2011-09-23] (Diskeeper Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [112616 2013-06-22] (Webroot)
S3 cpuz135; \??\C:\Users\Sam\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-15 15:10 - 2013-07-15 15:10 - 01777839 _____ (Farbar) C:\Users\Sam\Desktop\FRST64.exe
2013-07-15 15:10 - 2013-07-15 15:10 - 00000000 ____D C:\FRST
2013-07-15 15:09 - 2013-07-15 15:09 - 00000000 ____D C:\Users\Sam\Desktop\diffstuff
2013-07-10 21:45 - 2013-07-10 22:57 - 00000000 ____D C:\Users\Sam\AppData\Local\Warframe
2013-07-10 15:07 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-10 15:07 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-10 15:07 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-10 15:07 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-10 15:05 - 2013-06-04 22:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-10 15:05 - 2013-05-10 00:49 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2013-07-10 15:05 - 2013-05-09 22:20 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2013-07-10 15:05 - 2013-04-26 00:51 - 00751104 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2013-07-10 15:05 - 2013-04-25 23:55 - 00492544 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2013-07-10 15:03 - 2013-05-13 00:51 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-07-10 15:03 - 2013-05-13 00:51 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-07-10 15:03 - 2013-05-13 00:51 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-07-10 15:03 - 2013-05-13 00:50 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\certenc.dll
2013-07-10 15:03 - 2013-05-12 23:45 - 01160192 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-07-10 15:03 - 2013-05-12 23:45 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2013-07-10 15:03 - 2013-05-12 23:45 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2013-07-10 15:03 - 2013-05-12 22:43 - 01192448 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2013-07-10 15:03 - 2013-05-12 22:08 - 00903168 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2013-07-10 15:03 - 2013-05-12 22:08 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\certenc.dll
2013-07-10 15:01 - 2013-04-10 00:45 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-10 15:01 - 2013-04-10 00:02 - 01077760 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-10 13:59 - 2013-07-11 00:48 - 00000000 ____D C:\Users\Sam\Documents\WORK
2013-07-10 09:45 - 2013-07-10 09:45 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-07-10 09:45 - 2013-07-10 09:45 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-07-10 09:45 - 2013-07-10 09:45 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-07-05 08:40 - 2013-07-12 23:58 - 00021402 _____ C:\Users\Sam\Desktop\dds.txt
2013-07-05 08:40 - 2013-07-12 23:58 - 00017944 _____ C:\Users\Sam\Desktop\attach.txt
2013-07-04 08:42 - 2013-07-13 19:33 - 00000448 _____ C:\windows\setupact.log
2013-07-04 08:42 - 2013-07-04 08:42 - 00000000 _____ C:\windows\setuperr.log
2013-07-02 09:22 - 2013-07-02 09:24 - 00000000 ____D C:\Program Files\Puran Defrag
2013-07-02 09:22 - 2013-01-17 16:24 - 01367424 _____ (Puran Software) C:\windows\system32\PuranFD.exe
2013-07-02 09:22 - 2013-01-17 16:23 - 00292736 _____ (Puran Software) C:\windows\system32\PuranDefragS.exe
2013-07-02 09:22 - 2013-01-17 16:23 - 00287616 _____ (Puran Software) C:\windows\system32\PuranDC.exe
2013-07-02 09:22 - 2013-01-17 16:23 - 00132480 _____ (Puran Software) C:\windows\system32\PuranDefragBT.exe
2013-07-02 09:22 - 2012-12-13 12:09 - 00256896 _____ (Puran Software) C:\windows\system32\PuranDefrag.dll
2013-07-02 09:21 - 2013-07-02 09:21 - 03491352 _____ (Puran Software                                              ) C:\Users\Sam\Downloads\PuranDefragFreeSetup.exe
2013-06-30 21:19 - 2013-06-30 21:19 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2013-06-30 21:19 - 2013-06-30 21:19 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2013-06-30 21:17 - 2013-06-30 21:17 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-06-30 21:17 - 2013-06-30 21:17 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2013-06-30 21:09 - 2013-06-30 21:09 - 00007088 ____N C:\bootsqm.dat
2013-06-30 16:24 - 2013-06-30 16:24 - 00002221 _____ C:\Users\Sam\Desktop\aswMBR.txt
2013-06-30 06:54 - 2013-06-30 21:12 - 00000000 ____D C:\Users\Sam\AppData\Local\lptmp1309630940
2013-06-22 21:54 - 2013-06-30 06:53 - 00000000 ____D C:\Users\Sam\AppData\Local\lptmp891577465
2013-06-22 20:33 - 2013-06-22 20:33 - 00742344 _____ (Webroot) C:\Users\Sam\Downloads\wsabbs2.exe
2013-06-22 20:33 - 2013-06-22 20:33 - 00150160 _____ (Webroot) C:\windows\SysWOW64\WRusr.dll
2013-06-22 20:33 - 2013-06-22 20:33 - 00112616 _____ (Webroot) C:\windows\system32\Drivers\WRkrn.sys
2013-06-22 20:33 - 2013-06-22 20:33 - 00102792 _____ (Webroot) C:\windows\system32\WRusr.dll
2013-06-22 20:33 - 2013-06-22 20:33 - 00000000 ____D C:\Users\Sam\AppData\Local\lptmp1974256386
2013-06-22 20:28 - 2013-06-22 20:29 - 00000043 _____ C:\Users\Sam\Desktop\webroot key.txt
2013-06-21 21:20 - 2013-06-21 21:20 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-21 21:14 - 2013-06-21 21:14 - 00001456 _____ C:\AdwCleaner[S1].txt
2013-06-20 22:22 - 2013-07-15 15:07 - 00000000 ____D C:\Users\Sam\Desktop\compstuff
2013-06-20 22:22 - 2013-06-20 22:23 - 00038910 _____ C:\Users\Sam\Desktop\Result.txt
 
==================== One Month Modified Files and Folders =======
 
2013-07-15 15:10 - 2013-07-15 15:10 - 01777839 _____ (Farbar) C:\Users\Sam\Desktop\FRST64.exe
2013-07-15 15:10 - 2013-07-15 15:10 - 00000000 ____D C:\FRST
2013-07-15 15:09 - 2013-07-15 15:09 - 00000000 ____D C:\Users\Sam\Desktop\diffstuff
2013-07-15 15:08 - 2012-08-18 08:52 - 00000000 ____D C:\ProgramData\WRData
2013-07-15 15:07 - 2013-06-20 22:22 - 00000000 ____D C:\Users\Sam\Desktop\compstuff
2013-07-13 19:38 - 2012-09-04 02:43 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Skype
2013-07-13 19:36 - 2012-05-10 20:31 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-07-13 19:36 - 2009-07-14 00:32 - 00000000 ____D C:\windows\system32\FxsTmp
2013-07-13 19:35 - 2012-12-15 17:47 - 00000000 ____D C:\Users\Sam\AppData\Local\LogMeIn Hamachi
2013-07-13 19:34 - 2013-05-19 17:44 - 00000888 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-13 19:34 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-13 19:33 - 2013-07-04 08:42 - 00000448 _____ C:\windows\setupact.log
2013-07-12 23:58 - 2013-07-05 08:40 - 00021402 _____ C:\Users\Sam\Desktop\dds.txt
2013-07-12 23:58 - 2013-07-05 08:40 - 00017944 _____ C:\Users\Sam\Desktop\attach.txt
2013-07-11 11:04 - 2013-06-14 13:21 - 00000000 ___SH C:\DkHyperbootSync
2013-07-11 10:59 - 2013-02-10 16:25 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-11 10:44 - 2009-07-13 23:45 - 00021200 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-11 10:44 - 2009-07-13 23:45 - 00021200 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-11 10:41 - 2012-08-18 08:58 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-11 10:41 - 2012-05-10 20:34 - 01849480 _____ C:\windows\WindowsUpdate.log
2013-07-11 10:41 - 2009-07-14 00:13 - 00793584 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-11 10:17 - 2013-05-19 17:44 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-11 09:37 - 2009-07-13 23:45 - 00281088 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-11 09:35 - 2012-05-11 12:21 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 09:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 09:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 01:01 - 2013-05-31 03:01 - 00009717 _____ C:\windows\IE10_main.log
2013-07-11 00:55 - 2013-03-13 18:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 00:55 - 2013-03-13 18:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 00:51 - 2012-08-18 09:20 - 00000000 ____D C:\Users\Sam\AppData\Roaming\SoftGrid Client
2013-07-11 00:48 - 2013-07-10 13:59 - 00000000 ____D C:\Users\Sam\Documents\WORK
2013-07-11 00:30 - 2012-08-18 08:55 - 00000900 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3575110223-3707097088-2884409191-1001UA.job
2013-07-10 22:57 - 2013-07-10 21:45 - 00000000 ____D C:\Users\Sam\AppData\Local\Warframe
2013-07-10 22:29 - 2012-08-18 08:55 - 00000848 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3575110223-3707097088-2884409191-1001Core.job
2013-07-10 21:49 - 2012-05-10 21:35 - 00445168 _____ C:\windows\DirectX.log
2013-07-10 21:06 - 2012-12-04 06:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 17:43 - 2013-05-19 21:27 - 00000000 ____D C:\Users\Sam\AppData\Roaming\Mumble
2013-07-10 16:32 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2013-07-10 15:12 - 2013-05-19 17:44 - 00003888 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-10 15:12 - 2013-05-19 17:44 - 00003636 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-10 15:07 - 2013-06-13 11:56 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-10 11:51 - 2012-05-10 20:31 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-07-10 11:00 - 2013-02-10 16:25 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-07-10 11:00 - 2012-10-24 14:33 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-07-10 11:00 - 2012-10-24 14:33 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-10 10:32 - 2012-08-18 08:56 - 00002356 _____ C:\Users\Sam\Desktop\Google Chrome.lnk
2013-07-10 09:52 - 2012-05-10 20:55 - 00000000 ____D C:\ProgramData\WinClon
2013-07-10 09:45 - 2013-07-10 09:45 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-07-10 09:45 - 2013-07-10 09:45 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-07-10 09:45 - 2013-07-10 09:45 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-07-10 09:45 - 2013-03-14 02:42 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-07-10 09:45 - 2012-08-23 19:34 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-07-10 09:45 - 2012-08-23 19:34 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-07-04 08:42 - 2013-07-04 08:42 - 00000000 _____ C:\windows\setuperr.log
2013-07-02 09:24 - 2013-07-02 09:22 - 00000000 ____D C:\Program Files\Puran Defrag
2013-07-02 09:21 - 2013-07-02 09:21 - 03491352 _____ (Puran Software                                              ) C:\Users\Sam\Downloads\PuranDefragFreeSetup.exe
2013-06-30 21:19 - 2013-06-30 21:19 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2013-06-30 21:19 - 2013-06-30 21:19 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2013-06-30 21:17 - 2013-06-30 21:17 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-06-30 21:17 - 2013-06-30 21:17 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2013-06-30 21:12 - 2013-06-30 06:54 - 00000000 ____D C:\Users\Sam\AppData\Local\lptmp1309630940
2013-06-30 21:09 - 2013-06-30 21:09 - 00007088 ____N C:\bootsqm.dat
2013-06-30 21:09 - 2010-11-20 22:47 - 00092676 _____ C:\windows\PFRO.log
2013-06-30 16:24 - 2013-06-30 16:24 - 00002221 _____ C:\Users\Sam\Desktop\aswMBR.txt
2013-06-30 06:53 - 2013-06-22 21:54 - 00000000 ____D C:\Users\Sam\AppData\Local\lptmp891577465
2013-06-24 00:41 - 2012-10-11 00:43 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-06-22 20:33 - 2013-06-22 20:33 - 00742344 _____ (Webroot) C:\Users\Sam\Downloads\wsabbs2.exe
2013-06-22 20:33 - 2013-06-22 20:33 - 00150160 _____ (Webroot) C:\windows\SysWOW64\WRusr.dll
2013-06-22 20:33 - 2013-06-22 20:33 - 00112616 _____ (Webroot) C:\windows\system32\Drivers\WRkrn.sys
2013-06-22 20:33 - 2013-06-22 20:33 - 00102792 _____ (Webroot) C:\windows\system32\WRusr.dll
2013-06-22 20:33 - 2013-06-22 20:33 - 00000000 ____D C:\Users\Sam\AppData\Local\lptmp1974256386
2013-06-22 20:29 - 2013-06-22 20:28 - 00000043 _____ C:\Users\Sam\Desktop\webroot key.txt
2013-06-22 01:17 - 2012-11-19 02:31 - 00000000 ____D C:\Users\Sam\Tracing
2013-06-21 21:20 - 2013-06-21 21:20 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-21 21:14 - 2013-06-21 21:14 - 00001456 _____ C:\AdwCleaner[S1].txt
2013-06-20 22:23 - 2013-06-20 22:22 - 00038910 _____ C:\Users\Sam\Desktop\Result.txt
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-05-25 04:53
 
==================== End Of Log ============================

 

 

 

 

 

Addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2013
Ran by Sam at 2013-07-15 15:11:32
Running from C:\Users\Sam\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Installed Programs =======================
 
   
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922)
„Windows Live Mail“ (x32 Version: 15.4.3502.0922)
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513)
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922)
µTorrent (x32 Version: 3.3.0.29544)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82)
Age of Empires® III: Complete Collection (x32)
Age of Wushu (x32 Version: 0.0.1.012)
Amazon Kindle (x32)
ArcSoft PhotoImpression 6 (x32 Version: 6)
Audiosurf (x32)
Autonomous Prototype (x32)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
AX88772 (x32 Version: 1.00.0000)
Bastion (x32)
Beat Hazard (x32)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Binary Domain (x32)
Bing Bar (x32 Version: 7.0.610.0)
BioShock (x32)
BIT.TRIP BEAT (x32)
BitTorrent (x32 Version: 7.7.3.28706)
Black Lake Prototype (x32)
BrowserProtect 1.12 (x32)
Brütal Legend (x32)
Build-a-lot (x32 Version: 2.2.0.82)
Bulletstorm (x32)
Call of Duty: Black Ops II - Multiplayer (x32)
Call of Duty: Black Ops II - Zombies (x32)
Call of Duty: Black Ops II (x32)
Cave Story+ (x32)
Chuzzle Deluxe (x32 Version: 2.2.0.82)
Command and Conquer 3: Tiberium Wars (x32)
Company of Heroes (New Steam Version) (x32)
Company of Heroes (x32)
Company of Heroes: Opposing Fronts (x32)
Company of Heroes: Tales of Valor (x32)
Costume Quest Prototype (x32)
CyberLink Media Suite (x32 Version: 8.0.2227)
CyberLink Media+ Player10 (x32 Version: 10.0.1110.00)
CyberLink MediaShow (x32 Version: 5.0.1130a)
CyberLink Power2Go (x32 Version: 6.1.3802)
CyberLink PowerDirector (x32 Version: 8.0.3306)
CyberLink YouCam (x32 Version: 3.1.5016)
D3DX10 (x32 Version: 15.4.2368.0902)
Dark Souls: Prepare to Die Edition (x32)
Darksiders (x32)
DarksidersInstaller (x32 Version: 1.00.1000)
Defense Grid: The Awakening (x32)
Deus Ex: Game of the Year Edition (x32)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82)
Dungeon Defenders (x32)
Easy File Share (x32 Version: 1.2.4)
Easy Migration (x32 Version: 1.0)
Easy Settings (x32 Version: 1.1)
Easy Software Manager (x32 Version: 1.2.18.13)
Easy Support Center (Version: 1.2.23)
Endless Space (x32)
E-POP (x32 Version: 1.0.1)
Epson Connect (x32)
Epson Customer Participation (Version: 1.0.0.0)
EPSON CX7400 User's Guide (x32)
Epson Download Navigator (x32 Version: 1.0.1)
Epson Event Manager (x32 Version: 2.50.0001)
Epson FAX Utility (x32 Version: 1.20.00)
Epson PC-FAX Driver (x32)
EPSON Printer Software
EPSON Scan (x32)
EPSON Stylus CX7400 Series Scanner Driver Update (x32)
EPSON WorkForce 545 Series Printer Uninstall
ESET Online Scanner v3 (x32)
ETDWare PS/2-X64 10.7.16.1_WHQL (Version: 10.7.16.1)
ExpressCache (Version: 1.0.64)
Fable III (x32)
Fallout: New Vegas (x32)
Farm Frenzy (x32 Version: 2.2.0.82)
Forge (x32)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
From Dust (x32)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922)
GameSpy Arcade (x32)
GameSpy Comrade (x32 Version: 1.5.0.156)
Google Chrome (HKCU Version: 28.0.1500.71)
Google Drive (x32 Version: 1.9.4536.8202)
Google Talk Plugin (x32 Version: 3.19.1.13088)
Google Update Helper (x32 Version: 1.3.21.149)
Guild Wars 2 (x32)
Hack n Slash Prototype (x32)
Half Minute Hero: Super Mega Neo Climax Ultimate Boy (x32)
Half-Life 2: Episode Two (x32)
Happy Song Prototype (x32)
Hotline Miami (x32)
ID CPU-Z 1.61.3
Indie Game: The Movie (x32)
Insaniquarium Deluxe (x32 Version: 2.2.0.82)
Intel PROSet Wireless
Intel® Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342)
Intel® Management Engine Components (x32 Version: 8.0.2.1410)
Intel® OpenCL CPU Runtime (x32)
Intel® Processor Graphics (x32 Version: 8.15.10.2618)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (Version: 15.0.0.0059)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.1.1.0153)
Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.225)
Intel® WiDi (x32 Version: 3.0.12.0)
Intel® Wireless Display
Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0642)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
Iron Brigade (x32)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
John Deere Drive Green (x32 Version: 2.2.0.82)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Just Cause 2 (x32)
LogMeIn Hamachi (x32 Version: 2.1.0.294)
Magicka (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mass Effect (x32)
Mass Effect 2 (x32)
Mass Effect™ 3 (x32 Version: 1.05.0.0)
Mesh Runtime (x32 Version: 15.4.5722.2)
Metro 2033 (x32)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Mouse and Keyboard Center (Version: 1.1.500.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Multimedia POP (x32 Version: 1.0)
Mumble 1.2.3 (x32 Version: 1.2.3)
Neverwinter (x32)
Norton Online Backup (x32 Version: 2.1.17869)
NVIDIA Control Panel 296.32 (Version: 296.32)
NVIDIA Graphics Driver 296.32 (Version: 296.32)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA Optimus 1.7.12 (Version: 1.7.12)
NVIDIA PhysX (x32 Version: 9.12.0613)
NVIDIA Update Components (Version: 1.7.12)
Offspring Fling! (x32)
OpenAL (x32)
Orcs Must Die! (x32)
Orcs Must Die! 2 (x32)
Origin (x32 Version: 9.1.15.109)
Overlord (x32)
Painkiller: Black Edition (x32)
PAYDAY: The Heist (x32)
Peggle (x32 Version: 2.2.0.82)
Penguins! (x32 Version: 2.2.0.82)
PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版 (x32)
Plants vs. Zombies (x32 Version: 2.2.0.82)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Polar Golfer (x32 Version: 2.2.0.82)
Portal 2 (x32)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
PROTOTYPE 2 (x32)
Psychonauts (x32)
PunkBuster Services (x32 Version: 0.992)
Puran Defrag 7.6
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek Ethernet Controller Driver (x32 Version: 7.50.1123.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6608)
Recettear: An Item Shop's Tale (x32)
Red Faction: Guerrilla  (x32)
Rockstar Games Social Club (x32 Version: 1.0.6.1)
Saints Row: The Third (x32)
Samsung Kies (x32 Version: 2.0.0.11044_11)
Samsung Recovery Solution 5 (x32 Version: 5.0.2.7)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.10.0)
Secure Download Manager (x32 Version: 3.1.0)
Serious Sam HD: The First Encounter (x32)
Sid Meier's Civilization IV (x32)
Sid Meier's Civilization V (x32)
Sins of a Solar Empire: Trinity (x32)
Skype™ 6.3 (x32 Version: 6.3.105)
Software Launcher (x32 Version: 1.0.2)
Source SDK Base 2007 (x32)
Spacebase DF-9 Prototype (x32)
Spec Ops: The Line (x32)
Stacking (x32)
Star Conflict (x32)
Steam (x32 Version: 1.0.0.0)
Stronghold (x32)
Super Monday Night Combat (x32)
Team Fortress 2 (x32)
Terraria (x32)
The Binding of Isaac (x32)
The White Birch Prototype (x32)
Titan Quest (x32)
Tropico 4 (x32)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Unity Web Player (HKCU Version: )
Universe at War: Earth Assault (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
User Guide (x32 Version: 2.0)
Warcraft III (x32)
Warcraft III: All Products (HKCU)
Warframe (x32)
Warhammer 40,000 Space Marine (x32)
Warhammer 40,000: Dawn of War – Dark Crusade (x32)
Warhammer 40,000: Dawn of War - Game of the Year Edition (x32)
Warhammer 40,000: Dawn of War – Soulstorm (x32)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (x32)
Webroot SecureAnywhere (x32 Version: 8.0.2.155)
WildTangent Games (x32 Version: 1.0.1.5)
WildTangent ORB Game Console (x32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Pošta (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 메일 (x32 Version: 15.4.3502.0922)
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922)
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 照片库 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3538.0513)
Windows Live 软件包 (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
XCOM: Enemy Unknown (x32)
Ys Origin (x32)
Zuma Deluxe (x32 Version: 2.2.0.95)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
بريد Windows Live (x32 Version: 15.4.3502.0922)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)
 
==================== Restore Points  =========================
 
10-07-2013 19:38:04 Windows Update
10-07-2013 20:07:37 Installed DirectX
11-07-2013 02:49:16 Installed DirectX
11-07-2013 05:53:28 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {12E8570B-412F-4100-B3CD-6A422573B3D9} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {143A4A6A-1D4E-4408-9CDB-C8D62B292F6F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {169631C7-9934-4D46-AAF5-74469F63AF6A} - System32\Tasks\Easy Software Manager Agent => %ProgramFiles(x86)%\Samsung\Easy Software Manager\SWMAgent.exe No File
Task: {1B1F410F-D453-458C-999E-771CFDEFA195} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-16] (CyberLink)
Task: {1C23A713-9F91-4C03-9607-0FAA64B99F40} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {21BE51FC-882E-445B-8FA4-5ADB6F8037A3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {3885036D-8265-4BBC-82CE-3BA628D3877E} - System32\Tasks\MovieColorEnhancer => %programfiles(x86)%\Samsung\Easy Settings\MovieColorEnhancer.exe No File
Task: {3C077FF2-1979-4EAE-A730-ADA94C9894B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19] (Google Inc.)
Task: {4578B798-9D15-490A-8571-A031B461905D} - System32\Tasks\SmartSetting => %programfiles(x86)%\Samsung\Easy Settings\SmartSetting.exe No File
Task: {471A5EF3-A694-4154-A623-5A6E3D1E9D4C} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-08] (Samsung Electronics Co., Ltd.)
Task: {473F6717-1D82-48F9-98E0-0C11FF25F20C} - System32\Tasks\EasySpeedUpManager => %programfiles(x86)%\Samsung\Easy Settings\EasySpeedUpManager.exe No File
Task: {5B136CE7-1B0E-49A4-B4D3-185118D291E4} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-01-28] (SEC)
Task: {62193F84-275B-4544-AF94-7677D2CDD187} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3575110223-3707097088-2884409191-1001UA => C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-18] (Google Inc.)
Task: {6B200F19-A83C-47F8-A412-6F2F1A142595} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {6E7675E8-FB73-4FCB-9FB2-C89DEDE655C6} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {78E51283-DAD3-4368-BC41-5F894A873FBE} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2012-04-19] (Samsung Electronics CO., LTD.)
Task: {9FBE1B20-79AC-4C10-A0D0-AA398067233A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-24] (Intel Corporation)
Task: {B3E1D197-2B76-45BA-9A3B-3924D042C1B6} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-24] (Intel Corporation)
Task: {BAA559F9-98AC-48D9-BF81-2A156640F0E9} - System32\Tasks\WLANStartup => %programfiles(x86)%\Samsung\Easy Settings\WLANStartup.exe No File
Task: {BB7DCEA8-F657-44D9-980D-B9126B543CC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19] (Google Inc.)
Task: {C21A4696-02EE-4B30-9830-ED005061D380} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3575110223-3707097088-2884409191-1001Core => C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-18] (Google Inc.)
Task: {CBE04C6D-AD53-40A3-91E9-0B126A3B0E31} - System32\Tasks\KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2011-12-12] (Samsung)
Task: {CF40DA2F-D679-42CC-891D-2C70F0D4969B} - System32\Tasks\EasyBatteryManager => %ProgramFiles(x86)%\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe No File
Task: {D38B915C-7841-4E12-BD6A-43DC4C0AE432} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => C:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {E06B6DF7-BF8F-4132-9F70-E03CE8C27486} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-10] (Adobe Systems Incorporated)
Task: {FB70526A-065E-4B51-B018-33DBEA097CDB} - System32\Tasks\SCCSpeedBoot => %programfiles(x86)%\Samsung\Easy Settings\SCCSpeedBoot.exe No File
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3575110223-3707097088-2884409191-1001Core.job => C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3575110223-3707097088-2884409191-1001UA.job => C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Faulty Device Manager Devices =============
 
Name: avast! Network Shield Support
Description: avast! Network Shield Support
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswTdi
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/15/2013 03:07:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/13/2013 07:36:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/13/2013 07:35:54 PM) (Source: PerfNet) (User: )
Description: 
 
Error: (07/12/2013 11:54:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (07/12/2013 11:54:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/11/2013 10:36:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/11/2013 09:37:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/10/2013 08:30:06 PM) (Source: MsiInstaller) (User: Sam-PC)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.
 
Error: (07/10/2013 03:30:54 PM) (Source: MsiInstaller) (User: Sam-PC)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.
 
Error: (07/10/2013 10:54:04 AM) (Source: Application Hang) (User: )
Description: The program dmhkcore.exe version 3.2.8.38 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c20
 
Start Time: 01ce7d7b21831bda
 
Termination Time: 642
 
Application Path: C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
 
Report Id: cfe014d5-e978-11e2-afd3-c48508724aba
 
 
System errors:
=============
Error: (07/15/2013 03:11:45 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/15/2013 03:11:45 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/15/2013 03:11:45 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/15/2013 03:11:44 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/15/2013 03:11:44 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/15/2013 03:11:44 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/15/2013 03:11:44 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/15/2013 03:11:44 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/15/2013 03:11:44 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (07/15/2013 03:11:33 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (07/15/2013 03:07:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/13/2013 07:36:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/13/2013 07:35:54 PM) (Source: PerfNet)(User: )
Description: 
 
Error: (07/12/2013 11:54:14 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sam\Desktop\compstuff\esetsmartinstaller_enu.exe
 
Error: (07/12/2013 11:54:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/11/2013 10:36:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/11/2013 09:37:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/10/2013 08:30:06 PM) (Source: MsiInstaller)(User: Sam-PC)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (07/10/2013 03:30:54 PM) (Source: MsiInstaller)(User: Sam-PC)
Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (07/10/2013 10:54:04 AM) (Source: Application Hang)(User: )
Description: dmhkcore.exe3.2.8.38c2001ce7d7b21831bda642C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.execfe014d5-e978-11e2-afd3-c48508724aba
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 16%
Total physical RAM: 7973.54 MB
Available physical RAM: 6625.34 MB
Total Pagefile: 15945.25 MB
Available Pagefile: 14622.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:899.75 GB) (Free:342.08 GB) NTFS (Disk=0 Partition=2)
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 816B67ED)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=900 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22 GB) - (Type=27)
Partition 4: (Not Active) - (Size=10 GB) - (Type=83)
 
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=7 GB) - (Type=73)
 
==================== End Of Log ============================

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 15 July 2013 - 04:29 PM

Hi Sam,

Please consider and complete the following for me.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

If you choose to uninstall please go to Start, Control Panel, Add/Remove Programs (or Programs and Features) and uninstall the program.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
BrowserProtect 1.12
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did BrowserProtect uninstall properly?
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Sam man

Sam man
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 15 July 2013 - 05:37 PM

Revo Uninstaller could not find the Browser Protect uninstall file

 

 

combofix log: (note: i disabled both webroot and avast but combofix still showed them as enabled)

 

ComboFix 13-07-15.01 - Sam 07/15/2013  17:22:57.1.8 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7974.6796 [GMT -5:00]
Running from: c:\users\Sam\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Roaming
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-15 to 2013-07-15  )))))))))))))))))))))))))))))))
.
.
2013-07-15 22:31 . 2013-07-15 22:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-15 22:31 . 2013-07-15 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-15 22:17 . 2013-07-15 22:17 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D76975E7-FBCA-46F8-BDB6-DF16D2312656}\offreg.dll
2013-07-15 22:09 . 2013-07-15 22:09 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-07-15 20:10 . 2013-07-15 20:10 -------- d-----w- C:\FRST
2013-07-11 02:45 . 2013-07-11 03:57 -------- d-----w- c:\users\Sam\AppData\Local\Warframe
2013-07-10 20:08 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 20:08 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-10 20:08 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 20:08 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-10 20:08 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 20:08 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 20:08 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 20:07 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 20:07 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 20:07 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 20:07 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 20:05 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-07-10 20:05 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-07-10 20:05 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 20:05 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-07-10 20:05 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-07-10 20:04 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 20:04 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 20:04 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 20:04 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 20:04 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 20:03 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-07-10 20:03 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-07-10 20:03 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-07-10 20:03 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-10 20:03 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-10 20:03 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-10 20:03 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-10 20:03 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-07-10 20:03 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-10 20:03 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-07-10 20:01 . 2013-04-10 05:45 1545728 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 20:01 . 2013-04-10 05:02 1077760 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 19:42 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D76975E7-FBCA-46F8-BDB6-DF16D2312656}\mpengine.dll
2013-07-02 14:22 . 2013-07-02 14:24 -------- d-----w- c:\program files\Puran Defrag
2013-07-02 14:22 . 2013-01-17 21:24 1367424 ----a-w- c:\windows\system32\PuranFD.exe
2013-07-02 14:22 . 2013-01-17 21:23 292736 ----a-w- c:\windows\system32\PuranDefragS.exe
2013-07-02 14:22 . 2013-01-17 21:23 132480 ----a-w- c:\windows\system32\PuranDefragBT.exe
2013-07-02 14:22 . 2013-01-17 21:23 287616 ----a-w- c:\windows\system32\PuranDC.exe
2013-07-02 14:22 . 2012-12-13 17:09 256896 ----a-w- c:\windows\system32\PuranDefrag.dll
2013-07-01 02:17 . 2013-07-01 02:17 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-06-30 11:54 . 2013-07-01 02:12 -------- d-----w- c:\users\Sam\AppData\Local\lptmp1309630940
2013-06-23 02:54 . 2013-06-30 11:53 -------- d-----w- c:\users\Sam\AppData\Local\lptmp891577465
2013-06-23 01:33 . 2013-06-23 01:33 -------- d-----w- c:\users\Sam\AppData\Local\lptmp1974256386
2013-06-23 01:33 . 2013-06-23 01:33 150160 ----a-w- c:\windows\SysWow64\WRusr.dll
2013-06-23 01:33 . 2013-06-23 01:33 112616 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2013-06-23 01:33 . 2013-06-23 01:33 102792 ----a-w- c:\windows\system32\WRusr.dll
2013-06-22 02:20 . 2013-06-22 02:20 -------- d-----w- c:\program files (x86)\ESET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-10 16:00 . 2012-10-24 19:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-10 16:00 . 2012-10-24 19:33 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-10 14:45 . 2013-03-14 07:42 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-10 14:45 . 2012-08-24 00:34 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-07-10 14:45 . 2012-08-24 00:34 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-30 11:54 . 2012-11-08 08:42 9842040 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
2013-06-24 05:41 . 2012-10-11 05:43 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-05-31 08:15 . 2013-05-31 08:15 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-31 08:15 . 2013-05-31 08:15 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-05-31 08:15 . 2013-05-31 08:15 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-31 08:15 . 2013-05-31 08:15 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-31 08:15 . 2013-05-31 08:15 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-05-31 08:15 . 2013-05-31 08:15 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-31 08:15 . 2013-05-31 08:15 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-05-31 08:15 . 2013-05-31 08:15 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-05-31 08:15 . 2013-05-31 08:15 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-31 08:15 . 2013-05-31 08:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-31 08:15 . 2013-05-31 08:15 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-31 08:15 . 2013-05-31 08:15 441856 ----a-w- c:\windows\system32\html.iec
2013-05-31 08:15 . 2013-05-31 08:15 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-31 08:15 . 2013-05-31 08:15 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-31 08:15 . 2013-05-31 08:15 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-05-31 08:15 . 2013-05-31 08:15 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-31 08:15 . 2013-05-31 08:15 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-31 08:15 . 2013-05-31 08:15 2647552 ----a-w- c:\windows\system32\iertutil.dll
2013-05-31 08:15 . 2013-05-31 08:15 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-31 08:15 . 2013-05-31 08:15 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-31 08:15 . 2013-05-31 08:15 2242048 ----a-w- c:\windows\system32\wininet.dll
2013-05-31 08:15 . 2013-05-31 08:15 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-31 08:15 . 2013-05-31 08:15 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-31 08:15 . 2013-05-31 08:15 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-31 08:15 . 2013-05-31 08:15 1767424 ----a-w- c:\windows\SysWow64\wininet.dll
2013-05-31 08:15 . 2013-05-31 08:15 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-31 08:15 . 2013-05-31 08:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-31 08:15 . 2013-05-31 08:15 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-31 08:15 . 2013-05-31 08:15 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-31 08:15 . 2013-05-31 08:15 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-31 08:15 . 2013-05-31 08:15 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-31 08:15 . 2013-05-31 08:15 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-05-31 08:15 . 2013-05-31 08:15 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-31 08:15 . 2013-05-31 08:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-31 08:15 . 2013-05-31 08:15 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-05-31 08:15 . 2013-05-31 08:15 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-31 08:15 . 2013-05-31 08:15 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-31 08:15 . 2013-05-31 08:15 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-31 08:15 . 2013-05-31 08:15 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-31 08:15 . 2013-05-31 08:15 855552 ----a-w- c:\windows\system32\jscript.dll
2013-05-31 08:15 . 2013-05-31 08:15 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-31 08:15 . 2013-05-31 08:15 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-31 08:15 . 2013-05-31 08:15 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-05-31 08:15 . 2013-05-31 08:15 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-31 08:15 . 2013-05-31 08:15 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-05-31 08:15 . 2013-05-31 08:15 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-31 08:15 . 2013-05-31 08:15 526336 ----a-w- c:\windows\system32\ieui.dll
2013-05-31 08:15 . 2013-05-31 08:15 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-31 08:15 . 2013-05-31 08:15 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-05-31 08:15 . 2013-05-31 08:15 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-31 08:15 . 2013-05-31 08:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-31 08:15 . 2013-05-31 08:15 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-05-31 08:15 . 2013-05-31 08:15 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-05-31 08:15 . 2013-05-31 08:15 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-31 08:15 . 2013-05-31 08:15 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-31 08:15 . 2013-05-31 08:15 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-31 08:15 . 2013-05-31 08:15 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-31 08:15 . 2013-05-31 08:15 235008 ----a-w- c:\windows\system32\url.dll
2013-05-31 08:15 . 2013-05-31 08:15 19231232 ----a-w- c:\windows\system32\mshtml.dll
2013-05-31 08:15 . 2013-05-31 08:15 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-31 08:15 . 2013-05-31 08:15 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-31 08:15 . 2013-05-31 08:15 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-05-31 08:15 . 2013-05-31 08:15 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-31 08:15 . 2013-05-31 08:15 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-31 08:15 . 2013-05-31 08:15 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-31 08:15 . 2013-05-31 08:15 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-31 08:15 . 2013-05-31 08:15 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-05-31 08:15 . 2013-05-31 08:15 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-31 08:15 . 2013-05-31 08:15 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-31 08:15 . 2013-05-31 08:15 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-31 08:15 . 2013-05-31 08:15 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-31 08:04 . 2013-05-31 08:04 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-31 08:04 . 2013-05-31 08:04 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-31 08:04 . 2013-05-31 08:04 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-05-31 08:04 . 2013-05-31 08:04 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-05-31 08:04 . 2013-05-31 08:04 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-31 08:04 . 2013-05-31 08:04 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-31 08:04 . 2013-05-31 08:04 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-31 08:04 . 2013-05-31 08:04 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-31 08:04 . 2013-05-31 08:04 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-31 08:04 . 2013-05-31 08:04 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-31 08:04 . 2013-05-31 08:04 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-05-31 08:04 . 2013-05-31 08:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-31 08:04 . 2013-05-31 08:04 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-31 08:04 . 2013-05-31 08:04 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-05-31 08:04 . 2013-05-31 08:04 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-31 08:04 . 2013-05-31 08:04 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-05-31 08:04 . 2013-05-31 08:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-31 08:04 . 2013-05-31 08:04 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-31 08:04 . 2013-05-31 08:04 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-05-31 08:04 . 2013-05-31 08:04 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-05-31 08:04 . 2013-05-31 08:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-31 08:04 . 2013-05-31 08:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE" [2013-03-28 241280]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2013-06-21 740328]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -q -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-8 9842040]
Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -p -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-8 9842040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R0 aswRvrt;aswRvrt; [x]
R0 aswVmm;aswVmm; [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 BpSvc;BrowserProtect Anti-Hijack Service;c:\program files (x86)\BrowserProtect\BpSvc.exe;c:\program files (x86)\BrowserProtect\BpSvc.exe [x]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
R2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 cpuz135;cpuz135;c:\users\Sam\AppData\Local\Temp\cpuz135\cpuz135_x64.sys;c:\users\Sam\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe;c:\windows\SYSNATIVE\PuranDefragS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswKbd;aswKbd; [x]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 16:00]
.
2013-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19 22:44]
.
2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19 22:44]
.
2013-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3575110223-3707097088-2884409191-1001Core.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-18 13:55]
.
2013-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3575110223-3707097088-2884409191-1001UA.job
- c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-18 13:55]
.
2013-07-14 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 04:41]
.
2013-07-10 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 04:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 04:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 04:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 04:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 04:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 04:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 04:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-29 12460136]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-26 11407120]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3575110223-3707097088-2884409191-1001\Software\SecuROM\License information*]
"datasecu"=hex:ba,eb,b5,f0,96,85,5d,57,dd,ae,b6,c3,a1,2c,89,34,9f,73,48,91,20,
   c1,40,c7,3b,1b,45,56,5a,47,17,ce,ab,5f,4e,f6,d6,f7,09,22,99,e9,aa,16,5b,5e,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-15  17:34:04
ComboFix-quarantined-files.txt  2013-07-15 22:34
.
Pre-Run: 367,233,400,832 bytes free
Post-Run: 367,190,204,416 bytes free
.
- - End Of File - - 8E790C76B0C30E1446A203FCE8239526
D41D8CD98F00B204E9800998ECF8427E


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 15 July 2013 - 06:02 PM

Let's try to uninstall the program another way. In addition, we need to remove one of the antivirus programs you have on your computer.

Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

BrowserProtect


===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.
 

Avast
Webroot

  • Reboot your computer and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were you able to uninstall the programs?
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Sam man

Sam man
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 15 July 2013 - 07:51 PM

Browser Protect did not appear on the list of programs.

It should be noted that in my previous thread i was asked to run AdwCleaner, which deleted the C:\Program Files (x86)\BrowserProtect folder

 

Avast has been uninstalled

 

My computer ran sluggishly but mostly ok for a good hour or so. It would freeze up for several seconds occasionally. I tried playing Magicka and my entire computer froze up after about ten minutes of that, i could only move my mouse and nothing else would work. This continued for several minutes, after which i did a hard reset. When i booted my computer up again it ran similarly to before for about five minutes before freezing up again.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 15 July 2013 - 08:29 PM

I am not seeing any obvious reason for your trouble.

BrowserProtect is still showing up in your reports: 

R2 BpSvc;BrowserProtect Anti-Hijack Service;c:\program files (x86)\BrowserProtect\BpSvc.exe;c:\program files (x86)\BrowserProtect\BpSvc.exe [x]

Let's do this to see if it is a temperature issue.

===================================================

Core Temp

--------------------
  • Please download Core Temp and save it to your desktop
  • Launch the program
  • Monitor the core temperature both at computer idle and when performing tasks
  • Post the results in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Sam man

Sam man
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 15 July 2013 - 09:07 PM

Core Temp is not installing. When I open the installer it brings up a window saying it is preparing the installation, then when that is done a blank white window comes up labeled Core Temp Installation.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 15 July 2013 - 09:47 PM

I would like to take a different snapshot of your computer to see if it detects any malicious software. Please do this.

===================================================

OTL

--------------------
  • Please download OTL and save it to your desktop
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Copy and paste the two reports in your next reply.

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • OTL log
  • Extra log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Sam man

Sam man
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 15 July 2013 - 10:02 PM

OTL log:

 

OTL logfile created on: 7/15/2013 9:50:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sam\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.79 Gb Total Physical Memory | 5.58 Gb Available Physical Memory | 71.60% Memory free
15.57 Gb Paging File | 13.11 Gb Available in Paging File | 84.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 899.75 Gb Total Space | 347.54 Gb Free Space | 38.63% Space Free | Partition Type: NTFS
 
Computer Name: SAM-PC | User Name: Sam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/15 21:49:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
PRC - [2013/07/15 17:32:38 | 000,563,112 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/07/15 17:32:36 | 001,807,272 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/06/20 23:17:01 | 000,740,328 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2013/05/15 12:08:46 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/05 16:42:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/05/08 22:00:38 | 001,113,992 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2012/05/01 18:03:44 | 002,279,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2012/04/24 23:18:10 | 000,784,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2012/04/23 23:47:30 | 002,797,648 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
PRC - [2012/03/27 01:10:06 | 003,458,952 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe
PRC - [2012/03/26 18:02:04 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/03/26 18:02:02 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012/03/26 18:01:56 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/03/26 18:01:56 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2012/03/26 11:14:26 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/16 08:08:06 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/02/13 01:02:24 | 000,031,624 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
PRC - [2012/02/07 21:03:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/02/07 21:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/01/31 01:59:36 | 001,747,336 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MobileAPset.exe
PRC - [2012/01/31 01:56:48 | 001,640,328 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
PRC - [2012/01/28 00:38:52 | 004,466,256 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2011/12/12 01:35:50 | 000,937,360 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
PRC - [2011/10/01 10:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 10:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/09/19 22:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
PRC - [2009/11/02 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/15 17:32:40 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/07/15 17:32:38 | 001,122,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/07/03 00:10:26 | 000,396,240 | ---- | M] () -- C:\Users\Sam\AppData\Local\Google\Chrome\Application\28.0.1500.71\ppgooglenaclpluginchrome.dll
MOD - [2013/07/03 00:10:23 | 004,052,944 | ---- | M] () -- C:\Users\Sam\AppData\Local\Google\Chrome\Application\28.0.1500.71\pdf.dll
MOD - [2013/07/03 00:09:27 | 000,601,552 | ---- | M] () -- C:\Users\Sam\AppData\Local\Google\Chrome\Application\28.0.1500.71\libglesv2.dll
MOD - [2013/07/03 00:09:26 | 000,123,344 | ---- | M] () -- C:\Users\Sam\AppData\Local\Google\Chrome\Application\28.0.1500.71\libegl.dll
MOD - [2013/07/03 00:09:23 | 001,597,392 | ---- | M] () -- C:\Users\Sam\AppData\Local\Google\Chrome\Application\28.0.1500.71\ffmpegsumo.dll
MOD - [2013/07/01 11:20:48 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/06/14 18:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 18:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 18:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/03/21 08:36:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2011/02/16 11:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2009/11/02 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2006/08/11 22:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/06/20 23:17:01 | 000,740,328 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/28 13:04:39 | 000,136,576 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE -- (EPSON_PM_RPCV4_05)
SRV:64bit: - [2013/01/17 16:23:56 | 000,292,736 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2012/02/02 08:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/12/07 20:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2011/12/07 20:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/12/07 20:43:48 | 000,618,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/12/07 20:43:44 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/12/04 19:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/12/04 18:55:36 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/09/23 01:20:42 | 000,079,664 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe -- (ExpressCache)
SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2010/09/22 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/07/15 17:32:38 | 000,563,112 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/10 11:00:05 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/15 12:08:44 | 002,467,664 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/05 16:42:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/26 18:02:04 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/03/26 18:02:02 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012/03/26 18:01:56 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/03/21 08:36:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/13 01:02:24 | 000,031,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe -- (SamsungDeviceConfigurationWinService)
SRV - [2012/02/07 21:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/07 21:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/07 21:03:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/02/07 21:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/02 12:34:42 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/10/01 10:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 10:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/01 07:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/24 20:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/06/01 01:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/22 20:33:17 | 000,112,616 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/06 17:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/26 23:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/05/08 15:18:34 | 000,280,912 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/03/26 11:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/03/26 11:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/03/26 11:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/03/21 08:36:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/03/20 21:13:14 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/16 08:08:26 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2012/02/12 19:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012/02/12 18:53:54 | 000,095,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2012/01/05 05:36:54 | 014,652,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/20 03:38:38 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/12/20 03:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/12/20 03:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/12/05 13:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/12/04 19:22:58 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/12/04 19:22:58 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/12/01 08:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/11/29 05:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/23 09:02:20 | 000,648,808 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/10 04:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/10/04 05:22:06 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/10/04 05:22:06 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/10/04 05:22:06 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/10/01 10:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 10:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 10:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 10:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/23 01:20:50 | 000,080,688 | ---- | M] (Diskeeper Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\excsd.sys -- (excsd)
DRV:64bit: - [2011/09/23 01:20:50 | 000,023,344 | ---- | M] (Diskeeper Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\excfs.sys -- (excfs)
DRV:64bit: - [2011/09/22 00:39:44 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/11/18 14:07:58 | 000,059,904 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\S-1-5-21-3575110223-3707097088-2884409191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKU\S-1-5-21-3575110223-3707097088-2884409191-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3575110223-3707097088-2884409191-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\PepperFlash\11.8.800.97\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sam\AppData\Local\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sam\AppData\Local\Google\Chrome\Application\28.0.1500.71\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Sam\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Adblock Plus = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0\
CHR - Extension: Ghostery = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\
CHR - Extension: NotScripts = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
CHR - Extension: Webroot = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.0.15_0\
 
O1 HOSTS File: ([2013/07/15 17:31:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O2:64bit: - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll ()
O2:64bit: - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKU\S-1-5-21-3575110223-3707097088-2884409191-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3575110223-3707097088-2884409191-1001..\Run: [EPLTarget\P0000000000000000] C:\windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545" File not found
O4 - HKU\S-1-5-21-3575110223-3707097088-2884409191-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3575110223-3707097088-2884409191-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3575110223-3707097088-2884409191-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3575110223-3707097088-2884409191-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar64.dll ()
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar64.dll ()
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar.dll ()
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar.dll ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8020CD9F-4B4E-4F4C-9116-988C4BEECE20}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9912CCE7-3586-4623-9DB3-42A3CBFC45F8}: DhcpNameServer = 147.26.8.11 147.26.8.12 147.26.24.66 158.135.1.79
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/15 21:49:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2013/07/15 20:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/07/15 18:58:45 | 000,000,000 | --SD | C] -- C:\windows\SysWow64\Microsoft
[2013/07/15 18:46:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/15 17:34:06 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/07/15 17:21:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/07/15 17:21:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/07/15 17:21:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/07/15 17:17:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/15 17:16:45 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/07/15 17:11:35 | 005,089,088 | R--- | C] (Swearware) -- C:\Users\Sam\Desktop\ComboFix.exe
[2013/07/15 17:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/07/15 17:09:02 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/07/15 15:10:36 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/15 15:09:09 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\diffstuff
[2013/07/10 21:45:33 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Warframe
[2013/07/10 15:07:53 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2013/07/10 15:07:51 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2013/07/10 15:07:41 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/07/10 15:07:41 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/07/10 15:05:33 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/07/10 15:05:32 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013/07/10 15:05:20 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll
[2013/07/10 15:05:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll
[2013/07/10 15:03:47 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/07/10 15:03:47 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe
[2013/07/10 15:03:47 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe
[2013/07/10 15:03:46 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/07/10 15:03:45 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certenc.dll
[2013/07/10 15:03:45 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certenc.dll
[2013/07/10 15:01:32 | 001,545,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/07/10 13:59:28 | 000,000,000 | ---D | C] -- C:\Users\Sam\Documents\WORK
[2013/07/02 09:22:51 | 001,367,424 | ---- | C] (Puran Software) -- C:\windows\SysNative\PuranFD.exe
[2013/07/02 09:22:51 | 000,292,736 | ---- | C] (Puran Software) -- C:\windows\SysNative\PuranDefragS.exe
[2013/07/02 09:22:51 | 000,287,616 | ---- | C] (Puran Software) -- C:\windows\SysNative\PuranDC.exe
[2013/07/02 09:22:51 | 000,256,896 | ---- | C] (Puran Software) -- C:\windows\SysNative\PuranDefrag.dll
[2013/07/02 09:22:51 | 000,132,480 | ---- | C] (Puran Software) -- C:\windows\SysNative\PuranDefragBT.exe
[2013/07/02 09:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2013/07/02 09:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2013/06/30 21:18:57 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/06/30 06:54:17 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\lptmp1309630940
[2013/06/22 21:54:08 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\lptmp891577465
[2013/06/22 20:33:37 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\lptmp1974256386
[2013/06/22 20:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
[2013/06/22 20:33:17 | 000,150,160 | ---- | C] (Webroot) -- C:\windows\SysWow64\WRusr.dll
[2013/06/22 20:33:17 | 000,112,616 | ---- | C] (Webroot) -- C:\windows\SysNative\drivers\WRkrn.sys
[2013/06/22 20:33:17 | 000,102,792 | ---- | C] (Webroot) -- C:\windows\SysNative\WRusr.dll
[2013/06/21 21:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/06/20 22:22:59 | 000,000,000 | ---D | C] -- C:\Users\Sam\Desktop\compstuff
[2012/11/08 03:42:30 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/15 21:52:23 | 000,793,584 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/07/15 21:52:23 | 000,669,758 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/07/15 21:52:23 | 000,125,654 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/07/15 21:49:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2013/07/15 21:48:05 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/15 21:46:36 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013/07/15 21:46:03 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3575110223-3707097088-2884409191-1001UA.job
[2013/07/15 21:45:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/15 21:45:42 | 4065,890,303 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/15 21:26:00 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/15 21:20:41 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync
[2013/07/15 21:00:01 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/15 21:00:01 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/15 20:59:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/07/15 19:38:00 | 000,000,848 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3575110223-3707097088-2884409191-1001Core.job
[2013/07/15 17:31:49 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/07/15 17:11:46 | 005,089,088 | R--- | M] (Swearware) -- C:\Users\Sam\Desktop\ComboFix.exe
[2013/07/15 17:09:02 | 000,001,268 | ---- | M] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk
[2013/07/11 09:37:00 | 000,281,088 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/07/10 11:51:04 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013/07/10 11:00:04 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/07/10 11:00:04 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/10 10:32:58 | 000,002,356 | ---- | M] () -- C:\Users\Sam\Desktop\Google Chrome.lnk
[2013/07/10 09:45:58 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum
[2013/07/10 09:45:58 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSP.sys.sum
[2013/07/10 09:45:58 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/30 21:09:21 | 000,007,088 | ---- | M] () -- C:\bootsqm.dat
[2013/06/30 06:54:17 | 009,842,040 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[2013/06/30 06:54:17 | 000,002,204 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
[2013/06/30 06:54:17 | 000,002,204 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
[2013/06/22 20:33:17 | 000,150,160 | ---- | M] (Webroot) -- C:\windows\SysWow64\WRusr.dll
[2013/06/22 20:33:17 | 000,112,616 | ---- | M] (Webroot) -- C:\windows\SysNative\drivers\WRkrn.sys
[2013/06/22 20:33:17 | 000,102,792 | ---- | M] (Webroot) -- C:\windows\SysNative\WRusr.dll
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/15 17:21:18 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/07/15 17:21:18 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/07/15 17:21:18 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/07/15 17:21:18 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/07/15 17:21:18 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/07/15 17:09:02 | 000,001,268 | ---- | C] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk
[2013/07/10 09:45:58 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum
[2013/07/10 09:45:58 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSP.sys.sum
[2013/07/10 09:45:58 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/30 21:09:21 | 000,007,088 | ---- | C] () -- C:\bootsqm.dat
[2013/06/30 06:54:17 | 000,002,204 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
[2013/06/30 06:54:17 | 000,002,204 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
[2013/06/01 09:16:43 | 000,819,200 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2013/06/01 09:16:43 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2013/04/05 16:37:24 | 000,280,792 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2013/04/05 16:37:18 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2013/03/08 19:35:11 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2013/03/08 19:35:10 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2013/03/08 19:35:10 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2013/03/08 19:35:10 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2013/03/08 19:35:10 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2013/03/08 19:35:10 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2013/03/08 19:35:10 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2013/03/08 19:35:10 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2013/03/08 19:35:10 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2013/03/08 19:35:10 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2013/03/08 19:35:09 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2013/03/08 19:35:09 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2013/03/08 19:35:09 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2013/03/08 19:35:09 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2013/03/08 19:35:09 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2013/03/08 19:35:09 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2013/03/08 19:32:39 | 000,000,079 | ---- | C] () -- C:\windows\EPSCX7400.ini
[2013/03/01 17:58:52 | 000,060,182 | ---- | C] () -- C:\windows\War3Unin.dat
[2012/12/11 05:12:23 | 000,001,149 | ---- | C] () -- C:\Users\Sam\Local - Shortcut.lnk
[2012/08/25 22:01:57 | 000,000,079 | ---- | C] () -- C:\windows\EWF545.ini
[2012/08/24 14:38:15 | 000,669,184 | ---- | C] () -- C:\windows\SysWow64\pbsvc.exe
[2012/08/18 09:19:36 | 000,787,800 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/05/10 21:56:26 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2012/05/10 20:46:51 | 000,003,526 | ---- | C] () -- C:\windows\HotFixList.ini
[2012/02/05 23:42:56 | 000,734,772 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin
[2012/02/05 23:42:55 | 000,557,476 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin
[2012/02/05 23:42:53 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/02/05 23:42:52 | 012,978,688 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll
[2012/02/02 08:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2011/09/28 19:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013/01/10 17:31:38 | 000,001,403 | ---- | M] ()(C:\Users\Sam\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk) -- C:\Users\Sam\Desktop\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版.lnk
[2013/01/10 17:31:38 | 000,001,403 | ---- | C] ()(C:\Users\Sam\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk) -- C:\Users\Sam\Desktop\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版.lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASY STAR ONLINE 2 ??????????????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版
 
< End of report >

Extra log:

 

OTL Extras logfile created on: 7/15/2013 9:50:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sam\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.79 Gb Total Physical Memory | 5.58 Gb Available Physical Memory | 71.60% Memory free
15.57 Gb Paging File | 13.11 Gb Available in Paging File | 84.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 899.75 Gb Total Space | 347.54 Gb Free Space | 38.63% Space Free | Partition Type: NTFS
 
Computer Name: SAM-PC | User Name: Sam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06ACF9CC-59A5-4A5C-ABE7-C0563BA538EF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0D376374-28F8-4085-96F1-42FCD072C4F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{10C9DBEB-41B8-4EEF-B5A5-7FD65BBB7B16}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1CC24032-6B45-4610-ABF1-39C6BE84CF35}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1E507632-246A-4A13-941E-27DA9CE09DAD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{21F62E43-2632-4787-A588-F6AE1AF30EFA}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{2BFACDC5-33B8-40A1-A130-39F9137C022C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2ED9DA58-A4CD-4B6A-A34F-D4B7C393B2EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3A56A74A-58FE-483A-BEC5-81F450180A7E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3EF1FB85-983F-485F-8A3A-75AFF3FDE239}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{41A0DCD2-7F91-41D8-8BAF-1229918C9572}" = lport=138 | protocol=17 | dir=in | app=system | 
"{52FB5330-2BCC-4C0C-9E17-DF769FF55CC6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{62E7C891-C033-45C1-87B0-9E8E04932EE9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{65F7D6EE-FA9C-4C00-A268-BC59B542D90B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6666F89D-C611-4788-B156-D2D2873CB228}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{876E6288-52B2-4CD4-9A15-3DEC7A807574}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8C3F8E44-5431-4B22-8AED-BDECECFA6293}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{A5A15882-5126-4BAA-BF0C-E1B8E6E137D2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A89B5CFD-9052-4F53-89A2-23C067744A69}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BA102CC0-6A3C-4F2F-96BE-D7E14C40D09F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C5A208F5-F3E3-460B-B694-C2576884C97F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C7729D31-CB25-446B-958E-A78D49052EBD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C90FA64F-7E28-4A27-9FA2-4FB573DF9F98}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D596B02B-97F2-48C1-9A64-0B135BE1D289}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D7B07E51-88C3-4440-BEFE-8A068980154A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E3C81A2C-51B9-4A47-9A2D-F9C4C9436C9F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EE2167A1-24C9-41CC-8C8B-CECFA686BC6D}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{F431C4C9-9A1A-4C5F-8CA8-BD9D099F2DCE}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D1E519-20C9-4592-84A0-E1FC8E8DF2DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe | 
"{022BF99B-3E72-49F4-943C-991C42F268B3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{03804BC1-0737-4D87-A373-C9307DD77EFA}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"{03D686EA-3796-47F8-93AB-A7A79B8D35A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{041F6C2B-A222-4A08-9E52-1F75B6539B57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\uberlauncher.exe | 
"{04BA2281-A4F6-4D7D-B939-259CC2975280}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2.exe | 
"{0507FFAB-66E9-4F24-BC92-355751F472E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys origin\yso_win.exe | 
"{05358D1A-D4EA-4B99-8E15-87E624D65D7F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe | 
"{0592C6A9-074F-4E90-8D3E-0DB183E580BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the white birch prototype\birch.exe | 
"{073328B6-FFC7-4806-915D-46C8C6A37158}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip beat\beat.exe | 
"{0765D66A-9829-4CF3-A25A-5CF7487AC969}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | 
"{07DEF085-30EB-426E-ABBE-817F255C3100}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | 
"{08B3A502-0EC8-44A8-8721-BE8E5B8CA3F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{0A034C5D-44A6-44FC-BCA0-345B15CD08F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{0AE0B24D-35B9-4139-994A-6AEE4DAB6ED9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe | 
"{0C0CB344-FF5B-4A49-BE2E-AC10367680BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe | 
"{0E53D314-6C36-4F57-8BC8-E7AEDBBC104E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe | 
"{0E5EEBC4-E916-454E-81B5-43A76FC6B4E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\costume quest\cq.exe | 
"{0E69A0CF-47F2-434B-BF08-71C59011A7BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys origin\config.exe | 
"{0ED3F0A4-E31C-428C-9D5F-62472A18901F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{0F484806-5172-4D4E-B9A4-E9BFA3117395}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{0F75855A-E1B1-4A2A-84B1-89D677E97A81}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"{104ADA9E-2118-4CBA-8ED3-E7D2DF0B5F2B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfswindows.exe | 
"{1059A032-1DF8-4957-9396-2B8B3E8D44CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe | 
"{10772C2A-B4AA-4F8E-A9E1-72F19C6E580D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild 2 renaissance\guildii.exe | 
"{10BF9C7E-276E-4C85-9B2D-E5C823BF6BD1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars republic commando\gamedata\system\swrepubliccommando.exe | 
"{1178DE5C-B517-4DF8-8566-EE6994E279CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 tiberium wars\cnc3.exe | 
"{11978905-502B-472E-A085-71810D2235FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1358D6B5-30F5-4801-B698-C765039CA9DE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{15746930-6440-4105-9231-4F74DBF22E98}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"{16441F51-DBF9-402F-8169-D49A1F1961F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40kwa.exe | 
"{16A9A5FB-8ECC-4CEF-BC97-7BD28BE955F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{16AD1A7C-C974-4DC1-82B8-31A9F0684580}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3y.exe | 
"{1714DDDE-31BD-4D05-8089-806C0691439C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indie game the movie\igtm.exe | 
"{17312488-BD03-451C-81E7-377B1B2A6B6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\seriouseditor.exe | 
"{180DAC07-9231-47E4-80DE-F4762302BD33}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{1CC3A143-450B-4521-AF69-35D20EDA5DC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sins of a solar empire trinity\sins of a solar empire diplomacy.exe | 
"{1DD6B474-CFED-4320-82D8-807482F8E293}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{1DEF9613-81B4-4533-B9F2-ACEC1E067D71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{1FDBA0F3-B6FD-4FCC-B5A0-BD782746BAB9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\black lake prototype\black.exe | 
"{20A4C149-0678-4C04-B4BA-FD321B62066C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller black edition\bin\painkiller.exe | 
"{2209C8BC-638A-4904-B105-1AA4AF6BD066}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{226953A5-0207-486C-B3FA-B739100EBA22}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brutallegend\brutallegend.exe | 
"{22BB8DF3-092D-4B4D-BB0E-64991FB422AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\recettear.exe | 
"{24965521-95D3-444F-A625-EE8C7DCDB660}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{24E2F45A-1987-4F07-8B3E-8BDF277B8269}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{251B8C15-2012-4496-91CB-77C86ADEA0F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\endless space\endlessspace.exe | 
"{25C8B60A-6C6A-4ADE-8464-08B0B33F93C7}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{25FA349B-3855-4740-B99E-0445D0AC89F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{26F29281-FAF7-4298-B5A4-0B2FD1EA4E72}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{277034F2-9DEB-45F0-A606-3BD243BB8FB4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{27946485-F3B3-4B88-A40D-F5656ED6E2BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{27D36531-A7C2-414A-9002-DB439729A18A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold\stronghold.exe | 
"{281058A2-854D-4EC8-A3C1-8233D26EC89E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{282140F6-BB3E-4D09-9059-DDDC22AD05ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe | 
"{28D83903-D91D-4AF4-9F36-26C850B1DCA3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half minute hero\hmh.exe | 
"{294E1B0A-EE75-4FA3-B39C-F2228C288962}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{2999DC0C-6B4F-458E-B758-14EFC3E36D37}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2BAF0658-731F-4CFF-83BA-7B9DBFEDCFF1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe | 
"{2BC00CF0-5E6E-4BC0-BB04-70E848DD5300}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\uberlauncher.exe | 
"{2BD758E7-D3BC-4733-8D36-EE0F74DAD352}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{2C3CBCC3-CF98-4D74-82C8-C80630630758}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shadow warrior original\bin\launcher.exe | 
"{2DA09D9F-448E-4602-A48B-BF9C2F43976F}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{2EFB01D2-5B40-42D0-BF45-37B78B744D5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oil rush\launcher_steam.bat | 
"{2F415B10-A736-4EC5-B5AE-2034521AD78B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe | 
"{31611EDA-F5DB-4274-9097-9CE855DA29E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{32C198EB-3D0B-4EBB-9F3E-BC2D7E4545FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild ii - pirates of the european seas\guildii.exe | 
"{332BD432-BBB1-4F20-9189-666DBF3D92AB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hack n slash prototype\afhack.exe | 
"{3458205E-FE08-4D91-9E4A-7411EEB3B1E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max 301\sammax301.exe | 
"{34ABB47A-92D8-403E-BD10-25653164A9A6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{34D3806B-668C-450C-BBA6-77A7FAB8FD89}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{34D50F53-2C55-449A-BC88-83D672040DB7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{353F4285-3D7F-4ADC-9B49-14D52F264784}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{35B9D09D-5B5E-41E9-A800-DADEF2B5F525}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{361EEB20-C8C5-4604-ADFB-4C70FB402A42}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | 
"{37908C62-37D8-4E09-877B-747168090A55}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{3B6FEC79-99AC-4206-87E4-E7FDA0C8931C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{3DC300CB-8162-4692-B737-CBC955EFA8EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3DE0403A-725A-40E3-B333-8F6AAFF26E2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\black lake prototype\black.exe | 
"{3EC92EA9-AE6F-481F-B988-BCE922A50EDF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{3FC6AB81-9A47-40B1-91E5-CA22604C83DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{3FF813FD-976B-409C-84D7-F4CBD158C2A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe | 
"{40ED0E63-BA60-4280-ACFD-8060A59989C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sins of a solar empire trinity\sins of a solar empire diplomacy.exe | 
"{41ECE1B5-8C10-4922-BC2D-F6A5EF03CD68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\happy song prototype\afmana.exe | 
"{43502676-DDAD-440B-A28D-2E7F0B7166FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\universe at war earth assault\launchuaw.exe | 
"{43807C5C-70A1-4CD2-9AE3-0570F5BDE308}" = protocol=58 | dir=in | app=system | 
"{445F8C9C-5DA7-469A-8BBB-FF7604543B7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{44A49D70-BF0E-47F7-B802-4FEC9955C1D2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{44CE00B7-2DA3-4348-BAA8-B307A0F854B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{44E8745F-678E-49DB-87CA-0B9025DDD4F7}" = dir=in | app=%programfiles% (x86)\logmein hamachi\hamachi-2.exe | 
"{4875914A-FF73-4FEA-B286-E99A598D2166}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\autonomous prototype\launcher.exe | 
"{4876CEC0-8026-453D-8DB7-5FF2FCB309ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe | 
"{48E793EC-A2EE-44AC-AA84-1D46C168991E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe | 
"{4A50FAD7-A17F-49D5-9568-A908943CA824}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half minute hero\hmh.exe | 
"{4BD2D329-BEAE-4839-B87B-D888ED812EA9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe | 
"{4BECE3E6-DBD7-4B04-B440-36327E924D64}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\offspring fling!\offspring fling.exe | 
"{4C2172AD-88A6-4B0B-9913-A3DF6430BF42}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{4C69E1E5-034B-4DB7-8B46-A3961BA9BE99}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe | 
"{4E323954-2AC2-4DD2-B749-35F973BF61AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thomaswasalone\thomaswasalone.exe | 
"{4E68DD61-2910-41D8-9E8E-B8E66E9833F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{4ED87FC3-B8D5-4A5D-856B-65B7DE0BF2F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3x.exe | 
"{5167C459-1824-4517-A63A-186DED5D0D38}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{51B84742-0452-4F6D-9F3A-F132AAEF3AAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ironbrigade\ironbrigade.exe | 
"{53195652-A7FB-4488-8A22-99B92A0436F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe | 
"{541EA52B-6CEB-41A7-8665-AF8A5AC708DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{54AE480C-9631-4ADC-8F01-427D3920F3D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe | 
"{557F9573-0DD8-4017-B7E9-D1AF7F3DB411}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | 
"{55BA8342-07B4-444B-8357-A96DC203FFC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe | 
"{55ED1EE7-9755-454C-BF58-4F7B6BD7C35F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3.exe | 
"{56873B4D-9EF8-47FC-B760-E351F583E22A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | 
"{5929F4AA-22FC-4714-AECC-F66AA16EEBC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\serioussam.exe | 
"{59E0EF9E-A5DC-44BB-A34E-A5B821995A78}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{5A646F69-B8E4-46B1-9DF5-2A9ED1CDAC9E}" = dir=in | app=%programfiles% (x86)\logmein hamachi\hamachi-2-ui.exe | 
"{5B94D091-E6C6-4AA4-BFF1-8EB65A4A8F9C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm\binaries\win32\shippingpc-stormgame.exe | 
"{5BF90100-0F9F-41EF-ACCD-199A58FC2B95}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{5C4C4537-D8B9-43BB-9976-D2D33562A111}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe | 
"{5CC2A1B6-5EA2-44B4-8296-BBF0876CDFB5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{5CFF0CB7-61E7-40AE-AF51-D938FDD74472}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{5DFD9DA9-0E8E-4C35-AA19-61D9238143FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe | 
"{5ECB193E-DC83-4048-BF8C-3BAF81F05CF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe | 
"{5F4918EF-89A5-4F22-8E22-85F319B4CEE5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sins of a solar empire trinity\sins of a solar empire.exe | 
"{5F50F067-53B4-42AA-85B7-4641A53A5FAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | 
"{605615C1-8505-43B0-B0E4-A27EB966597A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sins of a solar empire trinity\sins of a solar empire entrenchment.exe | 
"{61D89D74-4C54-4587-8832-0D7B3AEE8A4F}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{64C30209-9194-4710-8F13-594FE0F82CED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3x.exe | 
"{65539265-A7B1-4E12-B313-230B4C3BA10F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{6739E040-28DC-4FD9-A58E-014B882A483C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{67E1DDBE-6C0C-4547-BD83-13757DDAAAF7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{6898CAE5-3213-4636-9F9A-F466EB34EF3E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{6905ED09-0F47-4C18-9553-3C40F455BFA9}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
"{6968A209-3C03-4953-8491-DED5544ACFEA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild 2 renaissance\guildii.exe | 
"{6983020F-B9F7-4B34-9766-1EB0D1669075}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\custom.exe | 
"{6A34442B-5932-487D-BBEF-4369FA679A78}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe | 
"{6ABA3582-043A-43DD-8E6E-EA9DB870DDA7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{6AD702CB-D536-401D-BCEA-AD40E8499AE3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe | 
"{6ADCB634-5B7E-47B7-8A6E-A5DA9176BDE0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6AF44A71-0C3C-4172-882F-82178D76D353}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | 
"{6B000AF9-B2AD-45F5-823C-BF9C5B9788AA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild ii\guildii.exe | 
"{6C71050D-1F65-4DA8-B7C7-72713C193899}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shadow warrior original\bin\launcher.exe | 
"{6D7FD44B-C293-41C5-8331-B641C8669FB0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{6E5DFA56-8BEF-4300-BF41-69BD54A0FC50}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe | 
"{6E6F380E-5339-4793-A87D-EDA7147838EA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe | 
"{6F6E11B6-B4C0-4B90-8406-F06018FB9BEA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{710DD74E-91C5-4088-9F11-D47C95416AB6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\binary domain\binarydomainconfiguration.exe | 
"{717B340E-F695-48A8-9577-9A56C5C74E25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{729D5009-EA74-458E-9F43-E970EB9FA467}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip beat\beat.exe | 
"{72A74E1F-1BEF-4C59-B393-64B88861EB39}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prototype 2\prototype2.exe | 
"{73421313-A77F-4259-AA6C-D8C36AF97D32}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{73ED492F-5C37-450E-B0DD-061E1B0DD392}" = protocol=6 | dir=in | app=c:\program files (x86)\origin\origin.exe | 
"{74460EC0-C42C-4167-809B-F15D1808FD57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{7477587E-30CA-4155-B255-3747BB0D8467}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\recettear.exe | 
"{74FD622F-DFB1-4D51-979A-4A017F85FD90}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{7706BD19-E766-4D17-9C8E-728724C7C0D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | 
"{77F94117-A179-4668-9B0C-A8EACDF4732C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\endless space\endlessspace.exe | 
"{7894E38E-24D5-4C13-BD75-BC120634E5F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe | 
"{78BF3084-B650-45E8-B594-1931DFFF59CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\binary domain\binarydomainconfiguration.exe | 
"{79457882-BAD2-479B-A2B6-E683798214B7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{79499C78-A82C-4239-8B8E-40CB31581DCD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe | 
"{79981625-019C-4776-9C73-14980E4108BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | 
"{79B0D44C-C883-413F-A471-3D19734F125E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe | 
"{7A01162F-34BC-4997-AECE-601AA6A3AF74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7B5E1254-D957-42A6-9D34-C34BE5C74803}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
"{7E4FF821-E9EE-4FAF-BC70-488215F68464}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.x64.exe | 
"{7F270A98-FFD1-45B9-A4A1-7257147A89C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe | 
"{7F2E8ABD-EA08-42B8-B2C3-C1E29B71F0C6}" = dir=out | app=%programfiles% (x86)\logmein hamachi\hamachi-2.exe | 
"{7F603F34-2C8D-4AB1-BB24-C3AE718523C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{7F808E0E-C309-4A8A-9E1C-72DF2ADD0FF3}" = protocol=17 | dir=out | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{7F80E19C-B122-45A5-926D-066F9E8B0C80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{80416228-D08C-4B71-951A-2DC413B6D051}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe | 
"{80CC08D1-7B26-446A-8150-007398EE244B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe | 
"{815AAF3F-5D9F-4270-9BC7-80D3280B7EFB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{81F6D363-9C02-4398-8A83-E1C19E43806C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 tiberium wars\support\ea help\electronic_arts_technical_support.htm | 
"{84DD4941-EBAB-4DF9-A7DD-8AF2823FB2A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 tiberium wars\cnc3.exe | 
"{87575C2C-E208-4670-8116-9496C6232694}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe | 
"{8765FD24-6989-4309-9333-0B0AFB7F06B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half minute hero\hmh.exe | 
"{883C1EDD-7EF9-4D67-A738-BD43D383253E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe | 
"{8B63EBAA-7ACD-4DEF-9967-50B18C6921B7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{8BCE5032-5195-4254-BEA0-A4D57201F71D}" = protocol=17 | dir=in | app=c:\program files (x86)\origin\origin.exe | 
"{8BDF5C27-5B7A-43A3-BBBF-C61D2F5A0857}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{8BE22E44-FED6-4962-B563-DB4B0C9B0BA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{8D1569E6-FDD6-4A32-928B-13E098168305}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars republic commando\gamedata\system\swrepubliccommando.exe | 
"{8E9CA6FC-FA58-4D81-8BC7-4C3BD0DFBF4C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{8F7B49AD-8832-41FF-BF31-D6C5A62BF20A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\endless space\endlessspace.exe | 
"{9011793E-323D-4E85-AC11-C1E0C3C3ED81}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spacebase df-9 prototype\win\bin\moai-fmod-designer.exe | 
"{90A3F575-476C-4328-B899-10B063976F86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\puzzle agent\grickle101.exe | 
"{90A4B5B6-53FF-4D50-BE5A-96F41A43DF4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{9166FC58-28F6-4B15-B193-3D4AB61FB990}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{9181811A-24B8-46E2-B341-3C972C8D867B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prototype 2\prototype2.exe | 
"{918393C3-EAD9-4F01-BA41-B65BA9B29AFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\puzzle agent 2\grickle102.exe | 
"{929D803F-196F-4586-B5D7-040CBB8743A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown-demo\binaries\win32\xcomgame.exe | 
"{939A5542-8E89-4ED0-B814-65BED2B38907}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{93FD2FEB-6A5B-47F3-9CE4-68D632BB7A8D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{954D101E-AD22-465C-9248-A76C4D5A7A34}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfswindows.exe | 
"{95BA7B1A-8A37-41A4-B41A-10E7E237247B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oil rush\launcher_steam.bat | 
"{962BC666-C485-4B21-88E0-7945610E3EEF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{96AE4595-A831-4DDE-B5F8-7C96A0B307E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sins of a solar empire trinity\sins of a solar empire entrenchment.exe | 
"{97283580-C360-4B13-A101-5988701C7DC0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defensegridtheawakening\defensegrid.exe | 
"{97B6A920-A533-4747-B9EC-DE7C007669FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe | 
"{97EA9AF7-186D-44C7-BE8C-4C1CAAF965D5}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{99646B26-5353-464A-A14A-58D9C88967E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\costume quest prototype\afcq.exe | 
"{9A232EED-C951-4204-B342-AD473E2E4627}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{9B1666C7-B52E-48FC-89C6-C7F372150CB0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\universe at war earth assault\launchuaw.exe | 
"{9D3B8E49-BAA2-4BEE-B7F6-9F6E988AABA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{9D4D4C75-6CFA-4880-8955-F1D7B747F76F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe | 
"{9E976E7C-5D93-4F9C-93DC-0FED6738F331}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half minute hero\hmh.exe | 
"{9F3B0AB2-8665-45EE-A43A-B3B7FCC4B263}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spacebase df-9 prototype\win\bin\moai-fmod-designer.exe | 
"{9FCBF6D5-8313-46C4-B2D8-7CCF7AC4204F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{A0FA4376-B26E-43D4-A89B-F8656A72CBA7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe | 
"{A27D0073-9832-43C0-A3D2-1A5874EE3EE3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{A2DD0B66-8393-4BCC-8008-DFB72BE3A916}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\english country tune\english country tune.exe | 
"{A393C588-DEA1-4376-993C-1867EA358CBF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{A4056FF1-5067-48F2-BE5D-DDF4FE2E7098}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe | 
"{A4452C40-8137-4F27-B445-E59216F1B38B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\seriouseditor.exe | 
"{A4A1D48C-F1D6-4303-AC6F-89A2E56A6187}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thomaswasalone\thomaswasalone.exe | 
"{A63F7DF7-05E4-47D1-B340-966793AB7DD8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{A69B5B7D-432C-4A4B-AC31-509B67743568}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{A76668FB-F6B6-4C60-B09E-A6B52CB25865}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brazen\brazen.exe | 
"{A7965648-7418-4A05-A1C6-EAB2F1C1AE3F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3y.exe | 
"{A7D30E1C-0882-4E52-B62A-1CAA519DC3B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life 2\hl2.exe | 
"{A8472147-23E3-41C7-A8AA-BA42027E076F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires 3\bin\age3.exe | 
"{A854EEBE-0B7C-4312-92EB-46E246EFD011}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{A855FCE8-5292-4064-B089-B4ABA375C193}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\proteus\proteus.exe | 
"{A8F2F590-E164-4508-B7DB-7E652134941F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | 
"{A9485AEA-2B96-4136-9C53-AA7EF61C285F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{A94FD404-16A3-46B8-8D46-FF2B9B7DFB1C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe | 
"{AB22398C-7E30-448F-BA88-35338F6B82CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\puzzle agent 2\grickle102.exe | 
"{AB55B476-5471-4861-914A-9AE915557535}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\binary domain\binarydomain.exe | 
"{AC2240A2-7F4A-450E-BE75-7B8C8EE7021A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\autonomous prototype\launcher.exe | 
"{AC6A9D9C-88A0-4DA3-B86B-E5EAB43A4044}" = protocol=6 | dir=out | app=system | 
"{AC9BAB97-93B0-4C6D-8C43-EDAF76ACA34A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stacking\stack.exe | 
"{AD0787E2-35BB-4A70-93D3-41BB68010FA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\custom.exe | 
"{AD158C78-F3E0-4A44-9DF1-3B2CEB2CFB01}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hotline_miami\hotlinemiami.exe | 
"{B19EA698-ABE2-4011-A8FD-57EE63DF47BA}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"{B1A02678-586D-4B9D-AA21-68BD6EF77029}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe | 
"{B20C6355-46CD-4BDC-B8BB-9A83F18852C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stacking\stack.exe | 
"{B4A91500-CF04-4517-B169-847BD1DBB59B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{B5DD5516-F313-40CE-BBAF-401DE6838B3A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B64E3805-E435-4BBA-831E-97189A3238AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{B6787DC1-00D3-4EC7-AF1D-FCE52730CBFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brutallegend\brutallegend.exe | 
"{B6F1B0B9-65C6-4A25-A290-4CEE370EE193}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\puzzle agent\grickle101.exe | 
"{B7CAB3BE-DB22-4CF8-9CC5-286351C9ECD9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe | 
"{B7CF09E6-F5BB-4852-9ED8-8F216662B1BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forge\binaries\win32\forgegame.exe | 
"{B89E384D-20FF-498D-8072-6B1FEC27F0D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{B8C13744-BA53-4574-9677-0F88378BBED3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyward collapse\collapse.exe | 
"{B94D6DFD-901C-45E5-8F97-5F7F37F65D8D}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{BA4B97D9-907E-4876-AB60-9E102D7C5D70}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BBC843D1-9026-4099-84C8-340E6F2741A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{BBD5B280-5EB8-4993-BFE4-3DA1C1A591C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe | 
"{BD08F0A6-3C0E-40B9-80E9-BEAD8DFA97D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{BD696CC7-7A29-4D3C-BB8C-66293F51E8B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\happy song prototype\afmana.exe | 
"{BDD59015-97E6-4594-B1F0-FDED01AE01B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 3 tiberium wars\support\ea help\electronic_arts_technical_support.htm | 
"{BE323428-34D5-44FC-BFF6-74E11620E763}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\indie game the movie\igtm.exe | 
"{BE58F9CE-4691-4D9B-A4D7-C87C85E68B5B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{BF425EC4-C079-4398-9BBB-2CCC143947C5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{BFFF470B-79E9-4F8E-A703-2E275814639B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe | 
"{C245DEF4-062A-4510-BBB6-4C57A2CD7E9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ironbrigade\ironbrigade.exe | 
"{C2588C0C-7241-4A7C-BED2-A9E89B20CC34}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild ii - pirates of the european seas\guildii.exe | 
"{C2E1FCE6-D318-4BBC-9888-A86FB639E62F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{C33EC73F-4D34-4EB7-87A2-6752D632523E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{C35A1247-D815-4AB7-B34B-FD4061153804}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{C37B5A88-1B92-4EB8-9764-BA357B2EA812}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C5A5BF70-C0E8-46D0-8C59-C70F5F163455}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm\binaries\win32\shippingpc-stormgame.exe | 
"{C5F4991E-390F-4339-84DA-8F8701505DCA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40kwa.exe | 
"{C6120884-04DA-4EB4-9C11-46361D777D8E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defensegridtheawakening\defensegrid.exe | 
"{C7B42FEB-4AA9-424C-A691-DACB96003227}" = dir=out | app=%programfiles% (x86)\logmein hamachi\hamachi-2-ui.exe | 
"{C826A813-6E3E-4E6E-B9B8-68B681A22818}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\warframe.exe | 
"{C8C22C54-4F86-440C-B373-95E4A163EFBD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe | 
"{C92AAC6C-252F-4307-9228-DB7718DD485D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe | 
"{CA55351B-9006-4784-AC00-EFE680085498}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{CA58E30C-BE30-4D74-AE8E-A918BEC777A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | 
"{CBB15390-1359-4CF5-9724-6469FEAF72FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\seriousmodeler.exe | 
"{CC2B84BC-0EBF-4C81-A45D-56D5553A06EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\proteus\proteus.exe | 
"{CD10C9DC-6F56-4FD9-8FBB-94BFDBBF1F54}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{CE4F29DA-E494-4D9B-9BBA-8539945A7DAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brazen\brazen.exe | 
"{CED76154-4F21-4C53-99D4-8B07E6E296D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{CEECC7B5-EB86-4CAA-BCE8-8C69BE4EFCAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe | 
"{D01E151D-D924-4E3E-9E4C-61C88A4E62C8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D074F780-C3F9-434E-9718-519806BF1356}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D0CAE27E-08D5-448D-90D3-41CBDB2C647F}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"{D1BB4F87-0342-4BFA-8B5F-E53D0C5E6DC0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe | 
"{D262DAF5-A2E3-44D3-B84A-CD15DF72F435}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forge\binaries\win32\forgegame.exe | 
"{D32E0758-728A-400C-A04F-B58ED56AAB26}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\costume quest prototype\afcq.exe | 
"{D3649FAA-339D-404D-92DD-CA4F6BF3BDD8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\binary domain\binarydomain.exe | 
"{D69DB0AC-D9BA-47A5-BD66-A7F70224BD42}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{D71D984B-1DEA-4C4E-8369-A8F810248409}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe | 
"{D94CC9A8-CA15-42AB-A128-8C7117597448}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{D95A4E63-BCC6-4B25-8D86-55019C2CFB4A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\painkiller black edition\bin\painkiller.exe | 
"{D99110AB-558E-49BE-A176-1FCAD92C1249}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild ii\guildii.exe | 
"{DAC92B19-389F-45E5-B6B0-D2758CBAA79C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe | 
"{DC394BDF-168F-4900-9CA4-CD240EA5948B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{DC4BBD9E-6736-455E-BC6D-75293824FDEB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyward collapse\collapse.exe | 
"{DCE4DA81-35CD-46AA-8AE9-5AD07FE7361C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{DEFC914C-CF2B-4E4E-9E98-922D3F5C2E3D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hack n slash prototype\afhack.exe | 
"{DF7BC18B-E178-45A8-A823-E741C6EEA787}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{DF9B7E5B-F3A6-486F-BAA1-3082EF22244A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"{E143C391-D93A-4DF0-9F5D-E4BCE24E712D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{E2144B6A-CFA7-4CCB-8336-6010BB2B45AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{E279FE00-09DD-46C0-9AF2-544791C2FFF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\seriousmodeler.exe | 
"{E2842E4F-78F8-469A-954A-5E4B8894865B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{E2B43F82-78A6-4EA8-9A92-0AA54BEC2A60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | 
"{E2E5F616-52E7-4C00-97DB-774B6F41E061}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{E37C28A3-2033-4B91-BC74-D188936255D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe | 
"{E3EDB649-F0F3-43B2-A13B-A040D03E93B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\offspring fling!\offspring fling.exe | 
"{E40A1B58-DEC2-4AA1-81CA-478B9F8583D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{E500C779-9DEC-4BD5-8359-CF52913AB7B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\english country tune\english country tune.exe | 
"{E54A8823-2F3C-4509-8E5B-FB23B95BCC91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E5E06B04-5893-4318-8DB2-B3A7BCB2E74E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star conflict\game.exe | 
"{E7DB95BE-C0F1-4162-9406-18BA39E4473F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the white birch prototype\birch.exe | 
"{E857032D-8A39-4816-A123-3418CCFDE580}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war soulstorm\soulstorm.exe | 
"{EA515CF8-88B2-479A-B3A4-C95DDCBFDD47}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | 
"{EB102998-5D2A-43B7-BE5D-03A80B8B4A30}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EB827C0B-0A06-48FE-AB2E-4D9560046D5A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB83CA94-9AA4-4382-8D1B-78D49C899223}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{ED7928EE-3B88-4B11-9EEC-0B5EB21D4921}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{ED84EBCB-B899-470E-9D1D-46240B4DC12E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{ED9E4899-B077-4BCF-8146-3948BCFD5DE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EDC04448-0B36-45FE-8EA5-7DCC4122548B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{EE1E533A-E1BA-474C-812B-337324AB12DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\beathazard.exe | 
"{EE3977AE-535E-46E6-A562-21F9FEBBAF0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe | 
"{EE7A3A49-00BC-4D75-BDB3-2BBF9BB7A183}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{EEE0FA97-F95B-4FA9-BEB9-03CFFFF13D49}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{EFA1263C-626A-4002-94BF-12C4979EAB25}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys origin\yso_win.exe | 
"{EFD30540-8584-4512-86B9-A26CDD9F5852}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sins of a solar empire trinity\sins of a solar empire.exe | 
"{EFF44902-AA24-44FA-9206-6F360FEC287C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{EFF70B85-8E8F-4925-8ECA-CA9DC84EF5C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe | 
"{F1C4E929-DBE9-4B7F-A23A-99ACBE950570}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F2922FDE-1DD0-4088-ACA8-011C95C8E046}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{F3B50CA7-4910-4457-9044-8C073DE3C457}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{F4FF196A-3FA9-4671-BE03-3DE7AAF2A865}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{F5F09AA6-C63E-4703-AC81-4A6F181F3632}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\costume quest\cq.exe | 
"{F6CC05D8-038E-4F80-A023-0A551D7B70D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe | 
"{F93DBF9E-1103-4E75-ADA2-8F4311D76BD0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\endless space\endlessspace.exe | 
"{F9D04ABE-02E8-4E7E-80F4-9B60B0ECF064}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{FB83139B-1F46-4C61-A668-CF24F478644B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe | 
"{FC1CF87F-93E5-45C7-9337-E05D618B67F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{FD5DD5A2-B88B-4507-8F44-C1195ADB4E0B}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2.exe | 
"{FD7DC870-F1EA-4010-BFEC-B2C4753CC081}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max 301\sammax301.exe | 
"{FDC6F015-2CC3-4205-A060-AD835D5479AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam classic the first encounter\bin\serioussam.exe | 
"{FE278AB0-28AD-4F71-99B4-91355C0FD583}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold\stronghold.exe | 
"{FE32B23F-D653-4D10-83B1-3DC9D5148C65}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war soulstorm\soulstorm.exe | 
"{FE3C2576-E305-4F07-B62D-3D24DAEE833B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{FEE14294-C92C-4974-9E81-63FFEFF8E5C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown-demo\binaries\win32\xcomgame.exe | 
"{FF729F81-B5F1-466D-BACC-64EBC9E27630}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ys origin\config.exe | 
"{FF769E03-1D44-4027-A4B4-AC4AA669CABB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | 
"{FFB8EB20-854D-4EEF-A842-C08A2A0C449E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\beat hazard\runme.exe | 
"TCP Query User{027F6B88-2028-4B61-8DEB-81E9781FA084}C:\program files (x86)\steam\steamapps\sam_man_the_ninjew\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\sam_man_the_ninjew\team fortress 2\hl2.exe | 
"TCP Query User{23E42904-9565-41E7-A625-CF7184683D93}C:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"TCP Query User{2DC0E308-822C-460D-9C3A-E206D100E1C3}C:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe | 
"TCP Query User{4102ECCA-372B-4B02-8B47-1CBE6DAF1B4D}C:\program files (x86)\steam\steamapps\sam_man_the_ninjew\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\sam_man_the_ninjew\team fortress 2\hl2.exe | 
"TCP Query User{490F3D6B-8D9C-4561-82E1-BE4A09C4CEE9}C:\users\sam\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\sam\downloads\neverwinter_nw.1.20130416a.6.exe | 
"TCP Query User{4C31EA7A-45A5-48DB-B114-B281605D8A0A}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe | 
"TCP Query User{4D836E58-F15A-41CC-A519-744D26D3DB84}C:\program files (x86)\steam\steamapps\common\universe at war earth assault\uawea.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\universe at war earth assault\uawea.exe | 
"TCP Query User{50646CC5-7014-4485-B830-AE3E365B79EA}C:\users\sam\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\sam\appdata\local\temp\gw2.exe | 
"TCP Query User{51F66937-F53E-47E0-8F54-A5E9D5B7E49D}C:\program files\fantasy grounds ii v2.0.12\fantasy grounds ii\fantasygrounds.exe" = protocol=6 | dir=in | app=c:\program files\fantasy grounds ii v2.0.12\fantasy grounds ii\fantasygrounds.exe | 
"TCP Query User{56734D74-89E4-41F5-B033-66CCD91C7AFA}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe | 
"TCP Query User{59FC9793-83F3-4A75-AE60-FFF99B5D5E8A}C:\program files (x86)\steam\steamapps\common\prototype 2\prototype2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prototype 2\prototype2.exe | 
"TCP Query User{61EE92DF-4296-4849-ADB5-3EA943776A06}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{6283DDBB-7F37-4812-B665-9DBF367F1F9B}C:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | 
"TCP Query User{6C29476C-3D29-417E-B747-246BF1198DE9}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{708ACFCE-AF05-4897-9A21-9005E4A76D9C}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{9B899F56-A8D2-4CFF-A188-869EA795C517}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"TCP Query User{9C426E66-AF28-4D51-96D8-1E151D90409F}C:\users\sam\downloads\neverwinter_nw.1.20130416a.6 (1).exe" = protocol=6 | dir=in | app=c:\users\sam\downloads\neverwinter_nw.1.20130416a.6 (1).exe | 
"TCP Query User{A03B31FF-15BF-4255-9A87-2D508E21883B}C:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe | 
"TCP Query User{AE959756-FE08-403B-BAFF-DE5AC299767A}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"TCP Query User{D187A4BE-6878-4B16-A68F-F616528D3B3A}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{D9F14A05-9A42-42E0-A94B-84E924312E20}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"TCP Query User{E438174B-984D-4453-A4B1-80BF76E34F41}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{E4D2A731-D452-4FE0-9185-0D54C95E9A5C}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | 
"TCP Query User{E61B37F3-3682-477D-885E-2A7BA7784A78}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{E7C3DFC9-FA31-4495-96E8-D6AA09974799}C:\program files (x86)\supermnc\binaries\win32\supermncgameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\supermnc\binaries\win32\supermncgameclient.exe | 
"TCP Query User{EE41719B-29BA-4813-86B0-49A1E34CFFC1}C:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe | 
"TCP Query User{F2588FF5-A18D-4D2D-B678-C14152046395}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{FACCA86F-BFD5-4C80-A059-4F3959F21EA5}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"TCP Query User{FD4F4757-06B7-4A35-A430-27646E4E1CB8}C:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe | 
"UDP Query User{178E0E2F-18A9-4837-A190-6EC4E0A88156}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe | 
"UDP Query User{1F8D2904-5BBD-433D-9A0B-91C234FEFDB9}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{23EDA0F5-40E7-4799-B2A4-97906DC9C2EB}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"UDP Query User{3FE4C078-96B6-49C1-A461-309651C17898}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{4B0DD0DF-2CB0-446F-ACE8-BF0D8C186711}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{4FE202C7-1869-4F77-B219-E3B37435FF74}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe | 
"UDP Query User{526CFAA4-DB34-457C-9B79-01A7E6CC769A}C:\program files (x86)\supermnc\binaries\win32\supermncgameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\supermnc\binaries\win32\supermncgameclient.exe | 
"UDP Query User{54077603-63C2-42D6-B1E7-CAFC571840C5}C:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe | 
"UDP Query User{5F6548B7-BA48-4590-97A5-ADC0E5C15A9F}C:\program files (x86)\steam\steamapps\sam_man_the_ninjew\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\sam_man_the_ninjew\team fortress 2\hl2.exe | 
"UDP Query User{6031B640-0B1F-4A43-B2FF-FF0B67BEAA4D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{6F12FA12-C49B-47A7-B04D-CCF9661B2218}C:\users\sam\downloads\neverwinter_nw.1.20130416a.6 (1).exe" = protocol=17 | dir=in | app=c:\users\sam\downloads\neverwinter_nw.1.20130416a.6 (1).exe | 
"UDP Query User{7702C5E3-C524-48F0-9061-B07D715A2D0C}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"UDP Query User{799E7465-7FCD-40B2-A64B-2B99D59450AF}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"UDP Query User{8350097D-B9DC-48A9-AE94-B5EA775A2988}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{96FCC79C-CBEF-4400-98D2-CADC5826E177}C:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe | 
"UDP Query User{9FAAF47F-5529-48BF-9EFF-10459D0770CB}C:\users\sam\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\sam\appdata\local\temp\gw2.exe | 
"UDP Query User{A1F102F4-0577-459D-8A89-D23A17CE646B}C:\program files (x86)\steam\steamapps\common\universe at war earth assault\uawea.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\universe at war earth assault\uawea.exe | 
"UDP Query User{AD11D83E-2FB0-40F0-9371-1786FA2452F3}C:\program files (x86)\steam\steamapps\common\prototype 2\prototype2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prototype 2\prototype2.exe | 
"UDP Query User{B3E96382-E236-45DE-8A3B-FF6BF163F603}C:\program files\fantasy grounds ii v2.0.12\fantasy grounds ii\fantasygrounds.exe" = protocol=17 | dir=in | app=c:\program files\fantasy grounds ii v2.0.12\fantasy grounds ii\fantasygrounds.exe | 
"UDP Query User{B6F49BBD-72ED-4262-8720-4908076459A5}C:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | 
"UDP Query User{BF24E775-85AD-42D2-B1CD-764D71805494}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{C5A56DF5-A8FC-47AB-909B-9F726EAF5D67}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | 
"UDP Query User{C7C37B73-F747-41EB-B3D3-8E1DC0AC73F3}C:\program files (x86)\steam\steamapps\sam_man_the_ninjew\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\sam_man_the_ninjew\team fortress 2\hl2.exe | 
"UDP Query User{CD163685-7183-4BA0-A0AF-2D96CAA220DB}C:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe | 
"UDP Query User{DA0DCB0A-CE86-45C2-A594-CD541EA7C8F5}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"UDP Query User{DF7F4EFE-074D-4B51-B51E-D9CA848658FB}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{ED6FB614-C542-4404-83AA-1A41244D256F}C:\users\sam\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\sam\downloads\neverwinter_nw.1.20130416a.6.exe | 
"UDP Query User{FB7383C3-5D3F-4775-A6BB-B1F6CDD92929}C:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"UDP Query User{FE06B184-C37E-4E6C-A8C5-B2DD769254EA}C:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction guerrilla\rfg.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}" = Easy Support Center
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.32
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.32
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi Software
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{F9EB0DDE-931C-4E89-96B2-DE8286EDFA6C}" = ExpressCache
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.3
"Elantech" = ETDWare PS/2-X64 10.7.16.1_WHQL
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON WorkForce 545 Series" = EPSON WorkForce 545 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"ProInst" = Intel PROSet Wireless
"Puran Defrag_is1" = Puran Defrag 7.6
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{119B7882-19D7-4BE7-A417-29BB479D3ABE}" = Multimedia POP
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{122800FE-3AAF-4974-9FBD-54B023FA756A}" = „Windows Live Messenger“
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{12F81925-F3C1-40DB-91F7-777817974319}" = Easy File Share
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX7400 Series Scanner Driver Update
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A5667B2-5D13-46C2-85B5-9D46A6096F61}" = Secure Download Manager
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83D2FFB0-E378-49FE-8A53-580CA7B5761F}" = Windows Live Messenger
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{91B9368F-6C6F-3DB5-9CBA-6CAD56035B26}" = Google Talk Plugin
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel® WiDi
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0AFB64E-79E1-45BF-BA6C-18C21E007D8E}" = Age of Wushu
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CAAF899F-D15F-480F-AF10-22B1431A5E9F}" = AX88772
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47C66BE-0EB5-4587-93FE-D1E176C4B25C}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDE7A262-DB20-4432-A630-2ACEE186C416}" = Easy Migration
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA20D803-14E5-4B00-8F03-B519D46F9D4A}" = Windows Live Messenger
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Kindle" = Amazon Kindle
"BitTorrent" = BitTorrent
"Civilization V" = Sid Meier's Civilization V
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Game Console - WildGames" = WildTangent ORB Game Console
"GameSpy Arcade" = GameSpy Arcade
"Guild Wars 2" = Guild Wars 2
"http://pso2.jp/appid/charactercreator_is1" = PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Neverwinter" = Neverwinter
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.95
"Rockstar Games Social Club" = Rockstar Games Social Club
"Silent Package Run-Time Sample" = EPSON CX7400 User's Guide
"Steam App 102600" = Orcs Must Die!
"Steam App 10430" = Universe at War: Earth Assault
"Steam App 104700" = Super Monday Night Combat
"Steam App 105400" = Fable III
"Steam App 105450" = Age of Empires® III: Complete Collection
"Steam App 105600" = Terraria
"Steam App 107100" = Bastion
"Steam App 113200" = The Binding of Isaac
"Steam App 11450" = Overlord
"Steam App 115110" = Stacking
"Steam App 115120" = Iron Brigade
"Steam App 115320" = PROTOTYPE 2
"Steam App 12900" = Audiosurf
"Steam App 17460" = Mass Effect
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 200900" = Cave Story+
"Steam App 201290" = Sins of a Solar Empire: Trinity
"Steam App 201790" = Orcs Must Die! 2
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 203750" = Binary Domain
"Steam App 20500" = Red Faction: Guerrilla 
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 207080" = Indie Game: The Movie
"Steam App 207350" = Ys Origin
"Steam App 208140" = Endless Space
"Steam App 211360" = Offspring Fling!
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 212070" = Star Conflict
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 214830" = Half Minute Hero: Super Mega Neo Climax Ultimate Boy
"Steam App 218" = Source SDK Base 2007
"Steam App 219150" = Hotline Miami
"Steam App 223390" = Forge
"Steam App 22380" = Fallout: New Vegas
"Steam App 225260" = Brütal Legend
"Steam App 225940" = Happy Song Prototype
"Steam App 225960" = Costume Quest Prototype
"Steam App 228020" = Spacebase DF-9 Prototype
"Steam App 228040" = The White Birch Prototype
"Steam App 228060" = Black Lake Prototype
"Steam App 228080" = Hack n Slash Prototype
"Steam App 228100" = Autonomous Prototype
"Steam App 228200" = Company of Heroes (New Steam Version)
"Steam App 230410" = Warframe
"Steam App 24240" = PAYDAY: The Heist
"Steam App 24790" = Command and Conquer 3: Tiberium Wars
"Steam App 24980" = Mass Effect 2
"Steam App 33460" = From Dust
"Steam App 3830" = Psychonauts
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 39530" = Painkiller: Black Edition
"Steam App 40950" = Stronghold
"Steam App 41000" = Serious Sam HD: The First Encounter
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42910" = Magicka
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 4540" = Titan Quest
"Steam App 4560" = Company of Heroes
"Steam App 4570" = Warhammer 40,000: Dawn of War - Game of the Year Edition
"Steam App 4580" = Warhammer 40,000: Dawn of War – Dark Crusade
"Steam App 49600" = Beat Hazard
"Steam App 50300" = Spec Ops: The Line
"Steam App 50620" = Darksiders
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 55230" = Saints Row: The Third
"Steam App 56400" = Warhammer® 40,000™: Dawn of War® II – Retribution™
"Steam App 57690" = Tropico 4
"Steam App 620" = Portal 2
"Steam App 63700" = BIT.TRIP BEAT
"Steam App 65800" = Dungeon Defenders
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 70400" = Recettear: An Item Shop's Tale
"Steam App 7670" = BioShock
"Steam App 8190" = Just Cause 2
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 9340" = Company of Heroes: Opposing Fronts
"Steam App 9450" = Warhammer 40,000: Dawn of War – Soulstorm
"Steam App 99810" = Bulletstorm
"Warcraft III" = Warcraft III
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live 程式集
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WRUNINST" = Webroot SecureAnywhere
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3575110223-3707097088-2884409191-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/13/2013 4:49:03 PM | Computer Name = Sam-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/14/2013 5:51:26 AM | Computer Name = Sam-PC | Source = Application Error | ID = 1000
Description = Faulting application name: GameOverlayUI.exe, version: 1.32.20.50,
 time stamp: 0x4f46a9bf  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x0e1783d4  Faulting process id:
 0x2dec  Faulting application start time: 0x01ce5075d947e934  Faulting application path:
 C:\Program Files (x86)\Steam\GameOverlayUI.exe  Faulting module path: unknown  Report
 Id: d74a9179-bc7b-11e2-a93f-f00e8faefe00
 
Error - 5/14/2013 6:53:44 PM | Computer Name = Sam-PC | Source = Application Hang | ID = 1002
Description = The program dmhkcore.exe version 3.2.8.38 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1370    Start
 Time: 01ce501b52d229fb    Termination Time: 34    Application Path: C:\Program Files (x86)\Samsung\Easy
 Settings\dmhkcore.exe    Report Id: 1adc6d91-bce9-11e2-a93f-f00e8faefe00  
 
Error - 5/15/2013 3:51:04 AM | Computer Name = Sam-PC | Source = Application Error | ID = 1000
Description = Faulting application name: GameOverlayUI.exe, version: 1.32.20.50,
 time stamp: 0x4f46a9bf  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x0d794f14  Faulting process id:
 0x16cc  Faulting application start time: 0x01ce51172618771e  Faulting application path:
 C:\Program Files (x86)\Steam\GameOverlayUI.exe  Faulting module path: unknown  Report
 Id: 30f37671-bd34-11e2-a93f-f00e8faefe00
 
Error - 5/15/2013 4:36:12 AM | Computer Name = Sam-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/15/2013 11:07:54 PM | Computer Name = Sam-PC | Source = Application Hang | ID = 1002
Description = The program MassEffect2.exe version 1.2.1604.0 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 2cf0    Start
 Time: 01ce51e26292e2de    Termination Time: 12    Application Path: C:\Program Files (x86)\Steam\steamapps\common\Mass
 Effect 2\Binaries\MassEffect2.exe    Report Id: c739ef74-bdd5-11e2-bcf7-d6e018fd110d
 
 
Error - 5/16/2013 5:05:04 AM | Computer Name = Sam-PC | Source = Application Error | ID = 1000
Description = Faulting application name: GameOverlayUI.exe, version: 1.32.20.50,
 time stamp: 0x4f46a9bf  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x0aa02a6c  Faulting process id:
 0x2a34  Faulting application start time: 0x01ce5207f93d59d6  Faulting application path:
 C:\Program Files (x86)\Steam\GameOverlayUI.exe  Faulting module path: unknown  Report
 Id: b245865f-be07-11e2-bcf7-d6e018fd110d
 
Error - 5/17/2013 2:14:44 AM | Computer Name = Sam-PC | Source = Application Hang | ID = 1002
Description = The program MassEffect2.exe version 1.2.1604.0 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: aec    Start
 Time: 01ce52c5ae208187    Termination Time: 17    Application Path: C:\Program Files (x86)\Steam\steamapps\common\Mass
 Effect 2\Binaries\MassEffect2.exe    Report Id: 0d382245-beb9-11e2-bcf7-d6e018fd110d
 
 
Error - 5/18/2013 6:21:03 PM | Computer Name = Sam-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Borderlands2.exe, version: 1.0.60.324, 
time stamp: 0x51428def  Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015,
 time stamp: 0x50b83c8a  Exception code: 0x00000001  Fault offset: 0x0000c41f  Faulting
 process id: 0x1d34  Faulting application start time: 0x01ce5414fe1933bd  Faulting application
 path: C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
Faulting
 module path: C:\windows\syswow64\KERNELBASE.dll  Report Id: 3962a19e-c009-11e2-bcf7-d6e018fd110d
 
Error - 5/18/2013 6:21:11 PM | Computer Name = Sam-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Borderlands2.exe, version: 1.0.60.324, 
time stamp: 0x51428def  Faulting module name: Borderlands2.exe, version: 1.0.60.324,
 time stamp: 0x51428def  Exception code: 0xc0000005  Fault offset: 0x00781787  Faulting
 process id: 0x1d34  Faulting application start time: 0x01ce5414fe1933bd  Faulting application
 path: C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
Faulting
 module path: C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
Report
 Id: 3e0b7aa5-c009-11e2-bcf7-d6e018fd110d
 
Error - 5/19/2013 6:41:38 PM | Computer Name = Sam-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 7/15/2013 10:32:46 PM | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Error Reporting Service service to connect.
 
Error - 7/15/2013 10:33:02 PM | Computer Name = Sam-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 7/15/2013 10:35:02 PM | Computer Name = Sam-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 7/15/2013 10:37:03 PM | Computer Name = Sam-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 7/15/2013 10:39:03 PM | Computer Name = Sam-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 7/15/2013 10:41:04 PM | Computer Name = Sam-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 7/15/2013 10:45:52 PM | Computer Name = Sam-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:43:05 PM on ?7/?15/?2013 was unexpected.
 
Error - 7/15/2013 10:45:57 PM | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7000
Description = The BrowserProtect Anti-Hijack Service service failed to start due
 to the following error:   %%2
 
Error - 7/15/2013 10:49:50 PM | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
 Client Service service to connect.
 
Error - 7/15/2013 10:49:50 PM | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
 error:   %%1053
 
 
< End of report >


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 15 July 2013 - 10:21 PM

No malware in these logs either. Please give me the make and model number of your computer.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Sam man

Sam man
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 16 July 2013 - 08:35 PM

System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Model: 700Z3C/700Z5C
 

 

I've been using my computer today and have not had any problems, although it is slightly sluggish at times still. Sorry for the late reply, I've been waiting to see if it would start freezing up again and so far it's been doing fine.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users