Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

avast URL:Mal on google chrome. need help


  • This topic is locked This topic is locked
22 replies to this topic

#1 Xyreal

Xyreal

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 14 June 2014 - 04:52 PM

i've been getting a lot of pop-up lately regarding this URL:Mal using google chrome. so if anyone, please help me. :(

 

my latest popup 

http://www.avast.com/en-us/lp-fr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_fav_90_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-us%2Fvirus-alert-default&p_vir=VVJMOk1hbA&p_prc=C:\Program%20Files%20(x86)\Google\Chrome\Application\chrome.exe&p_obj=aHR0cDovLzM4LjcxLjIuMzEvY3Jvc3Nkb21haW4ueG1s&p_var=.%2Ffa%2Fen-us%2Fvirus-alert-default&p_elm=7&p_lex=202&p_lid=en-us&p_lng=en&p_lqa=0&p_lqe=0&p_lst=0&p_lsu=24&p_pro=0&p_bld=empty&p_vep=9&p_ves=0&p_vbd=2018&p_hid=fec5e2eb-1400-48bb-bb1a-20d64cd82ff4&p_ram=8142&p_cpu=-1.0

 

 

i was reading some other post and i saw a reply saying "Do not run any tools without being instructed" soo ill wait for an instruction.

 

thanks in advance!



BC AdBot (Login to Remove)

 


m

#2 Xyreal

Xyreal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 15 June 2014 - 06:23 AM

anyone :/



#3 Xyreal

Xyreal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 16 June 2014 - 06:33 AM

bump



#4 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,555 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:16 AM

Posted 18 June 2014 - 03:36 PM

Hi Xyreal, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 
  • Step #1 Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
      Download link for 64 bit system
    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.
 
  • Required Log(s):
    • FRST Log(s) --
      • FRST.txt
      • Addition.txt
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#5 Xyreal

Xyreal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 18 June 2014 - 11:52 PM

thanks for the reply Valinorum!

 

here are the results

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by Xyreal (administrator) on XYREAL-PC on 18-06-2014 21:49:30
Running from C:\Users\Xyreal\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Akamai Technologies, Inc.) C:\Users\Xyreal\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Akamai Technologies, Inc.) C:\Users\Xyreal\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update 5\LU5.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Skype Technologies S.A.) E:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [LogMeIn GUI] => "E:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Live Update 5] => C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe [315392 2012-01-30] ()
HKLM-x32\...\Run: [ControlCenterCount] => C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe [872448 2012-03-26] (MSI CO.,LTD.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-12] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-791203291-3410698055-1772621353-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Xyreal\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-791203291-3410698055-1772621353-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4288048 2013-04-01] ()
HKU\S-1-5-21-791203291-3410698055-1772621353-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-791203291-3410698055-1772621353-1000\...\Run: [DellSystemDetect] => C:\Users\Xyreal\AppData\Local\Apps\2.0\DZWY7OR0.NOD\8GEK43X9.3T9\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe [262720 2014-06-14] (Dell)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk
ShortcutTarget: Dell Display Manager.lnk -> E:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Xyreal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Xyreal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
Startup: C:\Users\Xyreal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SAO Utils.lnk
ShortcutTarget: SAO Utils.lnk -> C:\Users\Xyreal\Downloads\SAO Utils\SAO Utils.exe (Studio GPBeta)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2E01CEE4153FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{2A1F5BEF-405D-4AFD-9BA0-E699FB2E8061}: [NameServer]208.67.222.222
 
FireFox:
========
FF ProfilePath: C:\Users\Xyreal\AppData\Roaming\Mozilla\Firefox\Profiles\809ljmzi.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Xyreal\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-29]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-05-30]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-05-30]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Xyreal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-17]
CHR Extension: (YouTube) - C:\Users\Xyreal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-07]
CHR Extension: (Google Search) - C:\Users\Xyreal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-07]
CHR Extension: (avast! Online Security) - C:\Users\Xyreal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-30]
CHR Extension: (User-Agent Switcher) - C:\Users\Xyreal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf [2014-03-12]
CHR Extension: (Google Wallet) - C:\Users\Xyreal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Xyreal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-12]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-12] (AVAST Software)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-15] (Intel Corporation)
R2 MBAMScheduler; E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5102040 2013-03-18] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-04] ()
S2 SkypeUpdate; E:\Program Files (x86)\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-12] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [159160 2013-12-16] (TENCENT) [File not signed]
S3 ALSysIO; \??\C:\Users\Xyreal\AppData\Local\Temp\ALSysIO64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 LMIInfo; \??\E:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\C:\MSI\MSI SUITE\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_D; \??\C:\MSI\MSI SUITE\ControlCenter\NTIOLib_X64.sys [X]
S3 NTIOLib_1_1_S; \??\C:\MSI\MSI SUITE\Super-Charger\NTIOLib_X64.sys [X]
S3 NTIOLib_FastBoot; \??\C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [X]
S3 NTIOLib_SuiteFB; \??\C:\MSI\MSI SUITE\FastBoot\NTIOLib_X64.sys [X]
S3 slb; \??\E:\AeriaGames\ScarletBlade\avital\scarlb64.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
R3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asahci64.sys EB6DC008A1F36DFD7999EB57E97EAACE
C:\Windows\system32\drivers\aswHwid.sys 340B0467E98A8C92697D73034DB4BCB7
C:\Windows\system32\drivers\aswMonFlt.sys ED5B09937D559FFA53FC988D20031E98
C:\Windows\system32\drivers\aswRdr2.sys 33C77DCB0AEC76E26BD6352A1A5281BB
C:\Windows\System32\Drivers\aswRvrt.sys BF5B9E9E97CED45208E498D9FA73688F
C:\Windows\system32\drivers\aswSnx.sys F88CE00A7736C349ED1414D7ECDC9BED
C:\Windows\system32\drivers\aswSP.sys 3AE912B08E2A1ABB2B63F3C56BED95C2
C:\Windows\system32\drivers\aswStm.sys A7115ED31675BB823CFA9FE571C25676
C:\Windows\System32\Drivers\aswVmm.sys 47CBD3F64E412FFAFD93404580A3C7B9
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\System32\DRIVERS\e1c62x64.sys 3C1C5ABA3CF134C5378E7F1A0704C17C
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidkmdf.sys 46BBE8EA221461A65F18A078528F4B2C
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys CCEDD47ABD068C58C8513DEB785093BB
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\ISCTD64.sys 4EE2423C38F43D37F8497A672FD10BDC
C:\Windows\System32\DRIVERS\iusb3hcs.sys D596D915CF091DA1F8CE4BD38BB5D509
C:\Windows\System32\DRIVERS\iusb3hub.sys 023896E23B61543A15A230EED996D911
C:\Windows\System32\DRIVERS\iusb3xhc.sys 7FAEC13F1ADD619F4B5B2D2CBF841E8E
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lmimirr.sys 413ECDCFAD9A82804D3674C8D7EEC24E
C:\Windows\system32\drivers\LMIRfsDriver.sys C57D3FAA50E6F395759FFB7C709BD944
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys F92B0E478C0FAA6D6661E6E977247E60
C:\Windows\system32\drivers\MBAMSwissArmy.sys 8A50D5304E6AE48664CF5838EC32F647
C:\Windows\system32\drivers\mwac.sys 15E8ABC06843672955CE26A009533BAD
C:\Windows\System32\drivers\MBfilt64.sys 8FF2D95CBA49B405C5DE27039FF0BF35
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys D71FD7A4FDB01C554AE144037B688DF1
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys 1B32C54B95121AB1683C7B83B2DB4B96
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys E366A5681C50785D4ED04FCFD65C3415
C:\Windows\System32\DRIVERS\nvlddmkm.sys 0AC797F70F2F3E5B69A34FF2F63496F3
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 3ABCD8F8853FEB12B961E9A48FC12133
C:\Windows\System32\drivers\nvvad64v.sys 75034A4D7C02327D150B617571D4196A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\system32\TesSafe.sys 3151D9E8B0CB8FFDFF63E2266F907A66
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wachidrouter.sys FDA15A0510F84FA46452B74529147A15
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wacomrouterfilter.sys EABFDBDC9BEDD325F260A3A9FEE5B3F9
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-18 21:49 - 2014-06-18 21:49 - 00040169 _____ () C:\Users\Xyreal\Downloads\FRST.txt
2014-06-18 21:49 - 2014-06-18 21:49 - 00000000 ____D () C:\FRST
2014-06-18 21:48 - 2014-06-18 21:48 - 02082304 _____ (Farbar) C:\Users\Xyreal\Downloads\FRST64.exe
2014-06-17 21:32 - 2014-06-17 21:32 - 40511661 _____ (Solo Software ) C:\Users\Xyreal\Downloads\Solo's ModPack for v0.9.1 Update 4.exe
2014-06-17 02:57 - 2014-06-17 02:57 - 00000000 ____D () C:\Users\Xyreal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOID Elsword
2014-06-17 02:44 - 2014-06-17 02:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOID Elsword
2014-06-17 02:42 - 2005-05-10 09:54 - 00258352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2014-06-17 02:41 - 2014-06-17 02:41 - 00000000 ____D () C:\Users\Xyreal\Downloads\Install-VoidElsword
2014-06-17 02:03 - 2014-06-17 02:41 - 2712763663 _____ () C:\Users\Xyreal\Downloads\Install-VoidElsword.zip
2014-06-14 19:27 - 2014-06-14 19:33 - 16588854 _____ () C:\Users\Xyreal\Downloads\test.bmp
2014-06-14 12:39 - 2014-06-14 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Display Manager
2014-06-14 12:31 - 2014-06-14 12:31 - 00000000 ____D () C:\Users\Xyreal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-06-14 12:31 - 2014-06-14 12:31 - 00000000 ____D () C:\Users\Xyreal\AppData\Local\Deployment
2014-06-14 12:31 - 2014-06-14 12:31 - 00000000 ____D () C:\Users\Xyreal\AppData\Local\Apps\2.0
2014-06-14 12:30 - 2014-06-14 12:31 - 00417824 _____ () C:\Users\Xyreal\Downloads\DellSystemDetect.exe
2014-06-14 11:58 - 2014-06-14 12:01 - 00000000 ____D () C:\Users\Xyreal\AppData\Local\GNE
2014-06-14 11:58 - 2014-06-14 11:58 - 00000000 ____D () C:\Users\Xyreal\Downloads\DualMonitorTools-1.9
2014-06-14 11:57 - 2014-06-14 11:57 - 00223474 _____ () C:\Users\Xyreal\Downloads\DualMonitorTools-1.9.zip
2014-06-13 21:48 - 2014-06-13 21:48 - 00000000 ____D () C:\Users\Xyreal\Downloads\Books
2014-06-13 21:45 - 2014-06-13 21:45 - 00000000 ____D () C:\Users\Xyreal\Downloads\NV_RGBFullRangeToggle
2014-06-12 18:39 - 2014-06-12 18:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-12 18:39 - 2014-06-12 18:39 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-12 18:37 - 2014-06-18 16:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 18:37 - 2014-06-12 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-12 18:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-12 18:37 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-11 00:34 - 2014-06-08 02:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 00:34 - 2014-06-08 02:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 00:34 - 2014-05-30 03:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 00:34 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 00:34 - 2014-05-30 03:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 00:34 - 2014-05-30 02:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 00:34 - 2014-05-30 02:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 00:34 - 2014-05-30 02:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 00:34 - 2014-05-30 02:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 00:34 - 2014-05-30 02:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 00:34 - 2014-05-30 02:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 00:34 - 2014-05-30 02:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 00:34 - 2014-05-30 02:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 00:34 - 2014-05-30 02:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 00:34 - 2014-05-30 02:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 00:34 - 2014-05-30 02:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 00:34 - 2014-05-30 02:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 00:34 - 2014-05-30 02:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 00:34 - 2014-05-30 02:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 00:34 - 2014-05-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 00:34 - 2014-05-30 01:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 00:34 - 2014-05-30 01:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 00:34 - 2014-05-30 01:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 00:34 - 2014-05-30 01:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 00:34 - 2014-05-30 01:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 00:34 - 2014-05-30 01:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 00:34 - 2014-05-30 01:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 00:34 - 2014-05-30 01:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 00:34 - 2014-05-30 01:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 00:34 - 2014-05-30 01:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 00:34 - 2014-05-30 01:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 00:34 - 2014-05-30 01:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 00:34 - 2014-05-30 01:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 00:34 - 2014-05-30 01:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 00:34 - 2014-05-30 01:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 00:34 - 2014-05-30 01:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 00:34 - 2014-05-30 01:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 00:34 - 2014-05-30 01:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 00:34 - 2014-05-30 01:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 00:34 - 2014-05-30 01:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 00:34 - 2014-05-30 01:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 00:34 - 2014-05-30 01:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 00:34 - 2014-05-30 00:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 00:34 - 2014-05-30 00:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 00:34 - 2014-05-30 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 00:34 - 2014-05-30 00:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 00:34 - 2014-05-30 00:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 00:34 - 2014-05-30 00:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 00:34 - 2014-05-30 00:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 00:34 - 2014-05-30 00:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 00:34 - 2014-05-30 00:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 00:34 - 2014-05-30 00:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 00:34 - 2014-05-30 00:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 00:34 - 2014-05-30 00:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 00:34 - 2014-05-08 02:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 00:34 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 00:34 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 00:34 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 00:34 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 00:34 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 00:34 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 00:34 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 00:34 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 00:34 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 00:34 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 00:34 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 00:34 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 00:34 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-06 15:14 - 2014-05-19 16:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-06-06 15:12 - 2014-05-19 19:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-06-06 15:12 - 2014-05-19 19:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-06-06 15:12 - 2014-05-19 19:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-06-06 14:56 - 2014-05-29 16:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-06-06 14:56 - 2014-05-29 16:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-06-04 01:45 - 2014-06-04 01:45 - 00000000 ____D () C:\ProgramData\VS
2014-06-02 02:47 - 2014-06-02 02:47 - 00283256 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-06-01 01:44 - 2014-06-01 01:44 - 00285496 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-06-01 01:44 - 2014-06-01 01:44 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-06-01 01:43 - 2014-06-01 01:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-01 01:43 - 2014-06-01 01:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-01 01:43 - 2014-06-01 01:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-30 22:49 - 2014-05-30 22:49 - 00000000 ____D () C:\ProgramData\WEBREG
2014-05-30 22:48 - 2014-05-30 22:49 - 00000000 ____D () C:\Users\Xyreal\AppData\Roaming\HP
2014-05-30 22:48 - 2014-05-30 22:48 - 00000000 ____D () C:\Users\Xyreal\AppData\Local\HP
2014-05-30 22:37 - 2014-06-06 22:47 - 00000000 ____D () C:\Users\Xyreal\AppData\Roaming\HpUpdate
2014-05-30 22:37 - 2014-05-30 22:37 - 00001054 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2014-05-30 22:37 - 2014-05-30 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-05-30 22:37 - 2014-05-30 22:37 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-05-30 22:37 - 2014-05-30 22:37 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-05-30 22:37 - 2014-05-30 22:37 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-05-30 22:36 - 2014-05-30 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-05-30 22:36 - 2014-05-30 22:36 - 00001321 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2014-05-30 22:36 - 2014-05-30 22:36 - 00000000 ____D () C:\Windows\SysWOW64\spool
2014-05-30 22:36 - 2014-05-30 22:36 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-05-30 22:36 - 2010-03-10 15:35 - 00138752 _____ (Hewlett-Packard Company) C:\Windows\system32\hpf3l101.dll
2014-05-30 22:35 - 2014-05-30 22:37 - 00000000 ____D () C:\Program Files (x86)\HP
2014-05-30 22:34 - 2014-05-30 22:49 - 00212764 _____ () C:\Windows\hpoins52.dat
2014-05-30 22:34 - 2014-05-30 22:49 - 00001303 _____ () C:\ProgramData\hpzinstall.log
2014-05-30 22:34 - 2014-05-30 22:48 - 00000000 ____D () C:\ProgramData\HP
2014-05-30 22:34 - 2014-05-30 22:34 - 00000000 ____D () C:\Program Files\HP
2014-05-30 22:34 - 2010-03-31 20:33 - 00001333 ____N () C:\Windows\hpomdl52.dat
2014-05-30 22:34 - 2009-12-11 02:48 - 01412224 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpost_p04i.dll
2014-05-30 22:34 - 2009-12-11 02:48 - 01179776 _____ (Hewlett-Packard) C:\Windows\system32\hposwia_p04i.dll
2014-05-30 22:34 - 2009-12-11 02:48 - 00525440 _____ (Hewlett-Packard Co.) C:\Windows\system32\hposc_p04a.dll
2014-05-30 22:34 - 2009-10-22 07:55 - 00643200 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2014-05-26 23:04 - 2014-03-31 09:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-26 23:04 - 2014-03-31 09:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
 
==================== One Month Modified Files and Folders =======
 
2014-06-18 21:49 - 2014-06-18 21:49 - 00040169 _____ () C:\Users\Xyreal\Downloads\FRST.txt
2014-06-18 21:49 - 2014-06-18 21:49 - 00000000 ____D () C:\FRST
2014-06-18 21:49 - 2013-04-01 21:56 - 00000000 ____D () C:\Users\Xyreal\AppData\Local\PMB Files
2014-06-18 21:48 - 2014-06-18 21:48 - 02082304 _____ (Farbar) C:\Users\Xyreal\Downloads\FRST64.exe
2014-06-18 21:36 - 2013-03-15 12:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-18 21:35 - 2013-06-04 01:48 - 00000000 ____D () C:\Users\Xyreal\AppData\Roaming\Skype
2014-06-18 21:25 - 2013-02-07 17:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-18 18:49 - 2013-02-07 21:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-18 18:12 - 2014-03-14 18:38 - 00000000 ____D () C:\Users\Xyreal\AppData\Local\Battle.net
2014-06-18 16:36 - 2014-06-12 18:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 16:06 - 2009-07-13 21:45 - 00022896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-18 16:06 - 2009-07-13 21:45 - 00022896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-18 16:05 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-18 16:02 - 2013-02-07 13:53 - 02038958 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 15:59 - 2013-02-07 20:50 - 00103322 _____ () C:\Windows\setupact.log
2014-06-18 15:59 - 2013-02-07 17:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-18 15:59 - 2013-02-07 16:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-18 15:59 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 02:00 - 2013-05-21 13:24 - 00000000 ____D () C:\Users\Xyreal\AppData\Local\Adobe
2014-06-17 22:59 - 2013-02-07 17:23 - 00064072 _____ () C:\Users\Xyreal\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-17 22:41 - 2009-07-13 21:45 - 04910928 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-17 21:32 - 2014-06-17 21:32 - 40511661 _____ (Solo Software ) C:\Users\Xyreal\Downloads\Solo's ModPack for v0.9.1 Update 4.exe
2014-06-17 21:31 - 2013-04-01 21:56 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-17 02:57 - 2014-06-17 02:57 - 00000000 ____D () C:\Users\Xyreal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOID Elsword
2014-06-17 02:44 - 2014-06-17 02:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOID Elsword
2014-06-17 02:41 - 2014-06-17 02:41 - 00000000 ____D () C:\Users\Xyreal\Downloads\Install-VoidElsword
2014-06-17 02:41 - 2014-06-17 02:03 - 2712763663 _____ () C:\Users\Xyreal\Downloads\Install-VoidElsword.zip
2014-06-16 02:29 - 2013-12-02 03:34 - 00000000 ____D () C:\ProgramData\Sony
2014-06-16 02:29 - 2013-12-02 03:25 - 00000000 ____D () C:\Users\Xyreal\AppData\Local\Sony
2014-06-14 20:25 - 2014-01-04 03:19 - 00000000 ____D () C:\Users\Xyreal\Downloads\Drawing
2014-06-14 19:33 - 2014-06-14 19:27 - 16588854 _____ () C:\Users\Xyreal\Downloads\test.bmp
2014-06-14 12:40 - 2014-06-14 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Display Manager
2014-06-14 12:31 - 2014-06-14 12:31 - 00000000 ____D () C:\Users\Xyreal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-06-14 12:31 - 2014-06-14 12:31 - 00000000 ____D () C:\Users\Xyreal\AppData\Local\Deployment
2014-06-14 12:31 - 2014-06-14 12:31 - 00000000 ____D () C:\Users\Xyreal\AppData\Local\Apps\2.0
2014-06-14 12:31 - 2014-06-14 12:30 - 00417824 _____ () C:\Users\Xyreal\Downloads\DellSystemDetect.exe
2014-06-14 12:01 - 2014-06-14 11:58 - 00000000 ____D () C:\Users\Xyreal\AppData\Local\GNE
2014-06-14 11:58 - 2014-06-14 11:58 - 00000000 ____D () C:\Users\Xyreal\Downloads\DualMonitorTools-1.9
2014-06-14 11:57 - 2014-06-14 11:57 - 00223474 _____ () C:\Users\Xyreal\Downloads\DualMonitorTools-1.9.zip
2014-06-13 21:48 - 2014-06-13 21:48 - 00000000 ____D () C:\Users\Xyreal\Downloads\Books
2014-06-13 21:45 - 2014-06-13 21:45 - 00000000 ____D () C:\Users\Xyreal\Downloads\NV_RGBFullRangeToggle
2014-06-12 18:42 - 2013-02-07 17:23 - 00385420 _____ () C:\Windows\PFRO.log
2014-06-12 18:39 - 2014-06-12 18:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-12 18:39 - 2014-06-12 18:39 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-12 18:39 - 2014-02-23 02:03 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-12 18:39 - 2013-11-29 23:43 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-12 18:39 - 2013-11-29 23:43 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-12 18:39 - 2013-11-29 23:43 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-12 18:39 - 2013-11-29 23:43 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-12 18:39 - 2013-11-29 23:43 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-12 18:39 - 2013-11-29 23:43 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-12 18:39 - 2013-11-29 23:43 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-12 18:39 - 2013-11-29 23:43 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-12 18:39 - 2013-08-14 00:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 18:38 - 2013-02-08 02:34 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 18:37 - 2014-06-12 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-12 18:37 - 2014-03-19 22:41 - 00000000 ____D () C:\Users\Xyreal\AppData\Roaming\Malwarebytes
2014-06-12 18:37 - 2014-03-19 22:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-12 02:06 - 2014-05-08 01:08 - 00000000 ____D () C:\Users\Xyreal\AppData\Roaming\Tera_Awesomium
2014-06-11 18:36 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-06-11 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 02:13 - 2014-06-11 00:34 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 02:08 - 2014-06-11 00:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 22:47 - 2014-05-30 22:37 - 00000000 ____D () C:\Users\Xyreal\AppData\Roaming\HpUpdate
2014-06-06 15:14 - 2013-02-07 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-06-06 15:14 - 2013-02-07 16:12 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-06 14:58 - 2013-08-29 01:07 - 00000000 ____D () C:\Users\Xyreal\Documents\Visual Studio 2010
2014-06-06 14:56 - 2013-02-07 16:12 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-05 02:35 - 2013-08-29 01:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2014-06-05 02:35 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-04 23:45 - 2013-06-04 01:48 - 00000000 ____D () C:\ProgramData\Skype
2014-06-04 01:45 - 2014-06-04 01:45 - 00000000 ____D () C:\ProgramData\VS
2014-06-02 02:47 - 2014-06-02 02:47 - 00283256 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-06-01 11:31 - 2013-02-07 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2014-06-01 11:31 - 2013-02-07 16:00 - 00000000 ____D () C:\MSI
2014-06-01 01:44 - 2014-06-01 01:44 - 00285496 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-06-01 01:44 - 2014-06-01 01:44 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-06-01 01:43 - 2014-06-01 01:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-01 01:43 - 2014-06-01 01:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-01 01:43 - 2014-06-01 01:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-30 22:49 - 2014-05-30 22:49 - 00000000 ____D () C:\ProgramData\WEBREG
2014-05-30 22:49 - 2014-05-30 22:48 - 00000000 ____D () C:\Users\Xyreal\AppData\Roaming\HP
2014-05-30 22:49 - 2014-05-30 22:34 - 00212764 _____ () C:\Windows\hpoins52.dat
2014-05-30 22:49 - 2014-05-30 22:34 - 00001303 _____ () C:\ProgramData\hpzinstall.log
2014-05-30 22:48 - 2014-05-30 22:48 - 00000000 ____D () C:\Users\Xyreal\AppData\Local\HP
2014-05-30 22:48 - 2014-05-30 22:34 - 00000000 ____D () C:\ProgramData\HP
2014-05-30 22:48 - 2009-07-13 19:34 - 00000438 _____ () C:\Windows\win.ini
2014-05-30 22:37 - 2014-05-30 22:37 - 00001054 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2014-05-30 22:37 - 2014-05-30 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-05-30 22:37 - 2014-05-30 22:37 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-05-30 22:37 - 2014-05-30 22:37 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-05-30 22:37 - 2014-05-30 22:37 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-05-30 22:37 - 2014-05-30 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-05-30 22:37 - 2014-05-30 22:35 - 00000000 ____D () C:\Program Files (x86)\HP
2014-05-30 22:36 - 2014-05-30 22:36 - 00001321 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2014-05-30 22:36 - 2014-05-30 22:36 - 00000000 ____D () C:\Windows\SysWOW64\spool
2014-05-30 22:36 - 2014-05-30 22:36 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-05-30 22:34 - 2014-05-30 22:34 - 00000000 ____D () C:\Program Files\HP
2014-05-30 03:21 - 2014-06-11 00:34 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 03:02 - 2014-06-11 00:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 03:02 - 2014-06-11 00:34 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 02:45 - 2014-06-11 00:34 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 02:39 - 2014-06-11 00:34 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 02:39 - 2014-06-11 00:34 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 02:38 - 2014-06-11 00:34 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 02:28 - 2014-06-11 00:34 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 02:27 - 2014-06-11 00:34 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 02:24 - 2014-06-11 00:34 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 02:21 - 2014-06-11 00:34 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 02:21 - 2014-06-11 00:34 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 02:20 - 2014-06-11 00:34 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 02:18 - 2014-06-11 00:34 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 02:11 - 2014-06-11 00:34 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 02:08 - 2014-06-11 00:34 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 02:06 - 2014-06-11 00:34 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 02:02 - 2014-06-11 00:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 01:55 - 2014-06-11 00:34 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 01:49 - 2014-06-11 00:34 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 01:46 - 2014-06-11 00:34 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 01:44 - 2014-06-11 00:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 01:44 - 2014-06-11 00:34 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 01:43 - 2014-06-11 00:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 01:42 - 2014-06-11 00:34 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 01:38 - 2014-06-11 00:34 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 01:35 - 2014-06-11 00:34 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 01:34 - 2014-06-11 00:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 01:33 - 2014-06-11 00:34 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 01:30 - 2014-06-11 00:34 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 01:29 - 2014-06-11 00:34 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 01:28 - 2014-06-11 00:34 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 01:27 - 2014-06-11 00:34 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 01:24 - 2014-06-11 00:34 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 01:23 - 2014-06-11 00:34 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 01:16 - 2014-06-11 00:34 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 01:10 - 2014-06-11 00:34 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 01:06 - 2014-06-11 00:34 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 01:04 - 2014-06-11 00:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 01:02 - 2014-06-11 00:34 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 00:56 - 2014-06-11 00:34 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 00:56 - 2014-06-11 00:34 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 00:54 - 2014-06-11 00:34 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 00:50 - 2014-06-11 00:34 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 00:49 - 2014-06-11 00:34 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 00:43 - 2014-06-11 00:34 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 00:40 - 2014-06-11 00:34 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 00:30 - 2014-06-11 00:34 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 00:21 - 2014-06-11 00:34 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 00:15 - 2014-06-11 00:34 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 00:13 - 2014-06-11 00:34 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 00:13 - 2014-06-11 00:34 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 16:07 - 2014-06-06 14:56 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-05-29 16:07 - 2014-06-06 14:56 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-05-29 16:07 - 2014-01-04 03:07 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-05-29 16:07 - 2014-01-04 03:07 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-05-22 17:44 - 2013-02-07 17:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-22 15:56 - 2014-05-08 18:10 - 00000000 ____D () C:\Users\Xyreal\AppData\Local\NCSOFT
2014-05-19 19:44 - 2014-06-06 15:12 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-19 19:44 - 2014-06-06 15:12 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-19 19:44 - 2014-06-06 15:12 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-19 19:44 - 2013-02-27 01:15 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-19 19:44 - 2013-02-27 01:15 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-19 19:44 - 2013-02-07 16:13 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-05-19 19:44 - 2013-02-07 16:13 - 00052056 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-05-19 19:44 - 2013-02-07 16:12 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-19 19:44 - 2013-02-07 16:12 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-19 19:44 - 2013-02-07 16:12 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-05-19 19:44 - 2013-02-07 16:12 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-19 18:25 - 2013-02-07 16:13 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-19 18:25 - 2013-02-07 16:13 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-19 18:25 - 2013-02-07 16:13 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-19 18:25 - 2013-02-07 16:13 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-19 18:25 - 2013-02-07 16:13 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-19 16:10 - 2014-06-06 15:14 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {f502b24e-7166-11e2-b7f0-bd0e3e80448a}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {f502b250-7166-11e2-b7f0-bd0e3e80448a}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {f502b24e-7166-11e2-b7f0-bd0e3e80448a}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {f502b250-7166-11e2-b7f0-bd0e3e80448a}
device                  ramdisk=[C:]\Recovery\f502b250-7166-11e2-b7f0-bd0e3e80448a\Winre.wim,{f502b251-7166-11e2-b7f0-bd0e3e80448a}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\f502b250-7166-11e2-b7f0-bd0e3e80448a\Winre.wim,{f502b251-7166-11e2-b7f0-bd0e3e80448a}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {f502b24e-7166-11e2-b7f0-bd0e3e80448a}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {f502b251-7166-11e2-b7f0-bd0e3e80448a}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\f502b250-7166-11e2-b7f0-bd0e3e80448a\boot.sdi
 
 
 
LastRegBack: 2014-06-09 03:08
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2014
Ran by Xyreal at 2014-06-18 21:49:51
Running from C:\Users\Xyreal\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29677 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AirServer (64-bit) (HKLM\...\{1D74EFC0-14AD-4E6C-9E04-B76B055D2373}) (Version: 1.9.8 - App Dynamic)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version:  - )
AudioGenie (HKLM-x32\...\AudioGenie_is1) (Version:  - msi, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C410 (x32 Version: 140.0.273.000 - Hewlett-Packard) Hidden
CLICKBIOSII (HKLM-x32\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.107 - MSI)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ControlCenter (HKLM-x32\...\{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1) (Version: 2.5.053 - MSI)
Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version:  - EnTech Taiwan)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.8.1.1 - Dell)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DocProc (x32 Version: 140.0.99.000 - Hewlett-Packard) Hidden
Elsword (HKLM-x32\...\Steam App 237310) (Version:  - KOG)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fax (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® Network Connections 19.1.51.0 (Version: 19.1.51.0 - Intel) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lame ACM MP3 Codec (HKLM\...\LameACM) (Version:  - )
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Live Update 5 (HKLM-x32\...\{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1) (Version: 5.0.101 - MSI)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MapleStory (HKLM-x32\...\MapleStory) (Version:  - )
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 24.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
ohm_lib (HKLM-x32\...\{74A6FE5F-E688-4B09-B67B-046BCD22253D}) (Version: 1.0.0 - Microsoft)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
PS_AIO_07_C410_SW_Min (x32 Version: 140.0.273.000 - Hewlett-Packard) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.8-1.0.8500.20 - raidcall.com)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 beta r2282 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Solo's ModPack for World of Tanks (HKLM-x32\...\{ADD3574D-04EB-4700-89D4-6DB7F30DAAB1}_is1) (Version: 0.10.8 - Solo Software)
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steam Trading Card Beta Access (HKLM-x32\...\Steam App 202352) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.5 - En Masse Entertainment)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VideoGenie (HKLM-x32\...\{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1) (Version: 1.0.0.12 - MSI)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Tanks - Common Test (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1) (Version:  - Wargaming.net)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
 
==================== Restore Points  =========================
 
17-06-2014 22:18:18 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 19:34 - 2013-08-29 01:25 - 00450636 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {03F761AD-E2CD-43AA-A3D6-723624B4436E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {1925B458-8C88-46BB-BC5C-BB5EA33E4099} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07] (Google Inc.)
Task: {AC6B27F5-4A28-43FF-9E77-D1ABD4223337} - System32\Tasks\AdobeAAMUpdater-1.0-Xyreal-PC-Xyreal => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {D2C84F14-B14F-45E4-BC8C-6AF66493D518} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07] (Google Inc.)
Task: {E176B805-A882-4CFA-87FC-3CBEA0FB3A27} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-12] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-02-07 16:13 - 2014-05-19 18:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-04-01 21:55 - 2013-04-01 21:56 - 04288048 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
2013-02-22 20:20 - 2014-01-04 01:25 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-18 02:42 - 2014-06-18 02:42 - 02776064 _____ () C:\Program Files\AVAST Software\Avast\defs\14061800\algo.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-04 03:11 - 2013-11-28 13:14 - 00013824 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-01-04 03:11 - 2013-11-28 19:59 - 00098816 _____ () C:\Program Files (x86)\Samsung Magician\PAL.dll
2014-01-04 03:11 - 2013-11-28 19:59 - 00034304 _____ () C:\Program Files (x86)\Samsung Magician\SATA.dll
2014-01-04 03:11 - 2013-11-28 19:59 - 00032768 _____ () C:\Program Files (x86)\Samsung Magician\SAT.dll
2014-01-04 03:11 - 2013-11-28 20:00 - 00031232 _____ () C:\Program Files (x86)\Samsung Magician\SMINI.dll
2014-01-04 03:11 - 2013-11-28 19:59 - 00029696 _____ () C:\Program Files (x86)\Samsung Magician\SAS.dll
2013-11-29 23:43 - 2013-11-29 23:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-13 13:27 - 2014-06-05 06:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-13 13:27 - 2014-06-05 06:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-13 13:27 - 2014-06-05 06:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2013-02-07 17:04 - 2013-01-15 02:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-05-21 19:24 - 2014-04-29 17:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-05-03 01:50 - 2014-04-29 17:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-21 19:24 - 2014-04-29 17:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-08 16:40 - 2014-04-29 17:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-03-12 17:10 - 2014-05-16 18:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 19:24 - 2014-05-29 10:37 - 02139840 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-21 19:24 - 2014-04-28 17:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2013-02-07 21:05 - 2014-05-29 10:36 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-02-07 21:05 - 2014-05-01 16:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-02-07 21:05 - 2013-06-14 16:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-02-07 21:05 - 2013-06-14 16:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-02-07 21:05 - 2013-06-14 16:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-06-13 13:27 - 2014-06-05 06:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
2014-06-13 13:27 - 2014-06-05 06:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-13 13:27 - 2014-06-05 06:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/18/2014 02:52:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program worldoftanks.exe version 0.9.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11d0
 
Start Time: 01cf8ad5ea706558
 
Termination Time: 58
 
Application Path: E:\Games\World_of_Tanks\worldoftanks.exe
 
Report Id:
 
Error: (06/06/2014 07:41:13 PM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll (1064) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 32Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
 
Possible long-running transaction:
 
SessionId: 0x00000000014404A0
 
Session-context: 0x00000000
 
Session-context ThreadId: 0x00000000000016D8
 
Cleanup: 1
 
Error: (06/06/2014 07:41:02 PM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll (1064) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 32Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.
 
Possible long-running transaction:
 
SessionId: 0x00000000014404A0
 
Session-context: 0x00000000
 
Session-context ThreadId: 0x00000000000016D8
 
Cleanup: 1
 
Error: (06/01/2014 11:30:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSI SUITE.exe, version: 1.0.29.0, time stamp: 0x51109ff9
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0x14f0
Faulting application start time: 0xMSI SUITE.exe0
Faulting application path: MSI SUITE.exe1
Faulting module path: MSI SUITE.exe2
Report Id: MSI SUITE.exe3
 
Error: (06/01/2014 11:30:40 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MSI SUITE.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.LoadComponent(System.Uri, Boolean)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at MSI_SUITE.App.Main()
 
Error: (05/31/2014 08:08:06 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (05/31/2014 07:18:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSI SUITE.exe, version: 1.0.29.0, time stamp: 0x51109ff9
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0xd0c
Faulting application start time: 0xMSI SUITE.exe0
Faulting application path: MSI SUITE.exe1
Faulting module path: MSI SUITE.exe2
Report Id: MSI SUITE.exe3
 
Error: (05/31/2014 07:17:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MSI SUITE.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.LoadComponent(System.Uri, Boolean)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at MSI_SUITE.App.Main()
 
Error: (05/31/2014 06:07:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSI SUITE.exe, version: 1.0.29.0, time stamp: 0x51109ff9
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0xfcc
Faulting application start time: 0xMSI SUITE.exe0
Faulting application path: MSI SUITE.exe1
Faulting module path: MSI SUITE.exe2
Report Id: MSI SUITE.exe3
 
Error: (05/31/2014 06:07:38 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MSI SUITE.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.LoadComponent(System.Uri, Boolean)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at MSI_SUITE.App.Main()
 
 
System errors:
=============
Error: (06/18/2014 04:00:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/18/2014 03:59:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
Error: (06/17/2014 10:42:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/17/2014 10:41:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
Error: (06/17/2014 03:15:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/17/2014 03:14:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
Error: (06/17/2014 03:15:51 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (06/17/2014 02:55:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/17/2014 02:54:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
Error: (06/17/2014 00:54:51 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
 
Microsoft Office Sessions:
=========================
Error: (06/18/2014 02:52:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: worldoftanks.exe0.9.1.011d001cf8ad5ea70655858E:\Games\World_of_Tanks\worldoftanks.exe
 
Error: (06/06/2014 07:41:13 PM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll1064SUS20ClientDataStore: 0320x00000000014404A00x000000000x00000000000016D81
 
Error: (06/06/2014 07:41:02 PM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll1064SUS20ClientDataStore: 0320x00000000014404A00x000000000x00000000000016D81
 
Error: (06/01/2014 11:30:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MSI SUITE.exe1.0.29.051109ff9KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d14f001cf7dc7966b9880C:\MSI\MSI SUITE\MSI SUITE.exeC:\Windows\syswow64\KERNELBASE.dlld50555a2-e9ba-11e3-aa04-d43d7e488b54
 
Error: (06/01/2014 11:30:40 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MSI SUITE.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.LoadComponent(System.Uri, Boolean)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at MSI_SUITE.App.Main()
 
Error: (05/31/2014 08:08:06 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2
 
Error: (05/31/2014 07:18:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MSI SUITE.exe1.0.29.051109ff9KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42dd0c01cf7d3fb376b590C:\MSI\MSI SUITE\MSI SUITE.exeC:\Windows\syswow64\KERNELBASE.dllf44dc0e7-e932-11e3-8f3a-d43d7e488b54
 
Error: (05/31/2014 07:17:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MSI SUITE.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.LoadComponent(System.Uri, Boolean)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at MSI_SUITE.App.Main()
 
Error: (05/31/2014 06:07:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MSI SUITE.exe1.0.29.051109ff9KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42dfcc01cf7cd149cdf133C:\MSI\MSI SUITE\MSI SUITE.exeC:\Windows\syswow64\KERNELBASE.dll8c3fc891-e8c4-11e3-b8ba-d43d7e488b54
 
Error: (05/31/2014 06:07:38 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MSI SUITE.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.LoadComponent(System.Uri, Boolean)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at MSI_SUITE.App.Main()
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 41%
Total physical RAM: 8142.71 MB
Available physical RAM: 4754.31 MB
Total Pagefile: 16283.59 MB
Available Pagefile: 12747.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.79 GB) (Free:50.62 GB) NTFS
Drive e: () (Fixed) (Total:931.41 GB) (Free:743.6 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: AEC3DED3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: AEC3DEAB)
Partition 1: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,555 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:16 AM

Posted 19 June 2014 - 12:43 AM

Hi Xyreal, :)
  • Step #2 P2P Warning
    **IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
    • µTorrent
    I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

    My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.
 
  • Step #3 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
    • Bing Bar
    • Java 7 Update 55 (Update it afterwards)
    • Mozilla Firefox 24.0 (x86 en-US) (Update it afterwards)
    • Pando Media Booster
    • PunkBuster Services
 
  • Step #4 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
      C:\Program Files (x86)\Pando Networks\
      C:\Windows\SysWOW64\PnkBstrA.exe
      HKLM-x32\...\Run: [] => [X]
      HKU\S-1-5-21-791203291-3410698055-1772621353-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4288048 2013-04-01] ()
      Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
      C:\Program Files (x86)\Microsoft\BingBar\
      R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-04] ()
      2014-06-17 21:31 - 2013-04-01 21:56 - 00000000 ____D () C:\ProgramData\PMB Files
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #5 Scan with aswMBR
    • Download aswMBR
    from the link below and save it to your Desktop;
  • Right-click on it and choose Run as administrator;
  • Click on Scan;
  • After that click Save Log and save it to your Desktop;
  • Restart your PC;
  • Copy and paste the contents of the log in your next reply.
  
  • Step #7 Scan with OTL
    • Please download OldTimer's Listit by OldTimer from one of the following locations and save it to your Desktop.
      Download Link 1
      Download Link 2
      Downlaod LInk 3
    • Copy and Paste the following code inside the Custom Scans/Fixes box;
      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      dir "%systemdrive%\*" /S /A:L /C
      /md5start
      services.*
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      rpcss.dll
      /md5stop
      CREATERESTOREPOINT
    • Click the Quick Scan button;
    • After the scan two logs will be produced;
    • Copy and paste the content of the logs in your next reply
 
  • Required Log(s):
    • FRST Fix Log
    • aswMBR Log
    • RogueKiller Report
    • OTL Log(s) --
      • OTL.txt
      • Extras.txt
Regards,
Valinorum

Edited by Valinorum, 19 June 2014 - 12:46 AM.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#7 Xyreal

Xyreal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 19 June 2014 - 01:22 AM

thanks for the fast reply! as you said. i deleted the torrent and the other programs

 

here's the results

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014
Ran by Xyreal at 2014-06-18 23:04:46 Run:1
Running from E:\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Pando Networks\
C:\Windows\SysWOW64\PnkBstrA.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-791203291-3410698055-1772621353-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4288048 2013-04-01] ()
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
C:\Program Files (x86)\Microsoft\BingBar\
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-04] ()
2014-06-17 21:31 - 2013-04-01 21:56 - 00000000 ____D () C:\ProgramData\PMB Files
End
*****************
 
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe => No running process found
C:\Program Files (x86)\Pando Networks => Moved successfully.
C:\Windows\SysWOW64\PnkBstrA.exe => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-791203291-3410698055-1772621353-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => Value not found.
'HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}'=> Key not found.
"C:\Program Files (x86)\Microsoft\BingBar" => File/Directory not found.
PnkBstrA => Service stopped successfully.
PnkBstrA => Service deleted successfully.
"C:\ProgramData\PMB Files" => File/Directory not found.
 
==== End of Fixlog ====
 
 
 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-18 23:05:38
-----------------------------
23:05:38.660    OS Version: Windows x64 6.1.7601 Service Pack 1
23:05:38.660    Number of processors: 4 586 0x3A09
23:05:38.661    ComputerName: XYREAL-PC  UserName: Xyreal
23:05:38.930    Initialize success
23:05:38.930    VM: initialized successfully
23:05:38.934    VM: outdated driver version !
23:05:42.022    AVAST engine defs: 14061800
23:06:00.394    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:06:00.396    Disk 0 Vendor: WDC_WD10EZRX-00A8LB0 01.01A01 Size: 953869MB BusType: 11
23:06:00.400    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
23:06:00.403    Disk 1 Vendor: Samsung_SSD_840_Series DXT08B0Q Size: 114473MB BusType: 11
23:06:00.412    Disk 1 MBR read successfully
23:06:00.415    Disk 1 MBR scan
23:06:00.420    Disk 1 Windows 7 default MBR code
23:06:00.424    Disk 1 Partition 1 00     07    HPFS/NTFS NTFS       114471 MB offset 2048
23:06:00.433    Disk 1 scanning C:\Windows\system32\drivers
23:06:02.439    Service scanning
23:06:04.527    Service MSICDSetup D:\CDriver64.sys **LOCKED** 21
23:06:07.111    Modules scanning
23:06:07.116    Disk 1 trace - called modules:
23:06:07.120    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
23:06:07.122    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007720060]
23:06:07.125    3 CLASSPNP.SYS[fffff8800191d43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800740b060]
23:06:07.239    AVAST engine scan C:\Windows
23:06:07.560    AVAST engine scan C:\Windows\system32
23:06:51.172    AVAST engine scan C:\Windows\system32\drivers
23:06:53.462    AVAST engine scan C:\Users\Xyreal
23:07:48.994    AVAST engine scan C:\ProgramData
23:07:58.822    Scan finished successfully
23:08:10.598    Disk 1 MBR has been saved successfully to "C:\Users\Xyreal\Downloads\MBR.dat"
23:08:10.601    The log file has been saved successfully to "C:\Users\Xyreal\Downloads\aswMBR.txt"
 
 
 
 
 

RogueKiller V9.0.3.0 (x64) [Jun 17 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Xyreal [Admin rights]
Mode : Scan -- Date : 06/18/2014  23:15:48
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 19 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2A1F5BEF-405D-4AFD-9BA0-E699FB2E8061} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2A1F5BEF-405D-4AFD-9BA0-E699FB2E8061} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2A1F5BEF-405D-4AFD-9BA0-E699FB2E8061} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-791203291-3410698055-1772621353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-791203291-3410698055-1772621353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZRX-00A8LB0 ATA Device +++++
--- User ---
[MBR] 2ddbb244c777d18e73ed5c461d1afbd6
[BSP] 2ebb661222a68418cfdf28ff3300a1d5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953766 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Samsung SSD 840 Series ATA Device +++++
--- User ---
[MBR] 06c12b0e933209e540ac2fb942dff84a
[BSP] bc16fa6c4a23678bd9cd13798c1be1ee : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 114471 MB
User = LL1 ... OK
User = LL2 ... OK
 

 

OTL logfile created on: 6/18/2014 11:17:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Xyreal\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.95 Gb Total Physical Memory | 4.84 Gb Available Physical Memory | 60.92% Memory free
15.90 Gb Paging File | 13.44 Gb Available in Paging File | 84.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.79 Gb Total Space | 51.39 Gb Free Space | 45.97% Space Free | Partition Type: NTFS
Drive E: | 931.41 Gb Total Space | 743.60 Gb Free Space | 79.84% Space Free | Partition Type: NTFS
 
Computer Name: XYREAL-PC | User Name: Xyreal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/18 23:16:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Xyreal\Downloads\OTL.exe
PRC - [2014/06/12 18:39:56 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/06/12 18:39:46 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/06/05 06:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/29 16:35:33 | 002,352,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/05/29 16:31:38 | 001,631,008 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/05/19 16:10:40 | 000,413,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Xyreal\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/28 20:12:40 | 004,580,256 | ---- | M] (Samsung Electronics.) -- C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
PRC - [2013/01/15 02:29:52 | 000,366,040 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2013/01/15 02:29:52 | 000,279,000 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/01/15 02:29:50 | 000,165,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/05/21 01:26:26 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/05 06:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014/06/05 06:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014/06/05 06:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014/06/05 06:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014/06/05 06:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014/02/12 21:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 21:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/11/29 23:43:09 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/11/28 20:00:00 | 000,031,232 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\SMINI.dll
MOD - [2013/11/28 19:59:54 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\SATA.dll
MOD - [2013/11/28 19:59:50 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\SAT.dll
MOD - [2013/11/28 19:59:24 | 000,029,696 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\SAS.dll
MOD - [2013/11/28 19:59:20 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\PAL.dll
MOD - [2013/11/28 13:14:32 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/12 18:39:46 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/05/30 02:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/05/29 16:28:54 | 021,055,432 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/03/11 16:31:58 | 000,260,360 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/10 14:31:44 | 000,803,872 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2012/12/10 14:31:28 | 000,732,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/29 16:31:38 | 001,631,008 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/05/19 16:10:40 | 000,413,128 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/05/13 23:36:10 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- E:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/03 16:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/18 13:05:34 | 005,102,040 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/01/15 02:29:52 | 000,366,040 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2013/01/15 02:29:52 | 000,279,000 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/01/15 02:29:50 | 000,165,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/06/18 23:09:44 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/06/12 18:39:53 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/06/12 18:39:53 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/06/12 18:39:53 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/06/12 18:39:47 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/06/12 18:39:47 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/06/12 18:39:47 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/06/12 18:39:47 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/06/12 18:39:47 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/05/29 16:28:53 | 000,020,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/31 09:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/12/16 01:46:11 | 000,159,160 | ---- | M] (TENCENT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\TesSafe.sys -- (TesSafe)
DRV:64bit: - [2013/11/28 06:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/08/21 02:27:24 | 000,494,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2013/06/07 23:28:38 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/04/30 10:57:00 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2013/04/30 10:56:42 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2013/03/18 17:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/01/19 00:52:08 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012/12/03 16:36:34 | 000,081,824 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012/12/03 16:36:34 | 000,013,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012/11/15 09:41:06 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/12 19:56:32 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/05/21 01:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/05/21 01:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/05/21 01:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/06 11:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/11/18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010/10/22 10:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 01 CE E4 15 3F CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Xyreal\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/06/12 18:39:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/05/30 22:36:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/05/30 22:36:56 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Xyreal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Xyreal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Xyreal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: avast! Online Security = C:\Users\Xyreal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: User-Agent Switcher = C:\Users\Xyreal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf\2.0_0\
CHR - Extension: Google Wallet = C:\Users\Xyreal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Xyreal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2013/08/29 01:25:09 | 000,450,636 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] "E:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" File not found
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenterCount] C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe (MSI CO.,LTD.)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe ()
O4 - HKLM..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Xyreal\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\Xyreal\AppData\Local\Apps\2.0\DZWY7OR0.NOD\8GEK43X9.3T9\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe (Dell)
O4 - Startup: C:\Users\Xyreal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O4 - Startup: C:\Users\Xyreal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk = C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
O4 - Startup: C:\Users\Xyreal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SAO Utils.lnk = C:\Users\Xyreal\Downloads\SAO Utils\SAO Utils.exe (Studio GPBeta)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A1F5BEF-405D-4AFD-9BA0-E699FB2E8061}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A1F5BEF-405D-4AFD-9BA0-E699FB2E8061}: NameServer = 208.67.222.222
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/18 23:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/06/18 23:03:20 | 002,082,304 | ---- | C] (Farbar) -- E:\Desktop\FRST64.exe
[2014/06/18 21:49:12 | 000,000,000 | ---D | C] -- C:\FRST
[2014/06/17 02:57:39 | 000,000,000 | ---D | C] -- C:\Users\Xyreal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOID Elsword
[2014/06/17 02:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOID Elsword
[2014/06/14 12:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Display Manager
[2014/06/14 12:31:19 | 000,000,000 | ---D | C] -- C:\Users\Xyreal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2014/06/14 12:31:06 | 000,000,000 | ---D | C] -- C:\Users\Xyreal\AppData\Local\Deployment
[2014/06/14 12:31:06 | 000,000,000 | ---D | C] -- C:\Users\Xyreal\AppData\Local\Apps
[2014/06/14 11:58:33 | 000,000,000 | ---D | C] -- C:\Users\Xyreal\AppData\Local\GNE
[2014/06/12 18:39:47 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/06/12 18:37:24 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/12 18:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/12 18:37:16 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/12 18:37:16 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/06/04 23:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/06/04 01:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
[2014/06/01 01:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2014/06/01 01:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/06/01 01:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/06/01 01:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/05/30 22:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2014/05/30 22:48:29 | 000,000,000 | ---D | C] -- C:\Users\Xyreal\AppData\Local\HP
[2014/05/30 22:48:23 | 000,000,000 | ---D | C] -- C:\Users\Xyreal\AppData\Roaming\HP
[2014/05/30 22:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2014/05/30 22:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar Installer
[2014/05/30 22:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2014/05/30 22:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2014/05/30 22:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2014/05/30 22:37:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2014/05/30 22:37:00 | 000,000,000 | ---D | C] -- C:\Users\Xyreal\AppData\Roaming\HpUpdate
[2014/05/30 22:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2014/05/30 22:36:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2014/05/30 22:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/05/30 22:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2014/05/30 22:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2014/05/30 22:35:26 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2014/05/30 22:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014/05/30 22:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/05/30 22:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/18 23:16:41 | 000,022,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/18 23:16:41 | 000,022,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/18 23:15:24 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/18 23:15:24 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/18 23:15:24 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/18 23:09:44 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/18 23:09:32 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/18 23:09:29 | 000,000,891 | ---- | M] () -- C:\Users\Xyreal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SAO Utils.lnk
[2014/06/18 23:09:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/18 22:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/18 22:25:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/18 21:48:38 | 002,082,304 | ---- | M] (Farbar) -- E:\Desktop\FRST64.exe
[2014/06/17 22:41:25 | 004,910,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/06/14 12:40:03 | 000,000,840 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk
[2014/06/13 13:27:51 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/12 18:39:57 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/06/12 18:39:53 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/06/12 18:39:53 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/06/12 18:39:53 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/06/12 18:39:47 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/06/12 18:39:47 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/06/12 18:39:47 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/06/12 18:39:47 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/06/12 18:39:47 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/06/12 18:39:47 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/06/12 18:39:47 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/05/30 22:49:41 | 000,212,764 | ---- | M] () -- C:\Windows\hpoins52.dat
[2014/05/30 22:36:38 | 000,002,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/14 12:39:18 | 000,000,840 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk
[2014/06/12 18:39:57 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/06/12 18:39:50 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/05/30 22:37:08 | 000,001,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2014/05/30 22:36:38 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2014/05/30 22:34:36 | 000,212,764 | ---- | C] () -- C:\Windows\hpoins52.dat
[2014/05/30 22:34:36 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat
[2014/05/01 18:06:19 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2014/04/01 22:05:48 | 000,115,604 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/10/16 02:05:49 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/07/26 19:26:39 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2013/05/26 19:16:45 | 000,000,132 | ---- | C] () -- C:\Users\Xyreal\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/05/25 22:05:40 | 000,000,132 | ---- | C] () -- C:\Users\Xyreal\AppData\Roaming\Adobe BMP Format CS6 Prefs
[2013/02/22 20:20:42 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/02/22 20:20:41 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2013/02/11 17:19:48 | 000,582,656 | ---- | C] () -- C:\Users\Xyreal\AppData\Local\file__0.localstorage
[2013/02/07 17:37:17 | 000,000,036 | ---- | C] () -- C:\Users\Xyreal\AppData\Local\housecall.guid.cache
[2013/02/07 17:10:19 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/27 11:36:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/04/21 15:31:32 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\.mono
[2013/07/29 00:52:01 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\Atari
[2013/11/29 23:43:33 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\AVAST Software
[2013/05/04 20:18:49 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\Awesomium
[2014/03/19 22:17:39 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\Battle.net
[2013/04/02 16:31:38 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\LolClient
[2013/06/04 02:25:44 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\MSI
[2013/12/14 01:16:54 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\Mumble
[2013/03/02 15:44:05 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\Natural Selection 2
[2014/05/08 18:10:28 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\NCSOFT
[2014/01/25 18:20:47 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\OBS
[2014/04/17 12:56:49 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\Oracle
[2014/03/01 20:22:16 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\Origin
[2013/05/21 13:34:24 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\PDAppFlex
[2013/12/02 03:34:42 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\Publish Providers
[2013/10/13 19:31:03 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\raidcall
[2014/03/19 22:17:39 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\Rainmeter
[2014/01/26 02:30:50 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\rcru
[2013/07/26 19:28:00 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\Red Alert 3
[2013/11/29 13:58:06 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\Riot Games
[2013/12/02 04:42:30 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\Sony
[2013/12/02 03:26:40 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\Sony Creative Software Inc
[2013/02/07 17:15:43 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\SplitMediaLabs
[2013/08/06 00:52:29 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\SYSTEMAX Software Development
[2013/02/08 13:29:47 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\SystemRequirementsLab
[2013/12/05 03:45:49 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\Tencent
[2014/06/12 02:06:31 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\Tera_Awesomium
[2014/03/14 16:05:38 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\TS3Client
[2013/07/08 18:37:34 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\Tunngle
[2013/10/26 01:18:30 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\Wacom
[2013/08/10 13:56:59 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\wacomid-desktop-launcher
[2013/07/06 19:42:48 | 000,000,000 | ---D | M] -- C:\Users\Xyreal\AppData\Roaming\Wargaming.net
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
(C:\Users\Xyreal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\Xyreal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯游戏
 
< End of report >
 
 
 

OTL Extras logfile created on: 6/18/2014 11:17:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Xyreal\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.95 Gb Total Physical Memory | 4.84 Gb Available Physical Memory | 60.92% Memory free
15.90 Gb Paging File | 13.44 Gb Available in Paging File | 84.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.79 Gb Total Space | 51.39 Gb Free Space | 45.97% Space Free | Partition Type: NTFS
Drive E: | 931.41 Gb Total Space | 743.60 Gb Free Space | 79.84% Space Free | Partition Type: NTFS
 
Computer Name: XYREAL-PC | User Name: Xyreal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0425AEBB-9D4A-402E-83FC-180AFBA30E8D}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{057BF88A-0567-4CBF-87B1-4A5F5F698E21}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{2052489A-9E13-4CE7-82F8-E83B1FD19A2F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{253D2C58-7B42-4B0B-B0A0-08AE8C68F3E6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2605DE66-CD1A-4CB2-9BCF-2A7CC8FE5094}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2E735A41-D512-4B0E-A708-0096046A280F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3FE34039-A268-47A6-8B73-EBFDD052FCF3}" = lport=20010 | protocol=17 | dir=in | name=war thunder | 
"{43ED38A9-D29E-4DF5-BA1F-698F0B14F574}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{44C5778A-DA2A-4E8F-833B-505670EBE369}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4778C8FC-174C-4FD7-B6DF-BAB4E8413CCB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{50F429FD-E853-4774-AE6C-07BC89DFACE4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{519681E2-B0D9-4E40-BCE0-FF357AAC2873}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{5DCE4594-DF65-4476-9C52-75338B969120}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{73725E70-04F4-4410-9908-68F92411962A}" = lport=7850 | protocol=6 | dir=in | name=war thunder | 
"{79DF6FD0-1A2A-4A10-A0E7-520A200746B9}" = lport=8090 | protocol=6 | dir=in | name=war thunder | 
"{7E0C2527-62C9-45DD-A0FE-A141EC7ADFA3}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{7ED4D90C-18DD-4373-BA31-B1F0AE825B7D}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{8185E610-C3BF-4672-9F85-0625C39A1C0A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{84520BDA-DF6A-4797-B0E1-72D38E629EE3}" = lport=80 | protocol=6 | dir=in | name=war thunder | 
"{862FAF4F-87CB-4222-9CD8-57732F4D44E4}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{862FBCB7-F1A3-40CD-A5B3-A1175E4906D6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8CD38ACF-8A7E-4F40-BC8D-EB9DC981C4C6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9BC0E129-327A-4C81-9C44-114C5FA9F8ED}" = lport=33333 | protocol=6 | dir=in | name=war thunder | 
"{9BDCBFF6-CA62-44D0-AAA1-AF007B119C72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9EDF5D3C-833F-4D59-ABAB-D273E4E9F71D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A165CC60-BCE0-4761-852A-118C9BC5CF5B}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{A34D76FE-9AFC-40E9-AE78-8E967A4DE7AA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A977CA95-C060-4592-A03E-0FEC41F83EE4}" = lport=27022 | protocol=6 | dir=in | name=war thunder | 
"{AAEB257C-8583-44C8-A403-4659EC98C087}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B8048EB4-38D5-42D5-AB13-FE9056164A9A}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{BCB119DD-517C-45F5-AB71-3A69C0E60C50}" = lport=3478 | protocol=17 | dir=in | name=war thunder | 
"{BF71FE8F-705E-478A-9274-3E518296AEB0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C1B0F74A-5B61-41A3-AF32-210FEC79F154}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CB44E68E-CF41-4014-AA8D-80EFFAF06415}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D491EF70-B17B-43A7-B238-FE4E970464B2}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{D62361B5-D386-403B-934A-4F95EB6E1FFB}" = lport=20443 | protocol=6 | dir=in | name=war thunder | 
"{ECE3ABA0-96DD-46B4-A18C-A150B4292BED}" = lport=443 | protocol=6 | dir=in | name=war thunder | 
"{F66FFB2D-D17A-45DB-B731-F6E68D91C515}" = lport=49193 | protocol=6 | dir=in | name=akamai netsession interface | 
"{FC6B5791-5B72-4736-B821-A6AF4B9D4955}" = lport=6881 | protocol=6 | dir=in | name=war thunder | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F28598-1899-4F5B-B59D-3547B7EEE067}" = protocol=17 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe | 
"{0487CAA1-6B5A-436B-AFE5-0CD354C8A477}" = dir=in | app=e:\program files (x86)\skype\phone\skype.exe | 
"{060FFB37-A00C-44FA-A749-D8E6F3672E73}" = protocol=6 | dir=in | app=e:\program files (x86)\battle.net\battle.net.exe | 
"{07454F6F-5F3B-4CBE-95A5-1A8A19D6362E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{07C7AC88-1F7D-4D19-A322-D9FBA9483F3A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{0A3822F3-324B-4B4A-8F58-8E0674B53252}" = protocol=6 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\elsword\essteam.exe | 
"{0A401AD4-AB9D-47D4-82FA-16667DFB2F25}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{0B9F324F-54E0-41F8-909C-FF26A3583D80}" = dir=in | app=c:\users\xyreal\appdata\local\temp\7zs09d5\setup\hpznui40.exe | 
"{0D6D47EA-4785-4270-AFF3-692B6C7D2EF5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{0D98D2E8-BF5A-4EB8-94FE-57DE0C1D1BCB}" = protocol=17 | dir=in | app=e:\program files\ventrilo\ventrilo.exe | 
"{0E143CA3-A183-48ED-B812-080018D29262}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{0E8504CE-9A4E-4076-A84D-EFD24D7BD5C3}" = protocol=17 | dir=in | app=e:\program files\app dynamic\airserver\airserver.exe | 
"{0F01BDE7-6C82-4FE0-8950-F96D1E972128}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{0F65FD7C-8CC7-4085-AE3B-93FEAA01D746}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{0FBC9633-F4D3-4BB5-ADA8-FE578AD94FFA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{1276C087-0AA0-4254-B57A-BF983EDDC4DA}" = protocol=6 | dir=out | app=e:\program files (x86)\tera\client\tera.exe | 
"{14400A52-7B96-426A-82A5-5EDB52FBC525}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{16AFBEA2-DB66-4EA5-A162-20DE5F458918}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{1770AAC9-6FD5-48D3-A7A8-BE3237BA258D}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{17A87748-321D-421B-B9CC-4E7D2186913C}" = protocol=17 | dir=out | app=e:\program files (x86)\tera\client\tera.exe | 
"{186C1687-A275-4213-A19D-96B47120C9E7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{1B9ED399-0F34-497C-B3FC-16A4BE8C1581}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{1DE29623-9EB6-48EB-8026-EDB1C5886246}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{231124CE-26BD-425C-996A-C607627246BD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{256B8C7F-919D-479F-8326-7DD76D11915A}" = protocol=17 | dir=in | app=e:\program files (x86)\tera\client\tl.exe | 
"{34566E03-8EF4-43DD-9AA9-CAE5B5D5BF96}" = protocol=17 | dir=in | app=e:\program files\腾讯游戏\剑灵_腾讯\bin\cross\crossproxy.exe | 
"{357E81CC-2FE0-49E6-8FB9-3BC11548B069}" = protocol=17 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe | 
"{362F043D-04F6-4F8F-AF2B-E5D697A3AE57}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{380EDE16-54FA-4D28-99EA-08E359F0EF9B}" = dir=in | app=c:\users\xyreal\appdata\local\microsoft\skydrive\skydrive.exe | 
"{39D2A647-A7F8-4A29-BDAF-9EC57F0509BD}" = protocol=17 | dir=in | app=e:\program files (x86)\origin games\battlefield 4\bf4_x86.exe | 
"{3B522656-5FE6-498D-AC60-A3E005C6E28A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3B8A0BDF-9659-4DAA-BE6A-2ABE809A0B4C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{3BEA6A08-490E-4373-8E86-6832A8D6789C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | 
"{3FEF31E7-88C2-4A73-9EE8-C7C556749484}" = protocol=6 | dir=in | app=c:\users\xyreal\appdata\local\temp\qqgamedownloader\bns_1383538034\teniodl.exe | 
"{40A89528-B4AC-432B-90A5-8D9DFE5ECFED}" = protocol=6 | dir=in | app=c:\users\xyreal\appdata\local\temp\qqgamedownloader\bns_1383538034\miniqqdl.exe | 
"{4163660D-CFC4-435D-82DB-6BBC96B82F83}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4224618C-75E0-4B29-BE59-AA3C786CF258}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{4B528754-6A79-4F11-9C59-E1E9C549A6E3}" = protocol=17 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\dragonnest\dragonnest.exe | 
"{4B8DBC77-0CA9-4B1D-8E5D-0CC3711FE4D5}" = protocol=17 | dir=in | app=e:\program files\腾讯游戏\剑灵_腾讯\bin\cross\apps\cqs\qtalk\bin\miniqtalk.exe | 
"{4D7A339F-7912-4C15-89C1-6788458A04D1}" = protocol=6 | dir=in | app=c:\users\xyreal\downloads\hoto_downloader.exe | 
"{4FB53166-03E4-4D24-9E02-D7CFAD252A76}" = protocol=6 | dir=in | app=e:\program files (x86)\diablo iii\diablo iii.exe | 
"{524583B3-6B35-4CD3-8FEB-9A4EC5B2931C}" = protocol=17 | dir=in | app=e:\program files\腾讯游戏\剑灵_腾讯\bin\cross\crossproxy.exe | 
"{5429CA25-F89A-4DA9-8805-46E254F62540}" = protocol=17 | dir=in | app=e:\program files (x86)\origin games\battlefield 4\bf4.exe | 
"{56704749-B98F-4312-A854-6E98CF820EA9}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{581C8DD1-FF85-4D08-A3A0-975484958439}" = protocol=6 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe | 
"{5D3C7577-F628-4D79-B111-F7813ED63179}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{5D7A3AC4-F09A-468C-B287-EC0449C5DC12}" = protocol=6 | dir=in | app=e:\program files\腾讯游戏\剑灵_腾讯\bin\cross\apps\cqs\qtalk\bin\miniqtalk.exe | 
"{5D92A220-B06E-49FB-AB51-55E98E3FE91C}" = protocol=6 | dir=in | app=e:\program files\腾讯游戏\剑灵_腾讯\bin\cross\apps\cqs\qtalk\bin\miniqtalk.exe | 
"{60CE1212-4FB6-48EA-AF07-D279837A743A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{60DDFEDF-FD85-43CE-8C8A-1A2BD12FDCD0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6307C8AC-C96C-4067-88D1-244A5F9F1F72}" = protocol=17 | dir=out | app=e:\program files (x86)\tera\client\tl.exe | 
"{630E0FB1-21B7-4FAD-8C97-AC5FDF7CF19B}" = protocol=17 | dir=in | app=c:\users\xyreal\downloads\hoto_downloader.exe | 
"{647F06E0-494D-4D6F-800B-90A00CBEB7DE}" = protocol=17 | dir=in | app=e:\program files (x86)\origin games\titanfall-beta\titanfall.exe | 
"{65DAB3C4-DE86-4591-99DB-B79877C5E118}" = protocol=17 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\elsword\essteam.exe | 
"{65E277D8-C7BE-4587-A7BD-A7350623B559}" = protocol=17 | dir=in | app=e:\program files (x86)\origin games\simcity\simcity\simcity.exe | 
"{6A429D3B-AEEB-49BA-A0C8-1C52C79DD900}" = protocol=6 | dir=in | app=e:\program files (x86)\kill3rcombo\elsword\data\x2.exe | 
"{6AF960D3-3C5B-4021-930D-4A001D60E760}" = protocol=17 | dir=in | app=e:\program files (x86)\tera\tera-launcher.exe | 
"{71004AD8-A4F1-4195-BE4D-86257B721100}" = protocol=6 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe | 
"{767955E3-04C5-4863-BFA9-F1E70BEA8E91}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{7780CAB3-0D95-4A6F-A841-2CAD1EAA94F0}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{779A109C-5FFE-4A1D-9B5B-B4F82F36AB31}" = protocol=17 | dir=in | app=e:\program files (x86)\kill3rcombo\elsword\data\x2.exe | 
"{7C24322F-B1AF-41C4-851B-4BDC3F8EA9D4}" = protocol=6 | dir=in | app=e:\program files (x86)\origin games\titanfall-beta\titanfall.exe | 
"{7CB3F4E1-DA0F-4631-B4C5-B5AAF04B9726}" = protocol=17 | dir=in | app=c:\users\xyreal\appdata\local\temp\qqgamedownloader\bns_1383538034\teniodl.exe | 
"{7DE0A11F-BF71-4D22-829E-B60FD2CBB778}" = protocol=6 | dir=in | app=e:\program files (x86)\origin games\simcity\simcity\simcity.exe | 
"{7EA8734D-1F57-4F2F-8FD6-5C284FC8AD29}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{80D0FB6D-1D1A-45A7-BF76-4C8DE34E42E5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{821147B5-E074-467E-8120-615D4200094E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{842DED68-71A9-4C47-8522-3327E4C5BADC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{850A9525-C527-4567-897D-750CF950714B}" = protocol=6 | dir=in | app=e:\program files (x86)\diablo iii beta 2013\diablo iii.exe | 
"{875E9961-56B6-4219-AB0A-28EE03574CD7}" = protocol=17 | dir=in | app=c:\users\xyreal\appdata\roaming\tencent\剑灵\4173457af977b2f891468e80537075d9\teniodl\teniodl.exe | 
"{87D865A8-7849-4004-9069-4324051F155A}" = protocol=6 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe | 
"{8F0652A7-9B6C-4A02-8C66-7DA7B13DA1C2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{8FA9E1C9-EE6E-4027-8F80-021D67109540}" = protocol=6 | dir=in | app=e:\program files\腾讯游戏\剑灵_腾讯\bin\cross\crossproxy.exe | 
"{944A0AFE-6D71-4F3D-91DA-8DE78AC316CE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{95EEC818-5EE6-446A-915F-FE24C256B7FA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{990D56EE-1056-43C6-8D5C-37A73BCE787F}" = protocol=17 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe | 
"{9EFCAEB9-3291-4642-B371-28921298B645}" = protocol=6 | dir=in | app=e:\program files\app dynamic\airserver\airserver.exe | 
"{9F2E6847-C832-4AB2-9183-F786096E217E}" = protocol=6 | dir=in | app=e:\program files (x86)\nexon\dragonnest\dragonnest.exe | 
"{A195531F-AA5F-449A-A959-27C5BEA52C95}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{A1BFD2C7-4991-492C-82A4-B527BCDAFAB1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{A563F026-3121-4FBD-9FD2-623E7CD9ACBF}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{A5E64C39-CA72-4601-9D94-77665A21F3AD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{A9980096-EFD5-43BF-82AC-15DCB63D20F8}" = protocol=6 | dir=in | app=e:\program files (x86)\tera\client\tl.exe | 
"{A9AD428C-F77B-42D6-80F4-4740E7177AB6}" = protocol=6 | dir=in | app=c:\users\xyreal\appdata\roaming\tencent\剑灵\4173457af977b2f891468e80537075d9\teniodl\teniodl.exe | 
"{A9CA156B-FE78-4634-8892-7FB19A97D0FD}" = protocol=17 | dir=in | app=e:\program files (x86)\diablo iii\diablo iii.exe | 
"{AB6D7F63-0BE6-4B8E-9DB9-808D2FC8CE72}" = protocol=6 | dir=in | app=e:\program files (x86)\origin games\battlefield 4\bf4.exe | 
"{AC861320-711A-4F46-908E-2535C5CD7661}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{ADD8436D-E39A-467B-981F-44EE28BCE963}" = protocol=6 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\elsword\data\x2.exe | 
"{B234F6F9-2E73-4D2D-98B1-C19E5D11CAF4}" = protocol=17 | dir=out | app=e:\program files (x86)\tera\tera-launcher.exe | 
"{B5F0FAB1-4328-4F59-8301-CDE6E44EBABF}" = protocol=6 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe | 
"{B6B2A13C-DBFE-4621-9A09-C83B5DC01B3C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{BA2827FF-C72B-48C8-B0FA-3D34ADF60C4D}" = protocol=17 | dir=in | app=e:\program files (x86)\tera\client\tera.exe | 
"{BAD64186-539D-4108-81A7-EBAEFE4EF166}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BC2E2C89-AB48-4334-88BF-3032F5551510}" = protocol=6 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\dragonnest\dragonnest.exe | 
"{BDE4E4C3-88DA-459E-B6B4-D15168209026}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{BE0349FB-4DB4-4FA1-B676-5F84C86E8ACE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C2D9D1D4-E5E1-4C52-9D2A-910CBCC8F3AE}" = protocol=17 | dir=in | app=e:\program files (x86)\war thunder\launcher.exe | 
"{C8860A1B-4241-4D1D-92F8-15D38228C088}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{CB2D9689-070E-4D69-B6C3-8FA720E49BBC}" = protocol=17 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\elsword\data\x2.exe | 
"{CCD1C522-BA0F-4C04-96A8-C2F714A50262}" = protocol=6 | dir=in | app=e:\program files (x86)\war thunder\launcher.exe | 
"{CD6D1607-8202-40AE-A084-14AE39517503}" = protocol=6 | dir=out | app=e:\program files (x86)\tera\client\tl.exe | 
"{CF79220D-1BB1-4063-9C32-A17918B49ECD}" = protocol=6 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe | 
"{D041B633-2CE4-4E02-805B-B831BD0486DD}" = protocol=17 | dir=in | app=e:\program files (x86)\nexon\dragonnest\dragonnest.exe | 
"{D08FCFAE-2AD4-4228-B2EA-AED2272ED023}" = protocol=17 | dir=in | app=e:\program files\腾讯游戏\剑灵_腾讯\bin\cross\apps\cqs\qtalk\bin\miniqtalk.exe | 
"{D0A52A4B-CCD7-48B8-B668-B401BB6E67A8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{D30FA65D-4058-436E-9464-1D580E111E40}" = protocol=17 | dir=in | app=c:\users\xyreal\appdata\local\temp\qqgamedownloader\bns_1383538034\miniqqdl.exe | 
"{D387E1EF-6D30-445C-B263-CB4A40368ED2}" = protocol=17 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe | 
"{D5271DF6-E6B3-4C7C-9F41-BEE0A8DB8748}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D59E0135-331B-4D0A-8B5E-E380F613FF2C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{DB1FB959-736E-4A0D-B72C-3628C792C4DB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{DB437476-E9A9-4567-8B92-68C94DDAD54B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{DD791EE8-738E-4A14-BDF4-E19DDED0D873}" = protocol=6 | dir=in | app=e:\program files (x86)\tera\tera-launcher.exe | 
"{DDA714B9-6111-434E-9A53-47DA158A6124}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{DF91528D-B6DD-48C8-9214-C9AE14386BE4}" = protocol=6 | dir=in | app=e:\program files (x86)\tera\client\tera.exe | 
"{DF99CD9A-F98F-4BBB-AF1C-A6FD3F91AC1E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{E1EC7927-64D0-405A-945D-68F35059C242}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E20FD303-3DE1-40BC-B834-5C07A441E765}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{E3AC8124-904D-415B-9EAA-3C1C8C128F29}" = protocol=17 | dir=in | app=e:\program files (x86)\diablo iii beta 2013\diablo iii.exe | 
"{EDAEED8F-F9E2-4610-A29E-99D1DDADC034}" = protocol=6 | dir=in | app=e:\program files\腾讯游戏\剑灵_腾讯\bin\cross\crossproxy.exe | 
"{F392A236-676D-42B0-8F22-D85B8762E410}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{F42C629B-34A8-49E0-8753-B5AC3703AD96}" = protocol=17 | dir=in | app=e:\program files (x86)\battle.net\battle.net.exe | 
"{F4AB187D-464E-4E0A-912D-58F9FFB391D1}" = protocol=6 | dir=in | app=e:\program files (x86)\origin games\battlefield 4\bf4_x86.exe | 
"{F562D7FD-4A15-4117-A2F1-EF4A35624E4F}" = protocol=17 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe | 
"{F5BE829F-8DEA-4CBE-9CAA-B8AC04CBA95D}" = protocol=6 | dir=out | app=e:\program files (x86)\tera\tera-launcher.exe | 
"{F662420D-05DE-409C-A539-7CB8FFED5F5E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | 
"{F6DB0AB9-91AD-463D-895A-4C5828C00FBD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{FF6B9055-5859-4389-A2BD-5D078CADF252}" = protocol=6 | dir=in | app=e:\program files\ventrilo\ventrilo.exe | 
"TCP Query User{03F0BAEB-19A5-4607-98DB-BCFD7D2F4829}E:\nexon\maplestory\maplestory.exe" = protocol=6 | dir=in | app=e:\nexon\maplestory\maplestory.exe | 
"TCP Query User{05643BE5-C900-44C4-AFC4-8552FE96211E}E:\program files (x86)\steamlibrary\steamapps\common\natural selection 2\ns2.exe" = protocol=6 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\natural selection 2\ns2.exe | 
"TCP Query User{20A00C2A-7C9F-4716-A40A-A92DC46763D5}E:\nexon\maplestory\maplestory.exe" = protocol=6 | dir=in | app=e:\nexon\maplestory\maplestory.exe | 
"TCP Query User{286683F4-18B2-4B75-8256-7AC5596BCBFD}E:\program files (x86)\snail games usa\blackgold\bin\fxgame.exe" = protocol=6 | dir=in | app=e:\program files (x86)\snail games usa\blackgold\bin\fxgame.exe | 
"TCP Query User{2BCE7106-E891-4CAF-B53D-0FCC9340D94A}E:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{2C4AF48E-4F7A-49C9-BCAF-B580136B8FC5}C:\users\xyreal\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\xyreal\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{3ACECB70-2544-4718-A053-7BC7854007F7}E:\program files (x86)\raidcall\raidcall.exe" = protocol=6 | dir=in | app=e:\program files (x86)\raidcall\raidcall.exe | 
"TCP Query User{3CB3EE72-5C6E-4298-B96D-20189337C109}E:\program files (x86)\steamlibrary\steamapps\common\company of heroes 2 - test build\reliccoh2.exe" = protocol=6 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\company of heroes 2 - test build\reliccoh2.exe | 
"TCP Query User{3F14ACCC-15CF-4E3A-A103-260F027FE105}E:\program files\腾讯游戏\剑灵_腾讯\bin\client.exe" = protocol=6 | dir=in | app=e:\program files\腾讯游戏\剑灵_腾讯\bin\client.exe | 
"TCP Query User{525BD16E-7D0C-430F-9852-B1BF1FF377F4}E:\program files (x86)\heroesgo\launcher\launcher.exe" = protocol=6 | dir=in | app=e:\program files (x86)\heroesgo\launcher\launcher.exe | 
"TCP Query User{5658085B-614B-49AC-8AD6-D19A8528C0E4}E:\nexon\maplestory\ereve.exe" = protocol=6 | dir=in | app=e:\nexon\maplestory\ereve.exe | 
"TCP Query User{5C7CE928-97CA-42E1-9383-B555653C0B76}C:\users\xyreal\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\xyreal\downloads\neverwinter_nw.1.20130416a.6.exe | 
"TCP Query User{673BEF8A-A792-4DFC-9F11-4B5F4F9A54D7}C:\users\xyreal\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\xyreal\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{74F76177-3E7D-466F-9A28-7810045B18BE}E:\program files (x86)\heroesgo\heroesgo_am.exe" = protocol=6 | dir=in | app=e:\program files (x86)\heroesgo\heroesgo_am.exe | 
"TCP Query User{772B8E0C-15E6-400D-850E-7289CE5531A0}E:\nexon\maplestory\ereve.exe" = protocol=6 | dir=in | app=e:\nexon\maplestory\ereve.exe | 
"TCP Query User{7801BFDF-7CD3-4FCC-963C-20DACE938DBD}E:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{7B3E8C50-D7F7-4CED-BB8A-46D3848E8E67}E:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=e:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"TCP Query User{7D589A18-4204-4EC6-950F-7D98F15746D2}E:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{8E63B19E-725D-4BF0-BE87-57170CF77BFC}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"TCP Query User{9F00846E-7AC5-4C1D-B5A0-78F1F7AD5EC2}E:\program files (x86)\war thunder\aces.exe" = protocol=6 | dir=in | app=e:\program files (x86)\war thunder\aces.exe | 
"TCP Query User{9F0D28F9-EEE7-4F08-8088-3E6984ED5597}E:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe" = protocol=6 | dir=in | app=e:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe | 
"TCP Query User{AF9E30F5-B681-4C11-A972-CC3D36C2543C}E:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks_ct\wotlauncher.exe | 
"TCP Query User{B5124941-C483-4C11-896D-FBB4CC2C15D9}E:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks_ct\wotlauncher.exe | 
"TCP Query User{BB09CDF5-2257-41E6-8859-9C6C888B3ACC}C:\program files (x86)\ncwest\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\nclauncher.exe | 
"TCP Query User{BE7EBD90-8076-484E-B35F-4866A8566D70}E:\program files (x86)\steamlibrary\steamapps\common\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\hirezgames\tribes\binaries\win32\tribesascend.exe | 
"TCP Query User{C1BB15EF-269F-4CBB-81C5-FCC86B315175}E:\games\world_of_tanks_ct\worldoftanks.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks_ct\worldoftanks.exe | 
"TCP Query User{C464C85B-CB95-4818-9717-8BF45807782D}E:\games\world_of_tanks_ct\worldoftanks.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks_ct\worldoftanks.exe | 
"TCP Query User{D090EC0C-F40A-4EE6-8402-978E6F501795}E:\program files (x86)\steamlibrary\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\planetside 2\planetside2.exe | 
"TCP Query User{D186C38F-9E62-47E8-9784-5EEB96C15991}E:\program files (x86)\neoact\chaos online\chaosonline.exe" = protocol=6 | dir=in | app=e:\program files (x86)\neoact\chaos online\chaosonline.exe | 
"TCP Query User{D6CEFA19-56C9-460A-9974-0F1C0D8ED073}E:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{D84EF1B2-9B6F-41E5-A9D2-28D68A60044B}E:\users\public\sony online entertainment\installed games\dragons prophet\dp_x64.exe" = protocol=6 | dir=in | app=e:\users\public\sony online entertainment\installed games\dragons prophet\dp_x64.exe | 
"TCP Query User{D9C6009D-99A3-4AF1-A619-89A88A9AC8F8}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe | 
"TCP Query User{EDA17CDB-06CE-447B-95EA-8633951FF014}E:\program files (x86)\neoact\chaos online\patcher.exe" = protocol=6 | dir=in | app=e:\program files (x86)\neoact\chaos online\patcher.exe | 
"TCP Query User{F21FBBFF-B712-40EC-9D15-2DE95FDFA34E}E:\program files (x86)\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe" = protocol=6 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe | 
"UDP Query User{1EAA66EE-91F1-4150-B9F0-731040C76B1D}E:\program files (x86)\heroesgo\heroesgo_am.exe" = protocol=17 | dir=in | app=e:\program files (x86)\heroesgo\heroesgo_am.exe | 
"UDP Query User{2D225554-5A88-49E7-B671-5129C0999767}E:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe" = protocol=17 | dir=in | app=e:\program files\腾讯游戏\剑灵_腾讯\tcls\launcher.exe | 
"UDP Query User{2DA884C9-2324-4E61-9E4F-06B67F34BAB1}E:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=e:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"UDP Query User{39B6C705-8EA9-4E85-9486-7E2F2C2F8BF5}E:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks_ct\wotlauncher.exe | 
"UDP Query User{403AE6D3-D459-43FF-BCD8-8A320038D2D1}E:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{42E1C5C8-A681-4D00-AB7F-A67598EE7F40}E:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{4507DFF9-5A72-45AF-9D0C-9C9FF3568216}E:\program files (x86)\steamlibrary\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\planetside 2\planetside2.exe | 
"UDP Query User{4E8C8590-CDFB-40DF-AC2A-A9EC3E4BD13F}E:\program files (x86)\war thunder\aces.exe" = protocol=17 | dir=in | app=e:\program files (x86)\war thunder\aces.exe | 
"UDP Query User{50045CB6-1956-4401-8A1D-4E5E238B6C14}E:\program files (x86)\raidcall\raidcall.exe" = protocol=17 | dir=in | app=e:\program files (x86)\raidcall\raidcall.exe | 
"UDP Query User{5E7FA501-F537-4F77-BBFB-4D14F1603D9F}E:\program files (x86)\steamlibrary\steamapps\common\natural selection 2\ns2.exe" = protocol=17 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\natural selection 2\ns2.exe | 
"UDP Query User{5FBF0C59-3956-44C5-9C04-BBF348F7DDFB}E:\games\world_of_tanks_ct\worldoftanks.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks_ct\worldoftanks.exe | 
"UDP Query User{6073D376-F5B2-472E-92A0-D60C191F5145}E:\users\public\sony online entertainment\installed games\dragons prophet\dp_x64.exe" = protocol=17 | dir=in | app=e:\users\public\sony online entertainment\installed games\dragons prophet\dp_x64.exe | 
"UDP Query User{6F92D4CF-B881-4516-ACE1-19BA9B28B71A}C:\users\xyreal\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\xyreal\downloads\neverwinter_nw.1.20130416a.6.exe | 
"UDP Query User{705A6406-89FC-4984-9A16-2EABC1A6D780}E:\nexon\maplestory\maplestory.exe" = protocol=17 | dir=in | app=e:\nexon\maplestory\maplestory.exe | 
"UDP Query User{7C47F607-7276-4B1D-A7BE-5A7F921E3C30}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"UDP Query User{936042B6-4145-4B48-8D50-BC594E159DFB}E:\program files (x86)\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe" = protocol=17 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe | 
"UDP Query User{9C898BD0-C566-4F50-B592-DF3EE5581B5D}E:\program files (x86)\snail games usa\blackgold\bin\fxgame.exe" = protocol=17 | dir=in | app=e:\program files (x86)\snail games usa\blackgold\bin\fxgame.exe | 
"UDP Query User{A4D2FA98-F4E9-43B5-99E2-2E91F7E258E8}E:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks_ct\wotlauncher.exe | 
"UDP Query User{A7FC79B1-6669-4B26-917F-02BB2545D1E9}E:\nexon\maplestory\ereve.exe" = protocol=17 | dir=in | app=e:\nexon\maplestory\ereve.exe | 
"UDP Query User{ACBD053E-742B-4980-8DCB-C6B5AE2D56DB}C:\program files (x86)\ncwest\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\nclauncher.exe | 
"UDP Query User{B049C96B-B5F6-4488-ADD7-8BE3645A55B2}E:\nexon\maplestory\ereve.exe" = protocol=17 | dir=in | app=e:\nexon\maplestory\ereve.exe | 
"UDP Query User{B345684C-FFB2-42F1-8A72-174194F736E3}E:\nexon\maplestory\maplestory.exe" = protocol=17 | dir=in | app=e:\nexon\maplestory\maplestory.exe | 
"UDP Query User{B4AD0B4D-7496-4B29-83C5-A7B1ED17B636}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe | 
"UDP Query User{BBA1E8EE-65D6-4986-BE73-245E32D6AE06}E:\program files (x86)\heroesgo\launcher\launcher.exe" = protocol=17 | dir=in | app=e:\program files (x86)\heroesgo\launcher\launcher.exe | 
"UDP Query User{BFA45076-C2A5-41EC-A956-B7106A860AD1}E:\program files (x86)\steamlibrary\steamapps\common\company of heroes 2 - test build\reliccoh2.exe" = protocol=17 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\company of heroes 2 - test build\reliccoh2.exe | 
"UDP Query User{C4EAFBC1-DE65-441A-95A0-375CF1E68D71}E:\games\world_of_tanks_ct\worldoftanks.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks_ct\worldoftanks.exe | 
"UDP Query User{C67EA98D-2F63-465F-9B0B-2046AE6B12F1}E:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{CDD6DA7A-0BB1-4635-A4E8-F2FD1C368915}C:\users\xyreal\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\xyreal\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{D9CA8813-5D15-4544-8BFE-2C518E1B0B4A}C:\users\xyreal\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\xyreal\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{E146F065-5740-4B95-BA2C-F2B67F779F6D}E:\program files (x86)\neoact\chaos online\chaosonline.exe" = protocol=17 | dir=in | app=e:\program files (x86)\neoact\chaos online\chaosonline.exe | 
"UDP Query User{E1B2D8EA-10DB-4E40-920E-1444211F7319}E:\program files (x86)\neoact\chaos online\patcher.exe" = protocol=17 | dir=in | app=e:\program files (x86)\neoact\chaos online\patcher.exe | 
"UDP Query User{E9355B4F-2B22-4EEE-9848-618FEB9B2D4D}E:\program files\腾讯游戏\剑灵_腾讯\bin\client.exe" = protocol=17 | dir=in | app=e:\program files\腾讯游戏\剑灵_腾讯\bin\client.exe | 
"UDP Query User{FA95B1B2-16E9-4417-A2AE-B178A64C8A81}E:\program files (x86)\steamlibrary\steamapps\common\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=e:\program files (x86)\steamlibrary\steamapps\common\hirezgames\tribes\binaries\win32\tribesascend.exe | 
"UDP Query User{FD5F9B2A-866C-4560-8D75-54351A9164EF}E:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks\worldoftanks.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC4
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{1D74EFC0-14AD-4E6C-9E04-B76B055D2373}" = AirServer (64-bit)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4AE29B5C-87B1-3C4E-8E15-17B83BA745CB}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.23
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}" = HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{FA00A3CC-7440-4938-A271-F186F50DD40D}" = Intel® Trusted Connect Service Client
"{FD42EE05-18F9-459F-935D-770E75B3BEE5}" = Intel® Network Connections 19.1.51.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"LameACM" = Lame ACM MP3 Codec
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"PROSetDX" = Intel® Network Connections 19.1.51.0
"Shop for HP Supplies" = Shop for HP Supplies
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DDDFDF2-4A92-4E77-959F-59D196B99C0C}" = C410
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1" = World of Tanks - Common Test
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung Magician
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x86
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A6FE5F-E688-4B09-B67B-046BCD22253D}" = ohm_lib
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1" = Dell Display Manager
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{ADD3574D-04EB-4700-89D4-6DB7F30DAAB1}_is1" = Solo's ModPack for World of Tanks
"{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1" = ControlCenter
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1" = CLICKBIOSII
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F217D8AF-965B-4D3E-8F14-AC47B9CA535B}" = PS_AIO_07_C410_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1" = VideoGenie
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"AudioGenie_is1" = AudioGenie
"Avast" = avast! Free Antivirus
"Battle.net" = Battle.net
"Battlelog Web Plugins" = Battlelog Web Plugins
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"LameACM" = Lame ACM MP3 Codec
"League of Legends 3.0.0" = League of Legends
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"MapleStory" = MapleStory
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Open Broadcaster Software" = Open Broadcaster Software
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"RaidCall" = RaidCall
"Rainmeter" = Rainmeter
"Steam App 202352" = Steam Trading Card Beta Access
"Steam App 218230" = PlanetSide 2
"Steam App 237310" = Elsword
"Steam App 730" = Counter-Strike: Global Offensive
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Akamai" = Akamai NetSession Interface
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/5/2014 4:08:25 AM | Computer Name = Xyreal-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rainmeter.exe, version: 3.1.0.2282, time
 stamp: 0x530a3a5d  Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229,
 time stamp: 0x51fb1116  Exception code: 0xe0434352  Fault offset: 0x0000c41f  Faulting
 process id: 0x1080  Faulting application start time: 0x01cf3849fd97120f  Faulting application
 path: C:\Program Files\Rainmeter\Rainmeter.exe  Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
 Id: 52ebc6b5-a43d-11e3-8af1-d43d7e488b54
 
Error - 3/5/2014 4:08:36 AM | Computer Name = Xyreal-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 3/5/2014 4:08:36 AM | Computer Name = Xyreal-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rainmeter.exe, version: 3.1.0.2282, time
 stamp: 0x530a3a5d  Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229,
 time stamp: 0x51fb1116  Exception code: 0xe0434352  Fault offset: 0x0000c41f  Faulting
 process id: 0x1750  Faulting application start time: 0x01cf384a1ae5f0eb  Faulting application
 path: C:\Program Files\Rainmeter\Rainmeter.exe  Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
 Id: 59d0dc7d-a43d-11e3-8af1-d43d7e488b54
 
Error - 3/5/2014 4:08:47 AM | Computer Name = Xyreal-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 3/5/2014 4:08:47 AM | Computer Name = Xyreal-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rainmeter.exe, version: 3.1.0.2282, time
 stamp: 0x530a3a5d  Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229,
 time stamp: 0x51fb1116  Exception code: 0xe0434352  Fault offset: 0x0000c41f  Faulting
 process id: 0xb6c  Faulting application start time: 0x01cf384a21285bb1  Faulting application
 path: C:\Program Files\Rainmeter\Rainmeter.exe  Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
 Id: 60193aca-a43d-11e3-8af1-d43d7e488b54
 
Error - 3/5/2014 4:10:59 AM | Computer Name = Xyreal-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 3/5/2014 4:11:01 AM | Computer Name = Xyreal-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rainmeter.exe, version: 3.1.0.2282, time
 stamp: 0x530a3a5d  Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229,
 time stamp: 0x51fb1116  Exception code: 0xe0434352  Fault offset: 0x0000c41f  Faulting
 process id: 0x15c0  Faulting application start time: 0x01cf384a316983ef  Faulting application
 path: C:\Program Files\Rainmeter\Rainmeter.exe  Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
 Id: afe5cbf9-a43d-11e3-8af1-d43d7e488b54
 
Error - 3/5/2014 4:11:16 AM | Computer Name = Xyreal-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 3/5/2014 4:11:16 AM | Computer Name = Xyreal-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rainmeter.exe, version: 3.1.0.2282, time
 stamp: 0x530a3a5d  Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229,
 time stamp: 0x51fb1116  Exception code: 0xe0434352  Fault offset: 0x0000c41f  Faulting
 process id: 0x168c  Faulting application start time: 0x01cf384a79e5dfe5  Faulting application
 path: C:\Program Files\Rainmeter\Rainmeter.exe  Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
 Id: b8d81e93-a43d-11e3-8af1-d43d7e488b54
 
Error - 3/20/2014 1:18:11 AM | Computer Name = Xyreal-PC | Source = System Restore | ID = 8210
Description = 
 
[ System Events ]
Error - 6/17/2014 5:55:16 AM | Computer Name = Xyreal-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 6/17/2014 6:15:51 AM | Computer Name = Xyreal-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 6/17/2014 6:14:03 PM | Computer Name = Xyreal-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 6/17/2014 6:15:07 PM | Computer Name = Xyreal-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 6/18/2014 1:41:22 AM | Computer Name = Xyreal-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 6/18/2014 1:42:25 AM | Computer Name = Xyreal-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 6/18/2014 6:59:12 PM | Computer Name = Xyreal-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 6/18/2014 7:00:21 PM | Computer Name = Xyreal-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 6/19/2014 2:09:26 AM | Computer Name = Xyreal-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
 to the following error:   %%3
 
Error - 6/19/2014 2:10:34 AM | Computer Name = Xyreal-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
 


#8 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,555 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:16 AM

Posted 19 June 2014 - 09:02 AM

Hi Xyreal, :)
  • Step #8 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #9 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting --
      • Uncheck the box beside Remove Found Threats;
      • Check the box beside Scan archives
    • Click on Advanced Setting and check the following boxes--
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • Malwarebytes' Anti-Malware Log
    • ESET Scan Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#9 Xyreal

Xyreal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 20 June 2014 - 11:59 PM

here's the malwarebytes log Valinorum. can i post the ESET Scan Log tomorrow? because im doing a c++ project atm for my class and wanted to finish it before i scan since you said it can take several hours

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/20/2014
Scan Time: 9:49:14 PM
Logfile: malwarebyte.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.21.02
Rootkit Database: v2014.06.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Xyreal
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 285027
Time Elapsed: 4 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,555 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:16 AM

Posted 21 June 2014 - 12:02 AM

How long the project may take? Submit the log after finishing your project. How is your system running?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#11 Xyreal

Xyreal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 21 June 2014 - 12:09 AM

im doing right now actuaally haha.

 

i have a question. which option should i pick from these 2?

 

uPQcsUw.jpg



#12 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,555 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:16 AM

Posted 21 June 2014 - 12:25 AM

Put a check mark on --
  • Enable detection of Potentially unwanted application
  • Scan archives
  • Scan Potentially unsafe application
  • Enable anti-stealth technology
Remove check mark from --
  • Remove found threats

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#13 Xyreal

Xyreal
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 21 June 2014 - 01:26 AM

here's the ESET results

 

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=7bc5855a545871439def21be8aa3790e
# engine=18810
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-21 06:25:24
# local_time=2014-06-20 11:25:24 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 0 16620135 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 154875374 0 0
# scanned=242047
# found=5
# cleaned=0
# scan_time=3891
sh=1E3FF58866D59D4658FE8ED7DCA3E9B73F86BD83 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z"
sh=D6356361CB5D33E62695230274A8C219D18884A5 ft=1 fh=758f4dd0748812c4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll"
sh=1E3FF58866D59D4658FE8ED7DCA3E9B73F86BD83 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.7z"
sh=D6356361CB5D33E62695230274A8C219D18884A5 ft=1 fh=758f4dd0748812c4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll"
sh=CA5052C14485A9641412448301045C3F7A26F529 ft=1 fh=5fd31199ba480630 vn="a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="E:\Elsword\VOID Elsword\data\oggs.dll"


#14 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,555 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:16 AM

Posted 21 June 2014 - 01:35 AM

How is your system running?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#15 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,555 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:16 AM

Posted 21 June 2014 - 01:37 AM

How is your system running?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users